Merge split URL configuration properties to a single URL field (#155)

Author: Natchica

CHANGELOG.md

@@ -4,13 +4,11 @@ All notable changes to this project will be documented in this file.
 
 ## [[NEXT]](https://github.com/iExecBlockchainComputing/iexec-result-proxy/releases/tag/vNEXT) 2025
 
-### Quality
-
-- Harmonize YML internal variables to proper case. (#154)
-
 ### Breaking API changes
 
 - Remove legacy authorization mechanism, allows to remove challenge services as well. (#150)
+- Harmonize YML internal variables to proper case. (#154)
+- Merge split URL configuration properties (protocol, host, port) to a single URL field to offer URL validation at startup. (#155)
 
 ### Dependency Upgrades
 

README.md

@@ -29,8 +29,7 @@ You can configure the iExec Result Proxy with the following properties:
 | `IEXEC_BLOCK_TIME` | Duration between consecutive blocks on the blockchain network. | String | `PT5S` |
 | `IEXEC_GAS_PRICE_MULTIPLIER` | Transactions will be sent with `networkGasPrice * IEXEC_GAS_PRICE_MULTIPLIER`. | Float | `1.0` |
 | `IEXEC_GAS_PRICE_CAP` | In Wei, will be used for transactions if `networkGasPrice * IEXEC_GAS_PRICE_MULTIPLIER > gasPriceCap`. | Integer | `22000000000` |
-| `IEXEC_IPFS_HOST` | Host to connect to the IPFS node. | String | `127.0.0.1` |
-| `IEXEC_IPFS_PORT` | Server port of the IPFS node. | Positive integer | `5001` |
+| `IEXEC_IPFS_URL` | URL to connect to the IPFS node. | String | `http://127.0.0.1:5001` |
 
 ### Spring web application properties
 

src/main/java/com/iexec/resultproxy/authorization/AuthorizationService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2024 IEXEC BLOCKCHAIN TECH
+ * Copyright 2024-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,7 @@ public AuthorizationService(AuthorizationRepository authorizationRepository, Iex
      * @param workerpoolAuthorization The authorization to check
      * @return the reason if unauthorized, an empty {@code Optional} otherwise
      */
-    public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(WorkerpoolAuthorization workerpoolAuthorization) {
+    public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(final WorkerpoolAuthorization workerpoolAuthorization) {
         if (workerpoolAuthorization == null || StringUtils.isEmpty(workerpoolAuthorization.getChainTaskId())) {
             log.error("Not authorized with empty params");
             return Optional.of(EMPTY_PARAMS_UNAUTHORIZED);
@@ -112,19 +112,19 @@ public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(Wor
         return Optional.empty();
     }
 
-    public boolean isSignedByHimself(String message, String signature, String address) {
+    public boolean isSignedByHimself(final String message, final String signature, final String address) {
         return SignatureUtils.isSignatureValid(BytesUtils.stringToBytes(message), new Signature(signature), address);
     }
 
-    public String getChallengeForWorker(WorkerpoolAuthorization workerpoolAuthorization) {
+    public String getChallengeForWorker(final WorkerpoolAuthorization workerpoolAuthorization) {
         return HashUtils.concatenateAndHash(
                 workerpoolAuthorization.getWorkerWallet(),
                 workerpoolAuthorization.getChainTaskId(),
                 workerpoolAuthorization.getEnclaveChallenge());
     }
 
     // region workerpool authorization cache
-    public boolean checkEnclaveSignature(ResultModel model, String walletAddress) {
+    public boolean checkEnclaveSignature(final ResultModel model, final String walletAddress) {
         if (ResultModel.EMPTY_WEB3_SIG.equals(model.getEnclaveSignature())) {
             log.warn("Empty enclave signature {}", walletAddress);
             return false;
@@ -154,7 +154,7 @@ public boolean checkEnclaveSignature(ResultModel model, String walletAddress) {
         return isSignedByEnclave;
     }
 
-    public void putIfAbsent(WorkerpoolAuthorization workerpoolAuthorization) {
+    public void putIfAbsent(final WorkerpoolAuthorization workerpoolAuthorization) {
         try {
             authorizationRepository.save(new Authorization(workerpoolAuthorization));
             log.debug("Workerpool authorization entry added [chainTaskId:{}, workerWallet:{}]",

src/main/java/com/iexec/resultproxy/ipfs/IpfsConfig.java

@@ -1,11 +1,33 @@
+/*
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package com.iexec.resultproxy.ipfs;
 
-import lombok.Data;
+import jakarta.validation.constraints.NotEmpty;
+import lombok.Value;
+import org.hibernate.validator.constraints.URL;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.validation.annotation.Validated;
 
-@Data
+@Value
+@Validated
 @ConfigurationProperties(prefix = "ipfs")
 public class IpfsConfig {
-    private final String host;
-    private final String port;
+
+    @URL(message = "IPFS URL must be a valid URL")
+    @NotEmpty(message = "IPFS URL must not be empty")
+    String url;
 }

src/main/java/com/iexec/resultproxy/ipfs/IpfsService.java

@@ -1,6 +1,21 @@
+/*
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package com.iexec.resultproxy.ipfs;
 
-import com.iexec.common.utils.NetworkUtils;
 import io.ipfs.api.IPFS;
 import io.ipfs.api.MerkleNode;
 import io.ipfs.api.NamedStreamable;
@@ -12,6 +27,8 @@
 import org.springframework.stereotype.Service;
 
 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.URL;
 import java.util.Optional;
 
 @Service
@@ -21,17 +38,24 @@ public class IpfsService implements SmartLifecycle {
     private IPFS ipfs;
     private final String multiAddress;
 
-    public IpfsService(IpfsConfig ipfsConfig) {
-        String ipfsHost = ipfsConfig.getHost();
-        String ipfsNodeIp = NetworkUtils.isIPAddress(ipfsHost) ? ipfsHost : NetworkUtils.convertHostToIp(ipfsHost);
-        this.multiAddress = "/ip4/" + ipfsNodeIp + "/tcp/" + ipfsConfig.getPort();
+    public IpfsService(final IpfsConfig ipfsConfig) {
+        try {
+            final URL ipfsUrl = new URL(ipfsConfig.getUrl());
+            final String ipfsHost = ipfsUrl.getHost();
+            final int port = ipfsUrl.getPort() != -1 ? ipfsUrl.getPort() : ipfsUrl.getDefaultPort();
+            final String ipfsNodeIp = InetAddress.getByName(ipfsHost).getHostAddress();
+            this.multiAddress = "/ip4/" + ipfsNodeIp + "/tcp/" + port;
+        } catch (Exception e) {
+            log.error("Failed to convert IPFS URL to MultiAddress: {}", ipfsConfig.getUrl(), e);
+            throw new IllegalArgumentException("Invalid IPFS URL: " + ipfsConfig.getUrl(), e);
+        }
     }
 
-    public Optional<byte[]> get(String ipfsHash) {
+    public Optional<byte[]> get(final String ipfsHash) {
         if (!isIpfsHash(ipfsHash)){
             return Optional.empty();
         }
-        Multihash filePointer = Multihash.fromBase58(ipfsHash);
+        final Multihash filePointer = Multihash.fromBase58(ipfsHash);
         try {
             return Optional.of(ipfs.cat(filePointer));
         } catch (IOException e) {
@@ -40,18 +64,18 @@ public Optional<byte[]> get(String ipfsHash) {
         return Optional.empty();
     }
 
-    public String add(String fileName, byte[] fileContent) {
-        NamedStreamable.ByteArrayWrapper file = new NamedStreamable.ByteArrayWrapper(fileName, fileContent);
+    public String add(final String fileName, final byte[] fileContent) {
+        final NamedStreamable.ByteArrayWrapper file = new NamedStreamable.ByteArrayWrapper(fileName, fileContent);
         try {
-            MerkleNode pushedContent = ipfs.add(file, false).get(0);
+            final MerkleNode pushedContent = ipfs.add(file, false).get(0);
             return pushedContent.hash.toString();
         } catch (IOException e) {
             log.error("Error when trying to push ipfs object [fileName:{}]", fileName);
         }
         return "";
     }
 
-    public static boolean isIpfsHash(String hash) {
+    public static boolean isIpfsHash(final String hash) {
         try {
             return Multihash.fromBase58(hash).toBase58() != null;
         } catch (Exception e) {
@@ -66,7 +90,7 @@ public void start() {
     }
 
     @Recover
-    public void start(RuntimeException exception) {
+    public void start(final RuntimeException exception) {
         log.error("Exception when initializing IPFS connection", exception);
         log.warn("Shutting down service since IPFS is necessary");
         throw exception;

src/main/resources/application.yml

@@ -19,8 +19,7 @@ chain:
   gas-price-cap: ${IEXEC_GAS_PRICE_CAP:22000000000} #in Wei, will be used for txs if networkGasPrice*gasPriceMultiplier > gasPriceCap
 
 ipfs:
-  host: ${IEXEC_IPFS_HOST:127.0.0.1}
-  port: ${IEXEC_IPFS_PORT:5001}
+  url: ${IEXEC_IPFS_URL:http://127.0.0.1:5001}
 
 jwt:
   key-path: /data/jwt-sign.key

src/test/java/com/iexec/resultproxy/authorization/AuthorizationServiceTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2024 IEXEC BLOCKCHAIN TECH
+ * Copyright 2024-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -101,19 +101,20 @@ void shouldBeAuthorizedOnExecutionOfTeeTaskWithDetails() {
         when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
         when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.of(chainDeal));
 
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEmpty();
     }
 
     @Test
     void shouldNotBeAuthorizedOnExecutionOfTeeTaskWithNullAuthorizationWithDetails() {
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(null);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(null);
         assertThat(isAuth).isEqualTo(Optional.of(EMPTY_PARAMS_UNAUTHORIZED));
     }
 
     @Test
     void shouldNotBeAuthorizedOnExecutionOfTeeTaskWithEmptyAuthorizationWithDetails() {
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(WorkerpoolAuthorization.builder().build());
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(WorkerpoolAuthorization.builder()
+                .chainTaskId(null).build());
         assertThat(isAuth).isEqualTo(Optional.of(EMPTY_PARAMS_UNAUTHORIZED));
     }
 
@@ -129,7 +130,7 @@ void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenTaskTypeNotMatchedOnchainWithD
         when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
         when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.of(chainDeal));
 
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(NO_MATCH_ONCHAIN_TYPE));
     }
 
@@ -138,7 +139,7 @@ void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenGetTaskFailedWithDetails() {
         final WorkerpoolAuthorization auth = getWorkerpoolAuthorization(true);
         when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.empty());
 
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(GET_CHAIN_TASK_FAILED));
     }
 
@@ -151,34 +152,34 @@ void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenFinalDeadlineReached() {
                 .build();
         when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
 
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(TASK_FINAL_DEADLINE_REACHED));
     }
 
     @Test
     void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenGetDealFailedWithDetails() {
         final ChainTask chainTask = getChainTask(ACTIVE);
-        final WorkerpoolAuthorization auth = getWorkerpoolAuthorization(true);
-        auth.setSignature(new Signature(POOL_WRONG_SIGNATURE));
+        final Signature wrongSignature = new Signature(POOL_WRONG_SIGNATURE);
+        final WorkerpoolAuthorization auth = getWorkerpoolAuthorizationWithWrongSignature(wrongSignature);
 
         when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
         when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.empty());
 
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(GET_CHAIN_DEAL_FAILED));
     }
 
     @Test
     void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenPoolSignatureIsNotValidWithDetails() {
         final ChainDeal chainDeal = getChainDeal();
         final ChainTask chainTask = getChainTask(ACTIVE);
-        final WorkerpoolAuthorization auth = getWorkerpoolAuthorization(true);
-        auth.setSignature(new Signature(POOL_WRONG_SIGNATURE));
+        final Signature wrongSignature = new Signature(POOL_WRONG_SIGNATURE);
+        final WorkerpoolAuthorization auth = getWorkerpoolAuthorizationWithWrongSignature(wrongSignature);
 
         when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
         when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.of(chainDeal));
 
-        Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
+        final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(INVALID_SIGNATURE));
     }
     // endregion
@@ -276,15 +277,15 @@ void shouldNotAddAuthorizationTwiceInCollection() {
     // endregion
 
     // region utils
-    String getEnclaveSignature(ECKeyPair ecKeyPair) {
+    String getEnclaveSignature(final ECKeyPair ecKeyPair) {
         final String resultHash = HashUtils.concatenateAndHash(CHAIN_TASK_ID, RESULT_DIGEST);
         final String resultSeal = HashUtils.concatenateAndHash(workerCreds.getAddress(), CHAIN_TASK_ID, RESULT_DIGEST);
         final String messageHash = HashUtils.concatenateAndHash(resultHash, resultSeal);
         return SignatureUtils.signMessageHashAndGetSignature(messageHash,
                 Numeric.toHexStringWithPrefix(ecKeyPair.getPrivateKey())).getValue();
     }
 
-    WorkerpoolAuthorization getWorkerpoolAuthorization(boolean isTeeTask) {
+    private WorkerpoolAuthorization getWorkerpoolAuthorization(final boolean isTeeTask) {
         final String enclaveChallenge = isTeeTask ? enclaveCreds.getAddress() : BytesUtils.EMPTY_ADDRESS;
         final String hash = HashUtils.concatenateAndHash(workerCreds.getAddress(), CHAIN_TASK_ID, enclaveChallenge);
         final Signature signature = SignatureUtils.signMessageHashAndGetSignature(hash, POOL_PRIVATE);
@@ -295,5 +296,15 @@ WorkerpoolAuthorization getWorkerpoolAuthorization(boolean isTeeTask) {
                 .signature(signature)
                 .build();
     }
+
+    private WorkerpoolAuthorization getWorkerpoolAuthorizationWithWrongSignature(final Signature signature) {
+        final String enclaveChallenge = enclaveCreds.getAddress();
+        return WorkerpoolAuthorization.builder()
+                .chainTaskId(CHAIN_TASK_ID)
+                .enclaveChallenge(enclaveChallenge)
+                .workerWallet(workerCreds.getAddress())
+                .signature(signature)
+                .build();
+    }
     // endregion
 }