[Prover] Add simple metrics for JWT attributes. (#113)

Author: JoshLind

keyless-common/src/input_processing/jwt.rs

@@ -129,6 +129,10 @@ impl JwtParts {
         String::from(&self.payload)
     }
 
+    pub fn header_undecoded(&self) -> String {
+        String::from(&self.header)
+    }
+
     pub fn header_undecoded_with_dot(&self) -> String {
         String::from(&self.header) + "."
     }
@@ -150,6 +154,10 @@ impl JwtParts {
     pub fn signature(&self) -> Result<RsaSignature> {
         RsaSignature::from_b64(&self.signature)
     }
+
+    pub fn signature_undecoded(&self) -> String {
+        String::from(&self.signature)
+    }
 }
 
 /// Struct representing the unsigned parts of a JWT with padding

prover-service/src/metrics.rs

@@ -2,6 +2,7 @@
 
 use crate::external_resources::prover_config::ProverServiceConfig;
 use crate::request_handler::handler::is_known_path;
+use crate::request_handler::types::VerifiedInput;
 use aptos_logger::{error, info, warn};
 use aptos_metrics_core::{
     exponential_buckets, register_histogram_vec, register_int_counter_vec, Encoder, HistogramVec,
@@ -17,8 +18,6 @@ use std::net::SocketAddr;
 use std::sync::Arc;
 use std::time::{Duration, Instant};
 
-// TODO: sanity check and expand these metrics!
-
 // Constants for the metrics endpoint and response type
 const METRICS_ENDPOINT: &str = "/metrics";
 const PLAIN_CONTENT_TYPE: &str = "text/plain";
@@ -39,6 +38,16 @@ pub const PROVER_RESPONSE_GENERATION_LABEL: &str = "prover_response_generation";
 pub const VALIDATE_PROVE_REQUEST_LABEL: &str = "validate_prove_request";
 pub const WITNESS_GENERATION_LABEL: &str = "witness_generation";
 
+// Useful metric labels for JWT attribute sizes
+const JWT_HEADER_SIZE: &str = "jwt_header_size";
+const JWT_PAYLOAD_SIZE: &str = "jwt_payload_size";
+const JWT_SIGNATURE_SIZE: &str = "jwt_signature_size";
+const JWT_ISS_SIZE: &str = "jwt_iss_size";
+const JWT_NONCE_SIZE: &str = "jwt_nonce_size";
+const JWT_SUB_SIZE: &str = "jwt_sub_size";
+const JWT_EMAIL_SIZE: &str = "jwt_email_size";
+const JWT_AUD_SIZE: &str = "jwt_aud_size";
+
 // Invalid request path label
 const INVALID_PATH: &str = "invalid-path";
 
@@ -61,6 +70,14 @@ static LATENCY_BUCKETS: Lazy<Vec<f64>> = Lazy::new(|| {
     .unwrap()
 });
 
+// Buckets for tracking sizes (1 byte to 256 KB)
+static SIZE_BUCKETS: Lazy<Vec<f64>> = Lazy::new(|| {
+    exponential_buckets(
+        /*start=*/ 1.0, /*factor=*/ 2.0, /*count=*/ 19,
+    )
+    .unwrap()
+});
+
 // Counter for the number of prover metrics in various states
 pub static NUM_TOTAL_METRICS: Lazy<IntCounterVec> = Lazy::new(|| {
     register_int_counter_vec!(
@@ -93,6 +110,17 @@ static REQUEST_HANDLING_SECONDS: Lazy<HistogramVec> = Lazy::new(|| {
     .unwrap()
 });
 
+// Histogram for tracking the attribute sizes of JWT requests
+static REQUEST_JWT_ATTRIBUTE_SIZES: Lazy<HistogramVec> = Lazy::new(|| {
+    register_histogram_vec!(
+        "keyless_prover_service_request_jwt_attribute_sizes",
+        "Sizes of request JWT attributes",
+        &["attribute"],
+        SIZE_BUCKETS.clone()
+    )
+    .unwrap()
+});
+
 /// Handles incoming HTTP requests for the metrics server
 async fn handle_metrics_request(
     request: hyper::Request<Body>,
@@ -227,3 +255,31 @@ pub fn update_request_handling_metrics(
         ])
         .observe(elapsed.as_secs_f64());
 }
+
+/// Updates the JWT attribute size metrics for the given attribute and size
+fn update_jwt_attribute_size_metrics(attribute: &str, size_bytes: usize) {
+    REQUEST_JWT_ATTRIBUTE_SIZES
+        .with_label_values(&[attribute])
+        .observe(size_bytes as f64);
+}
+
+/// Updates the JWT attribute metrics based on the verified input
+pub fn update_jwt_attribute_metrics(verified_input: &VerifiedInput) {
+    // Update the JWT parts metrics
+    let jwt_parts = &verified_input.jwt_parts;
+    update_jwt_attribute_size_metrics(JWT_HEADER_SIZE, jwt_parts.header_undecoded().len());
+    update_jwt_attribute_size_metrics(JWT_PAYLOAD_SIZE, jwt_parts.payload_undecoded().len());
+    update_jwt_attribute_size_metrics(JWT_SIGNATURE_SIZE, jwt_parts.signature_undecoded().len());
+
+    // Update the JWT field metrics
+    let jwt_payload = &verified_input.jwt.payload;
+    update_jwt_attribute_size_metrics(JWT_ISS_SIZE, jwt_payload.iss.len());
+    update_jwt_attribute_size_metrics(JWT_NONCE_SIZE, jwt_payload.nonce.len());
+    if let Some(sub) = &jwt_payload.sub {
+        update_jwt_attribute_size_metrics(JWT_SUB_SIZE, sub.len());
+    }
+    if let Some(email) = &jwt_payload.email {
+        update_jwt_attribute_size_metrics(JWT_EMAIL_SIZE, email.len());
+    }
+    update_jwt_attribute_size_metrics(JWT_AUD_SIZE, jwt_payload.aud.len());
+}

prover-service/src/request_handler/prover_handler.rs

@@ -47,7 +47,12 @@ pub async fn hande_prove_request(
     // Validate the input request
     let verified_input =
         match validate_prove_request_input(&prover_service_state, &prove_request_input).await {
-            Ok(verified_input) => verified_input,
+            Ok(verified_input) => {
+                // Update the JWT attribute metrics
+                metrics::update_jwt_attribute_metrics(&verified_input);
+
+                verified_input
+            }
             Err(error) => {
                 let error_string =
                     format!("Failed to validate prove request input! Error: {}", error);