fix: cross-platform polkadot verification issues

Author: SychO9

.github/workflows/backend.yml

@@ -4,11 +4,12 @@ on: [workflow_dispatch, push, pull_request]
 
 jobs:
   run:
-    uses: flarum/framework/.github/workflows/REUSABLE_backend.yml@main
+    uses: ./.github/workflows/reusable.yml
     with:
       enable_backend_testing: true
 
       backend_directory: .
       php_versions: '["8.0", "8.1"]'
       php_extensions: curl, dom, gd, json, mbstring, openssl, pdo_mysql, tokenizer, zip, gmp, FFI
       php_ini_values: error_reporting=E_ALL, ffi.enable=true
+      operating_systems: '["ubuntu-latest", "debian-latest"]'

.github/workflows/build-bindings.yml

@@ -0,0 +1,49 @@
+name: Build Bindings
+
+on: [workflow_dispatch, push, pull_request]
+
+jobs:
+  files-changed:
+    runs-on: ubuntu-latest
+    outputs:
+      changed: ${{ steps.files.outputs.changed }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: dorny/paths-filter@v2
+        id: files
+        with:
+          filters: |
+            changed:
+              - 'rs/**'
+              - '.github/workflows/build-bindings.yml'
+
+  build:
+    # run only if some file in 'src' folder was changed
+    if: needs.files-changed.outputs.changed == 'true'
+    strategy:
+      matrix:
+        include:
+          - name: "Linux"
+            os: ubuntu-latest
+
+    name: ${{ matrix.name }}
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: stable
+        override: true
+    - uses: actions-rs/cargo@v1
+      with:
+        use-cross: true
+        command: build
+        args: --release --manifest-path rs/Cargo.toml
+    - run: |
+        git config --global user.name "github-actions[bot]"
+        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+        git status
+        git pull
+        git add rs/target/*/release/libschnorrkelcbindings.* -f
+        git commit -m "Build bindings for ${{ matrix.name }} for commit ${{ github.sha }}"
+        git push

.github/workflows/reusable.yml

@@ -0,0 +1,186 @@
+name: Flarum Backend Jobs
+
+on:
+  workflow_call:
+    inputs:
+      enable_backend_testing:
+        description: "Enable Backend Testing?"
+        type: boolean
+        default: true
+        required: false
+
+      enable_phpstan:
+        description: "Enable PHPStan Static Analysis?"
+        type: boolean
+        default: false
+        required: false
+
+      backend_directory:
+        description: The directory of the project where backend code is located. This should contain a `composer.json` file, and is generally the root directory of the repo.
+        type: string
+        required: false
+        default: '.'
+
+      php_versions:
+        description: Versions of PHP to test with. Should be array of strings encoded as JSON array
+        type: string
+        required: false
+        default: '["7.3", "7.4", "8.0", "8.1"]'
+
+      php_extensions:
+        description: PHP extensions to install.
+        type: string
+        required: false
+        default: 'curl, dom, gd, json, mbstring, openssl, pdo_mysql, tokenizer, zip'
+
+      db_versions:
+        description: Versions of databases to test with. Should be array of strings encoded as JSON array
+        type: string
+        required: false
+        default: '["mysql:5.7", "mysql:8.0.30", "mariadb"]'
+
+      php_ini_values:
+        description: PHP ini values
+        type: string
+        required: false
+        default: error_reporting=E_ALL
+
+      operating_systems:
+        description: Operating systems to test on. Should be array of strings encoded as JSON array
+        type: string
+        required: false
+        default: '["ubuntu-latest"]'
+
+env:
+  COMPOSER_ROOT_VERSION: dev-main
+  FLARUM_TEST_TMP_DIR_LOCAL: tests/integration/tmp
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        php: ${{ fromJSON(inputs.php_versions) }}
+        service: ${{ fromJSON(inputs.db_versions) }}
+        os: ${{ fromJSON(inputs.operating_systems) }}
+        prefix: ['']
+
+        # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrixinclude
+        include:
+          # Expands the matrix by naming DBs.
+          - service: 'mysql:5.7'
+            db: MySQL 5.7
+          - service: 'mysql:8.0.30'
+            db: MySQL 8.0
+          - service: mariadb
+            db: MariaDB
+
+          # Include Database prefix tests with only one PHP version.
+          - php: ${{ fromJSON(inputs.php_versions)[0] }}
+            service: 'mysql:5.7'
+            db: MySQL 5.7
+            os: ${{ fromJSON(inputs.operating_systems)[0] }}
+            prefix: flarum_
+            prefixStr: (prefix)
+          - php: ${{ fromJSON(inputs.php_versions)[0] }}
+            service: 'mysql:8.0.30'
+            db: MySQL 8.0
+            os: ${{ fromJSON(inputs.operating_systems)[0] }}
+            prefix: flarum_
+            prefixStr: (prefix)
+          - php: ${{ fromJSON(inputs.php_versions)[0] }}
+            service: mariadb
+            db: MariaDB
+            os: ${{ fromJSON(inputs.operating_systems)[0] }}
+            prefix: flarum_
+            prefixStr: (prefix)
+
+        # To reduce number of actions, we exclude some PHP versions from running with some DB versions.
+        exclude:
+          - php: ${{ fromJSON(inputs.php_versions)[1] }}
+            service: 'mysql:8.0.30'
+          - php: ${{ fromJSON(inputs.php_versions)[2] }}
+            service: 'mysql:8.0.30'
+
+    services:
+      mysql:
+        image: ${{ matrix.service }}
+        ports:
+          - 13306:3306
+
+    name: 'PHP ${{ matrix.php }} / ${{ matrix.db }} ${{ matrix.prefixStr }} / ${{ matrix.os }}'
+    runs-on: ${{ matrix.os }}
+
+    if: >-
+      inputs.enable_backend_testing &&
+      ((github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || github.event_name != 'pull_request')
+
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          coverage: xdebug
+          extensions: ${{ inputs.php_extensions }}
+          tools: phpunit, composer:v2
+          ini-values: ${{ inputs.php_ini_values }}
+
+      # The authentication alter is necessary because newer mysql versions use the `caching_sha2_password` driver,
+      # which isn't supported prior to PHP7.4
+      # When we drop support for PHP7.3, we should remove this from the setup.
+      - name: Create MySQL Database
+        run: |
+          sudo systemctl start mysql
+          mysql -uroot -proot -e 'CREATE DATABASE flarum_test;' --port 13306
+          mysql -uroot -proot -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root';" --port 13306
+
+      - name: Install Composer dependencies
+        run: composer install
+        working-directory: ${{ inputs.backend_directory }}
+
+      - name: Setup Composer tests
+        run: composer test:setup
+        working-directory: ${{ inputs.backend_directory }}
+        env:
+          DB_PORT: 13306
+          DB_PASSWORD: root
+          DB_PREFIX: ${{ matrix.prefix }}
+
+      - name: Run Composer tests
+        run: composer test
+        working-directory: ${{ inputs.backend_directory }}
+        env:
+          COMPOSER_PROCESS_TIMEOUT: 600
+
+  phpstan:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        php: ${{ fromJSON(inputs.php_versions) }}
+
+    name: 'PHPStan PHP ${{ matrix.php }}'
+
+    if: >-
+      inputs.enable_phpstan &&
+      ((github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) || github.event_name != 'pull_request')
+
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          coverage: xdebug
+          extensions: ${{ inputs.php_extensions }}
+          tools: phpunit, composer:v2
+          ini-values: ${{ inputs.php_ini_values }}
+
+      - name: Install Composer dependencies
+        run: composer install
+        working-directory: ${{ inputs.backend_directory }}
+
+      - name: Run PHPStan
+        run: composer analyse:phpstan

rs/.gitignore

@@ -3,3 +3,5 @@ target/*
 target/release/*
 !target/release/libschnorrkelcbindings.h
 !target/release/libschnorrkelcbindings.so
+!target/release/libschnorrkelcbindings.d
+!target/release/libschnorrkelcbindings.a

rs/target/release/libschnorrkelcbindings.so

@@ -0,0 +1 @@
+/target/x86_64-unknown-linux-gnu/release/libschnorrkelcbindings.so: /home/runner/work/flarum-ext-web3/flarum-ext-web3/rs/build.rs /home/runner/work/flarum-ext-web3/flarum-ext-web3/rs/src/lib.rs /home/runner/work/flarum-ext-web3/flarum-ext-web3/rs/src/sr25519.rs

rs/target/x86_64-unknown-linux-gnu/release/libschnorrkelcbindings.a

@@ -11,14 +11,34 @@ class SchnorrSignaturesBindings
 
     protected FFI $ffi;
 
+    /**
+     * @throws \Exception
+     */
     public function __construct()
     {
         $this->ffi = FFI::cdef(
             file_get_contents(self::RUST_DIST_DIR . "/libschnorrkelcbindings.h"),
-            self::RUST_DIST_DIR . '/libschnorrkelcbindings.so'
+            $this->getBinaryPath()
         );
     }
 
+    /**
+     * @throws \Exception
+     */
+    private function getBinaryPath(): string
+    {
+        $targetDir = __DIR__ . '/../../rs/target';
+
+        match (PHP_OS_FAMILY) {
+            'Linux' => $binary = "$targetDir/x86_64-unknown-linux-gnu/release/libschnorrkelcbindings.so",
+            // 'Darwin' => $binary = 'libschnorrkelcbindings.dylib',
+            // 'Windows' => $binary = 'libschnorrkelcbindings.dll',
+            default => throw new \Exception('Unsupported OS'),
+        };
+
+        return $binary;
+    }
+
     /**
      * Verifies sr25519 signed signature with a message.
      *

rs/target/x86_64-unknown-linux-gnu/release/libschnorrkelcbindings.d

@@ -22,6 +22,16 @@ public function verify(string $signature, string $message, string $publicKey): b
             return false;
         }
 
-        return (new SchnorrSignaturesBindings())->verifySignature($signature, "<Bytes>$message</Bytes>", $publicKey);
+        try {
+            $bindings = new SchnorrSignaturesBindings();
+        } catch (\Throwable $e) {
+            $this->logger->error('Could not load FFI bindings for Polkadot signature verification.', [
+                'exception' => $e,
+            ]);
+
+            return false;
+        }
+
+        return $bindings->verifySignature($signature, "<Bytes>$message</Bytes>", $publicKey);
     }
 }