Skip to main content

fedimintd/
lib.rs

1#![deny(clippy::pedantic)]
2#![allow(clippy::cast_possible_wrap)]
3#![allow(clippy::missing_errors_doc)]
4#![allow(clippy::missing_panics_doc)]
5#![allow(clippy::must_use_candidate)]
6#![allow(clippy::return_self_not_must_use)]
7#![allow(clippy::large_futures)]
8
9mod metrics;
10
11use std::convert::Infallible;
12use std::env;
13use std::fmt::Write as _;
14use std::net::SocketAddr;
15use std::path::PathBuf;
16use std::time::Duration;
17
18use anyhow::Context as _;
19use bitcoin::Network;
20use clap::builder::BoolishValueParser;
21use clap::{ArgGroup, CommandFactory, FromArgMatches, Parser};
22use fedimint_core::db::Database;
23use fedimint_core::envs::{
24    FM_IROH_DNS_ENV, FM_IROH_RELAY_ENV, FM_USE_UNKNOWN_MODULE_ENV, is_env_var_set,
25};
26use fedimint_core::module::registry::ModuleRegistry;
27use fedimint_core::module::{ApiAuth, CORE_CONSENSUS_VERSION};
28use fedimint_core::rustls::install_crypto_provider;
29use fedimint_core::task::TaskGroup;
30use fedimint_core::timing;
31use fedimint_core::util::{FmtCompactAnyhow as _, SafeUrl, handle_version_hash_command};
32use fedimint_ln_server::LightningInit;
33use fedimint_logging::{LOG_CORE, LOG_SERVER, TracingSetup};
34use fedimint_meta_server::MetaInit;
35use fedimint_mint_server::MintInit;
36use fedimint_rocksdb::RocksDb;
37use fedimint_server::config::ConfigGenSettings;
38use fedimint_server::config::io::{DB_FILE, PLAINTEXT_PASSWORD};
39use fedimint_server::core::ServerModuleInitRegistry;
40use fedimint_server::net::api::ApiSecrets;
41use fedimint_server_bitcoin_rpc::BitcoindClientWithFallback;
42use fedimint_server_bitcoin_rpc::bitcoind::BitcoindClient;
43use fedimint_server_bitcoin_rpc::esplora::EsploraClient;
44use fedimint_server_bitcoin_rpc::tracked::ServerBitcoinRpcTracked;
45use fedimint_server_core::ServerModuleInitRegistryExt;
46use fedimint_server_core::bitcoin_rpc::IServerBitcoinRpc;
47use fedimint_unknown_server::UnknownInit;
48use fedimint_wallet_server::WalletInit;
49use fedimintd_envs::{
50    FM_API_URL_ENV, FM_BIND_API_ENV, FM_BIND_METRICS_ENV, FM_BIND_P2P_ENV,
51    FM_BIND_TOKIO_CONSOLE_ENV, FM_BIND_UI_ENV, FM_BITCOIN_NETWORK_ENV, FM_BITCOIND_PASSWORD_ENV,
52    FM_BITCOIND_URL_ENV, FM_BITCOIND_URL_PASSWORD_FILE_ENV, FM_BITCOIND_USERNAME_ENV,
53    FM_DATA_DIR_ENV, FM_DB_CHECKPOINT_RETENTION_ENV, FM_DISABLE_META_MODULE_ENV,
54    FM_ENABLE_IROH_ENV, FM_ESPLORA_URL_ENV, FM_FORCE_API_SECRETS_ENV,
55    FM_IROH_API_MAX_CONNECTIONS_ENV, FM_IROH_API_MAX_REQUESTS_PER_CONNECTION_ENV, FM_P2P_URL_ENV,
56    FM_PASSWORD_API_ENV, FM_PASSWORD_UI_ENV, FM_SESSION_TIMEOUT_SECS_ENV,
57};
58use futures::FutureExt as _;
59#[cfg(all(
60    not(feature = "jemalloc"),
61    not(any(target_env = "msvc", target_os = "ios", target_os = "android"))
62))]
63use tracing::warn;
64use tracing::{debug, error, info};
65
66use crate::metrics::APP_START_TS;
67
68/// Time we will wait before forcefully shutting down tasks
69const SHUTDOWN_TIMEOUT: Duration = Duration::from_secs(10);
70
71#[derive(Parser)]
72#[command(version)]
73#[command(
74    group(
75        ArgGroup::new("bitcoind_password_auth")
76           .args(["bitcoind_password", "bitcoind_url_password_file"])
77           .multiple(false)
78    ),
79    group(
80        ArgGroup::new("bitcoind_auth")
81            .args(["bitcoind_url"])
82            .requires("bitcoind_password_auth")
83            .requires_all(["bitcoind_username", "bitcoind_url"])
84    ),
85    group(
86        ArgGroup::new("bitcoin_rpc")
87            .required(true)
88            .multiple(true)
89            .args(["bitcoind_url", "esplora_url"])
90    )
91)]
92struct ServerOpts {
93    /// Path to folder containing federation config files
94    #[arg(long = "data-dir", env = FM_DATA_DIR_ENV)]
95    data_dir: PathBuf,
96
97    /// Password gating the guardian admin UI on bind-ui. Optional: falls
98    /// back to reading password.private from data-dir, and if neither is
99    /// present the UI is served without a login form. Only safe when
100    /// bind-ui stays on a trusted interface (the default 127.0.0.1).
101    #[arg(long, env = FM_PASSWORD_UI_ENV)]
102    password_ui: Option<String>,
103
104    /// Password gating admin RPCs on the public API (WebSocket on bind-api
105    /// and iroh). Optional and never falls back to disk: when unset, admin
106    /// RPCs return 401 unconditionally, since the public API is always
107    /// network-reachable and must be enabled explicitly.
108    #[arg(long, env = FM_PASSWORD_API_ENV)]
109    password_api: Option<String>,
110
111    /// The bitcoin network of the federation
112    #[arg(long, env = FM_BITCOIN_NETWORK_ENV, default_value = "regtest")]
113    bitcoin_network: Network,
114
115    /// The username to use when connecting to bitcoind
116    #[arg(long, env = FM_BITCOIND_USERNAME_ENV)]
117    bitcoind_username: Option<String>,
118
119    /// The password to use when connecting to bitcoind
120    #[arg(long, env = FM_BITCOIND_PASSWORD_ENV)]
121    bitcoind_password: Option<String>,
122
123    /// Bitcoind RPC URL, e.g. <http://127.0.0.1:8332>
124    /// This should not include authentication parameters, they should be
125    /// included in `FM_BITCOIND_USERNAME` and `FM_BITCOIND_PASSWORD`
126    #[arg(long, env = FM_BITCOIND_URL_ENV)]
127    bitcoind_url: Option<SafeUrl>,
128
129    /// If set, the password part of `--bitcoind-url` will be set/replaced with
130    /// the content of this file.
131    ///
132    /// This is useful for setups that provide secret material via ramdisk
133    /// e.g. SOPS, age, etc.
134    ///
135    /// Note this is not meant to handle bitcoind's cookie file.
136    #[arg(long, env = FM_BITCOIND_URL_PASSWORD_FILE_ENV)]
137    bitcoind_url_password_file: Option<PathBuf>,
138
139    /// Esplora HTTP base URL, e.g. <https://mempool.space/api>
140    #[arg(long, env = FM_ESPLORA_URL_ENV)]
141    esplora_url: Option<SafeUrl>,
142
143    /// Address we bind to for p2p consensus communication
144    ///
145    /// Should be `0.0.0.0:8173` most of the time, as p2p connectivity is public
146    /// and direct, and the port should be open it in the firewall.
147    #[arg(long, env = FM_BIND_P2P_ENV, default_value = "0.0.0.0:8173")]
148    bind_p2p: SocketAddr,
149
150    /// Address we bind to for the API
151    ///
152    /// Should be `0.0.0.0:8174` most of the time, as api connectivity is public
153    /// and direct, and the port should be open it in the firewall.
154    #[arg(long, env = FM_BIND_API_ENV, default_value = "0.0.0.0:8174")]
155    bind_api: SocketAddr,
156
157    /// Address we bind to for exposing the Web UI
158    ///
159    /// Built-in web UI is exposed as an HTTP port, and typically should
160    /// have TLS terminated by Nginx/Traefik/etc. and forwarded to the locally
161    /// bind port.
162    #[arg(long, env = FM_BIND_UI_ENV, default_value = "127.0.0.1:8175")]
163    bind_ui: SocketAddr,
164
165    /// Our external address for communicating with our peers
166    ///
167    /// `fedimint://<fqdn>:8173` for TCP/TLS p2p connectivity (legacy/standard).
168    ///
169    /// Ignored when Iroh stack is used. (newer/experimental)
170    #[arg(long, env = FM_P2P_URL_ENV)]
171    p2p_url: Option<SafeUrl>,
172
173    /// Our API address for clients to connect to us
174    ///
175    /// Typically `wss://<fqdn>/ws/` for TCP/TLS connectivity (legacy/standard)
176    ///
177    /// Ignored when Iroh stack is used. (newer/experimental)
178    #[arg(long, env = FM_API_URL_ENV)]
179    api_url: Option<SafeUrl>,
180
181    #[arg(long, env = FM_ENABLE_IROH_ENV, value_parser = BoolishValueParser::new())]
182    enable_iroh: bool,
183
184    /// Optional URL of the Iroh DNS server
185    #[arg(long, env = FM_IROH_DNS_ENV, requires = "enable_iroh")]
186    iroh_dns: Option<SafeUrl>,
187
188    /// Optional URLs of the Iroh relays to use for registering
189    #[arg(long, env = FM_IROH_RELAY_ENV, requires = "enable_iroh", value_delimiter = ',')]
190    iroh_relays: Vec<SafeUrl>,
191
192    /// Number of checkpoints from the current session to retain on disk
193    #[arg(long, env = FM_DB_CHECKPOINT_RETENTION_ENV, default_value = "1")]
194    db_checkpoint_retention: u64,
195
196    /// Exit the process if a consensus session is not completed within this
197    /// many seconds, relying on the process supervisor to restart fedimintd.
198    /// Restarting guardians has been observed to resolve stuck sessions.
199    #[arg(long, env = FM_SESSION_TIMEOUT_SECS_ENV, default_value = "3600")]
200    session_timeout_secs: u64,
201
202    /// Enable tokio console logging
203    #[arg(long, env = FM_BIND_TOKIO_CONSOLE_ENV)]
204    bind_tokio_console: Option<SocketAddr>,
205
206    /// Enable jaeger for tokio console logging
207    #[arg(long, default_value = "false")]
208    with_jaeger: bool,
209
210    /// Enable prometheus metrics
211    #[arg(long, env = FM_BIND_METRICS_ENV, default_value = "127.0.0.1:8176")]
212    bind_metrics: Option<SocketAddr>,
213
214    /// Comma separated list of API secrets.
215    ///
216    /// Setting it will enforce API authentication and make the Federation
217    /// "private".
218    ///
219    /// The first secret in the list is the "active" one that the peer will use
220    /// itself to connect to other peers. Any further one is accepted by
221    /// this peer, e.g. for the purposes of smooth rotation of secret
222    /// between users.
223    ///
224    /// Note that the value provided here will override any other settings
225    /// that the user might want to set via UI at runtime, etc.
226    /// In the future, managing secrets might be possible via Admin UI
227    /// and defaults will be provided via `FM_DEFAULT_API_SECRETS`.
228    #[arg(long, env = FM_FORCE_API_SECRETS_ENV, default_value = "")]
229    force_api_secrets: ApiSecrets,
230
231    /// Maximum number of concurrent Iroh API connections
232    #[arg(long = "iroh-api-max-connections", env = FM_IROH_API_MAX_CONNECTIONS_ENV, default_value = "1000")]
233    iroh_api_max_connections: usize,
234
235    /// Maximum number of parallel requests per Iroh API connection
236    #[arg(long = "iroh-api-max-requests-per-connection", env = FM_IROH_API_MAX_REQUESTS_PER_CONNECTION_ENV, default_value = "50")]
237    iroh_api_max_requests_per_connection: usize,
238}
239
240impl ServerOpts {
241    pub async fn get_bitcoind_url_and_password(&self) -> anyhow::Result<(SafeUrl, String)> {
242        let url = self
243            .bitcoind_url
244            .clone()
245            .ok_or_else(|| anyhow::anyhow!("No bitcoind url set"))?;
246        if let Some(password_file) = self.bitcoind_url_password_file.as_ref() {
247            let password = tokio::fs::read_to_string(password_file)
248                .await
249                .context("Failed to read the password")?
250                .trim()
251                .to_owned();
252            Ok((url, password))
253        } else {
254            let password = self
255                .bitcoind_password
256                .clone()
257                .expect("FM_BITCOIND_URL is set but FM_BITCOIND_PASSWORD is not");
258            Ok((url, password))
259        }
260    }
261}
262
263/// Block the thread and run a Fedimintd server
264///
265/// # Arguments
266///
267/// * `module_init_registry` - The registry of available modules.
268///
269/// * `code_version_hash` - The git hash of the code that the `fedimintd` binary
270///   is being built from. This is used mostly for information purposes
271///   (`fedimintd version-hash`). See `fedimint-build` crate for easy way to
272///   obtain it.
273///
274/// * `code_version_vendor_suffix` - An optional suffix that will be appended to
275///   the internal fedimint release version, to distinguish binaries built by
276///   different vendors, usually with a different set of modules. The suffix is
277///   informational in setup/DKG: compatibility and consensus config generation
278///   use the normalized `x.y.z` release version.
279#[allow(clippy::too_many_lines)]
280pub async fn run(
281    module_init_registry: ServerModuleInitRegistry,
282    code_version_hash: &str,
283    code_version_vendor_suffix: Option<&str>,
284) -> anyhow::Result<Infallible> {
285    assert_eq!(
286        env!("FEDIMINT_BUILD_CODE_VERSION").len(),
287        code_version_hash.len(),
288        "version_hash must have an expected length"
289    );
290
291    handle_version_hash_command(code_version_hash);
292
293    let fedimint_version = env!("CARGO_PKG_VERSION");
294
295    APP_START_TS
296        .with_label_values(&[fedimint_version, code_version_hash])
297        .set(fedimint_core::time::duration_since_epoch().as_secs() as i64);
298
299    let server_opts = {
300        // Collect env vars from all registered modules and append them to the
301        // long-help text so operators can discover them via `fedimintd --help`.
302        let mut module_env_help = String::from("\nModule environment variables:\n");
303        for (_kind, module_init) in module_init_registry.iter() {
304            for doc in module_init.get_documented_env_vars() {
305                let _ = writeln!(module_env_help, "  {:40}  {}", doc.name, doc.description);
306            }
307        }
308        let matches = ServerOpts::command()
309            .after_long_help(module_env_help)
310            .get_matches();
311        ServerOpts::from_arg_matches(&matches)
312            .expect("clap arg matches must be valid after parsing")
313    };
314
315    let mut tracing_builder = TracingSetup::default();
316
317    tracing_builder
318        .tokio_console_bind(server_opts.bind_tokio_console)
319        .with_jaeger(server_opts.with_jaeger);
320
321    tracing_builder.init().unwrap();
322
323    info!("Starting fedimintd (version: {fedimint_version} version_hash: {code_version_hash})");
324
325    #[cfg(all(
326        not(feature = "jemalloc"),
327        not(any(target_env = "msvc", target_os = "ios", target_os = "android"))
328    ))]
329    warn!(
330        target: LOG_SERVER,
331        "fedimintd was built without the `jemalloc` feature. rocksdb is prone to memory \
332         fragmentation with the default allocator; consider rebuilding with `--features jemalloc`."
333    );
334
335    debug!(
336        target: LOG_SERVER,
337        core_consensus = %CORE_CONSENSUS_VERSION,
338        "Supported core consensus version",
339    );
340    for (kind, module) in module_init_registry.iter() {
341        let supported = module.supported_api_versions();
342        debug!(
343            target: LOG_SERVER,
344            module = %kind,
345            supported = %supported,
346            "Supported module versions",
347        );
348    }
349    let code_version_str = code_version_vendor_suffix.map_or_else(
350        || fedimint_version.to_string(),
351        |suffix| format!("{fedimint_version}+{suffix}"),
352    );
353
354    let timing_total_runtime = timing::TimeReporter::new("total-runtime").info();
355
356    let root_task_group = TaskGroup::new();
357
358    if let Some(bind_metrics) = server_opts.bind_metrics.as_ref() {
359        info!(
360            target: LOG_SERVER,
361            url = %format!("http://{}/metrics", bind_metrics),
362            "Initializing metrics server",
363        );
364        fedimint_metrics::spawn_api_server(*bind_metrics, root_task_group.clone()).await?;
365    }
366
367    let settings = ConfigGenSettings {
368        p2p_bind: server_opts.bind_p2p,
369        api_bind: server_opts.bind_api,
370        ui_bind: server_opts.bind_ui,
371        p2p_url: server_opts.p2p_url.clone(),
372        api_url: server_opts.api_url.clone(),
373        enable_iroh: server_opts.enable_iroh,
374        iroh_dns: server_opts.iroh_dns.clone(),
375        iroh_relays: server_opts.iroh_relays.clone(),
376        network: server_opts.bitcoin_network,
377        available_modules: module_init_registry.kinds(),
378        default_modules: module_init_registry.default_modules(),
379    };
380
381    let db = Database::new(
382        RocksDb::build(server_opts.data_dir.join(DB_FILE))
383            .open()
384            .await
385            .unwrap(),
386        ModuleRegistry::default(),
387    );
388
389    let dyn_server_bitcoin_rpc = match (
390        server_opts.bitcoind_url.as_ref(),
391        server_opts.esplora_url.as_ref(),
392    ) {
393        (Some(_), None) => {
394            let bitcoind_username = server_opts
395                .bitcoind_username
396                .clone()
397                .expect("FM_BITCOIND_URL is set but FM_BITCOIND_USERNAME is not");
398            let (bitcoind_url, bitcoind_password) = server_opts
399                .get_bitcoind_url_and_password()
400                .await
401                .expect("Failed to get bitcoind url");
402            BitcoindClient::new(bitcoind_username, bitcoind_password, &bitcoind_url)
403                .unwrap()
404                .into_dyn()
405        }
406        (None, Some(url)) => EsploraClient::new(url).unwrap().into_dyn(),
407        (Some(_), Some(esplora_url)) => {
408            let bitcoind_username = server_opts
409                .bitcoind_username
410                .clone()
411                .expect("FM_BITCOIND_URL is set but FM_BITCOIND_USERNAME is not");
412            let (bitcoind_url, bitcoind_password) = server_opts
413                .get_bitcoind_url_and_password()
414                .await
415                .expect("Failed to get bitcoind url");
416            BitcoindClientWithFallback::new(
417                bitcoind_username,
418                bitcoind_password,
419                &bitcoind_url,
420                esplora_url,
421            )
422            .unwrap()
423            .into_dyn()
424        }
425        _ => unreachable!("ArgGroup already enforced XOR relation"),
426    };
427    let dyn_server_bitcoin_rpc =
428        ServerBitcoinRpcTracked::new(dyn_server_bitcoin_rpc, "server").into_dyn();
429
430    root_task_group.install_kill_handler();
431
432    install_crypto_provider().await;
433
434    // The UI password falls back to the legacy password.private file on disk
435    // if its env var is not set, since the UI defaults to a loopback bind.
436    // The API password never falls back: the public admin API is always
437    // network-reachable, so it must be enabled explicitly via its env var or
438    // else admin RPCs return 401. Absence of a password for a given plane opts
439    // that plane into passwordless mode (UI) or disabled admin RPCs (API).
440    let password_file = std::fs::read_to_string(server_opts.data_dir.join(PLAINTEXT_PASSWORD))
441        .ok()
442        .map(|s| s.trim().to_owned());
443
444    let auth_ui = server_opts.password_ui.or(password_file).map(ApiAuth::new);
445    let auth_api = server_opts.password_api.map(ApiAuth::new);
446
447    let task_group = root_task_group.clone();
448    let code_version_hash = code_version_hash.to_string();
449    root_task_group.spawn_cancellable("main", async move {
450        fedimint_server::run(
451            server_opts.data_dir,
452            auth_ui,
453            auth_api,
454            server_opts.force_api_secrets,
455            settings,
456            db,
457            code_version_str,
458            code_version_hash,
459            module_init_registry,
460            task_group,
461            dyn_server_bitcoin_rpc,
462            Box::new(fedimint_server_ui::setup::router),
463            Box::new(fedimint_server_ui::dashboard::router),
464            server_opts.db_checkpoint_retention,
465            Duration::from_secs(server_opts.session_timeout_secs),
466            fedimint_server::ConnectionLimits::new(
467                server_opts.iroh_api_max_connections,
468                server_opts.iroh_api_max_requests_per_connection,
469            ),
470        )
471        .await
472        .unwrap_or_else(|err| panic!("Main task returned error: {}", err.fmt_compact_anyhow()));
473    });
474
475    let shutdown_future = root_task_group
476        .make_handle()
477        .make_shutdown_rx()
478        .then(|()| async {
479            info!(target: LOG_CORE, "Shutdown called");
480        });
481
482    shutdown_future.await;
483
484    debug!(target: LOG_CORE, "Terminating main task");
485
486    if let Err(err) = root_task_group.join_all(Some(SHUTDOWN_TIMEOUT)).await {
487        error!(target: LOG_CORE, err = %err.fmt_compact_anyhow(), "Error while shutting down task group");
488    }
489
490    debug!(target: LOG_CORE, "Shutdown complete");
491
492    fedimint_logging::shutdown();
493
494    drop(timing_total_runtime);
495
496    std::process::exit(-1);
497}
498
499pub fn default_modules() -> ServerModuleInitRegistry {
500    let mut server_gens = ServerModuleInitRegistry::new();
501
502    server_gens.attach(MintInit);
503    server_gens.attach(fedimint_mintv2_server::MintInit);
504
505    server_gens.attach(WalletInit);
506    server_gens.attach(fedimint_walletv2_server::WalletInit);
507
508    server_gens.attach(LightningInit);
509    server_gens.attach(fedimint_lnv2_server::LightningInit);
510
511    if !is_env_var_set(FM_DISABLE_META_MODULE_ENV) {
512        server_gens.attach(MetaInit);
513    }
514
515    if is_env_var_set(FM_USE_UNKNOWN_MODULE_ENV) {
516        server_gens.attach(UnknownInit);
517    }
518
519    server_gens
520}
521
522#[cfg(test)]
523mod tests {
524    use super::*;
525
526    fn parse_server_opts_with_enable_iroh_env(value: &str) -> ServerOpts {
527        let previous = std::env::var_os(FM_ENABLE_IROH_ENV);
528        // This test does not spawn threads while mutating the process
529        // environment.
530        unsafe {
531            std::env::set_var(FM_ENABLE_IROH_ENV, value);
532        }
533
534        let opts = ServerOpts::try_parse_from([
535            "fedimintd",
536            "--data-dir",
537            "/tmp/fedimintd-test",
538            "--bitcoind-url",
539            "http://127.0.0.1:18443",
540            "--bitcoind-username",
541            "user",
542            "--bitcoind-password",
543            "pass",
544        ]);
545
546        // This test does not spawn threads while mutating the process
547        // environment.
548        unsafe {
549            if let Some(previous) = previous {
550                std::env::set_var(FM_ENABLE_IROH_ENV, previous);
551            } else {
552                std::env::remove_var(FM_ENABLE_IROH_ENV);
553            }
554        }
555
556        opts.expect("server opts should parse")
557    }
558
559    #[test]
560    fn enable_iroh_env_accepts_numeric_booleans() {
561        assert!(parse_server_opts_with_enable_iroh_env("1").enable_iroh);
562        assert!(!parse_server_opts_with_enable_iroh_env("0").enable_iroh);
563    }
564}