Merge pull request #157 from iExecBlockchainComputing/release/9.0.0

Release 9.0.0

Author: nabil-Tounarti

CHANGELOG.md

@@ -2,6 +2,23 @@
 
 All notable changes to this project will be documented in this file.
 
+## [[9.0.0]](https://github.com/iExecBlockchainComputing/iexec-result-proxy/releases/tag/v9.0.0) 2025-03-28
+
+### Breaking API changes
+
+- Remove legacy authorization mechanism, allows to remove challenge services as well. (#150)
+- Harmonize YML internal variables to proper case. (#154)
+- Merge split URL configuration properties (protocol, host, port) to a single URL field to offer URL validation at startup. (#155)
+
+### Dependency Upgrades
+
+- Upgrade to `eclipse-temurin:17.0.13_11-jre-focal`. (#149)
+- Upgrade to Spring Doc OpenAPI 2.6.0. (#149)
+- Upgrade to Spring Boot 3.3.8. (#151)
+- Upgrade to `java-ipfs-http-client` 1.4.4. (#152)
+- Upgrade to `iexec-common` 9.0.0. (#156)
+- Upgrade to `iexec-commons-poco` 5.0.0. (#156)
+
 ## [[8.6.0]](https://github.com/iExecBlockchainComputing/iexec-result-proxy/releases/tag/v8.6.0) 2024-12-20
 
 ### Quality

Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:11.0.24_8-jre-focal
+FROM eclipse-temurin:17.0.13_11-jre-focal
 
 ARG jar
 

README.md

@@ -24,13 +24,12 @@ You can configure the iExec Result Proxy with the following properties:
 | `MONGO_PORT` | Mongo server port. Cannot be set with URI. | Positive integer | `13202` |
 | `IEXEC_CHAIN_ID` | Chain ID of the blockchain network to connect. | `Integer | `134` |
 | `IEXEC_IS_SIDECHAIN` | Define whether iExec on-chain protocol is built on top of token (`false`) or native currency (`true`). | Boolean | `true` |
-| `IEXEC_PRIVATE_CHAIN_ADDRESS` | Private URL to connect to the blockchain node. | URL | `https://bellecour.iex.ec` |
+| `IEXEC_BLOCKCHAIN_NODE_ADDRESS` | Private URL to connect to the blockchain node. | URL | `https://bellecour.iex.ec` |
 | `IEXEC_HUB_ADDRESS` | Proxy contract address to interact with the iExec on-chain protocol. | Ethereum address | `0x3eca1B216A7DF1C7689aEb259fFB83ADFB894E7f` |
 | `IEXEC_BLOCK_TIME` | Duration between consecutive blocks on the blockchain network. | String | `PT5S` |
 | `IEXEC_GAS_PRICE_MULTIPLIER` | Transactions will be sent with `networkGasPrice * IEXEC_GAS_PRICE_MULTIPLIER`. | Float | `1.0` |
 | `IEXEC_GAS_PRICE_CAP` | In Wei, will be used for transactions if `networkGasPrice * IEXEC_GAS_PRICE_MULTIPLIER > gasPriceCap`. | Integer | `22000000000` |
-| `IEXEC_IPFS_HOST` | Host to connect to the IPFS node. | String | `127.0.0.1` |
-| `IEXEC_IPFS_PORT` | Server port of the IPFS node. | Positive integer | `5001` |
+| `IEXEC_IPFS_URL` | URL to connect to the IPFS node. | String | `http://127.0.0.1:5001` |
 
 ### Spring web application properties
 

build.gradle

@@ -1,7 +1,7 @@
 plugins {
     id 'java'
     id 'io.freefair.lombok' version '8.10.2'
-    id 'org.springframework.boot' version '2.7.18'
+    id 'org.springframework.boot' version '3.3.8'
     id 'io.spring.dependency-management' version '1.1.6'
     id 'jacoco'
     id 'org.sonarqube' version '5.1.0.4882'
@@ -40,8 +40,12 @@ allprojects {
         toolchain {
             languageVersion.set(JavaLanguageVersion.of(17))
         }
-        sourceCompatibility = "11"
-        targetCompatibility = "11"
+        sourceCompatibility = JavaVersion.VERSION_17
+        targetCompatibility = JavaVersion.VERSION_17
+    }
+
+    tasks.withType(JavaCompile).configureEach {
+        options.compilerArgs.add('-parameters')
     }
 }
 
@@ -53,6 +57,7 @@ dependencies {
     // spring
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-data-mongodb'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation "org.springframework.retry:spring-retry"
     // required for spring-retry
@@ -62,10 +67,10 @@ dependencies {
     runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
 
     // Spring Doc
-    implementation 'org.springdoc:springdoc-openapi-ui:1.7.0'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0'
 
     // ipfs
-    implementation 'com.github.ipfs:java-ipfs-http-client:1.4.0'
+    implementation 'com.github.ipfs:java-ipfs-http-client:1.4.4'
 
     // json web token
     implementation "io.jsonwebtoken:jjwt-api:$jjwtVersion"

gradle.properties

@@ -1,6 +1,6 @@
-version=8.6.0
-iexecCommonVersion=8.6.0
-iexecCommonsPocoVersion=4.2.0
+version=9.0.0
+iexecCommonVersion=9.0.0
+iexecCommonsPocoVersion=5.0.0
 
 nexusUser
 nexusPassword

iexec-result-proxy-library/build.gradle

@@ -6,24 +6,26 @@ plugins {
 }
 
 dependencies {
+    implementation platform('org.springframework.boot:spring-boot-dependencies:3.3.8')
     implementation "com.iexec.commons:iexec-commons-poco:$iexecCommonsPocoVersion"
     implementation "com.iexec.common:iexec-common:$iexecCommonVersion"
 }
 
 java {
-    sourceCompatibility = "11"
-    targetCompatibility = "11"
+    sourceCompatibility = JavaVersion.VERSION_17
+    targetCompatibility = JavaVersion.VERSION_17
     withJavadocJar()
     withSourcesJar()
 }
 
+tasks.withType(JavaCompile).configureEach {
+    options.compilerArgs.add('-parameters')
+}
+
 testing {
     suites {
         test {
             useJUnitJupiter()
-            dependencies {
-                implementation 'org.junit.jupiter:junit-jupiter:5.8.2'
-            }
         }
     }
 }

iexec-result-proxy-library/src/main/java/com/iexec/resultproxy/api/ResultProxyClient.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2024 IEXEC BLOCKCHAIN TECH
+ * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@
 
 import com.iexec.common.result.ResultModel;
 import com.iexec.commons.poco.chain.WorkerpoolAuthorization;
-import com.iexec.commons.poco.eip712.entity.EIP712Challenge;
 import feign.Headers;
 import feign.Param;
 import feign.RequestLine;
@@ -32,20 +31,6 @@
  */
 public interface ResultProxyClient {
 
-    /**
-     * @deprecated Will be replaced with new flow and removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @RequestLine("GET /results/challenge?chainId={chainId}")
-    EIP712Challenge getChallenge(@Param("chainId") int chainId);
-
-    /**
-     * @deprecated Will be replaced with new flow and removed in v10
-     */
-    @Deprecated(forRemoval = true)
-    @RequestLine("POST /results/login?chainId={chainId}")
-    String login(@Param("chainId") int chainId, String token);
-
     @RequestLine("POST /v1/results/token")
     @Headers("Authorization: {authorization}")
     String getJwt(@Param("authorization") String authorization, WorkerpoolAuthorization workerpoolAuthorization);

src/main/java/com/iexec/resultproxy/authorization/AuthorizationService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2024 IEXEC BLOCKCHAIN TECH
+ * Copyright 2024-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -64,7 +64,7 @@ public AuthorizationService(AuthorizationRepository authorizationRepository, Iex
      * @param workerpoolAuthorization The authorization to check
      * @return the reason if unauthorized, an empty {@code Optional} otherwise
      */
-    public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(WorkerpoolAuthorization workerpoolAuthorization) {
+    public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(final WorkerpoolAuthorization workerpoolAuthorization) {
         if (workerpoolAuthorization == null || StringUtils.isEmpty(workerpoolAuthorization.getChainTaskId())) {
             log.error("Not authorized with empty params");
             return Optional.of(EMPTY_PARAMS_UNAUTHORIZED);
@@ -112,19 +112,19 @@ public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(Wor
         return Optional.empty();
     }
 
-    public boolean isSignedByHimself(String message, String signature, String address) {
+    public boolean isSignedByHimself(final String message, final String signature, final String address) {
         return SignatureUtils.isSignatureValid(BytesUtils.stringToBytes(message), new Signature(signature), address);
     }
 
-    public String getChallengeForWorker(WorkerpoolAuthorization workerpoolAuthorization) {
+    public String getChallengeForWorker(final WorkerpoolAuthorization workerpoolAuthorization) {
         return HashUtils.concatenateAndHash(
                 workerpoolAuthorization.getWorkerWallet(),
                 workerpoolAuthorization.getChainTaskId(),
                 workerpoolAuthorization.getEnclaveChallenge());
     }
 
     // region workerpool authorization cache
-    public boolean checkEnclaveSignature(ResultModel model, String walletAddress) {
+    public boolean checkEnclaveSignature(final ResultModel model, final String walletAddress) {
         if (ResultModel.EMPTY_WEB3_SIG.equals(model.getEnclaveSignature())) {
             log.warn("Empty enclave signature {}", walletAddress);
             return false;
@@ -154,7 +154,7 @@ public boolean checkEnclaveSignature(ResultModel model, String walletAddress) {
         return isSignedByEnclave;
     }
 
-    public void putIfAbsent(WorkerpoolAuthorization workerpoolAuthorization) {
+    public void putIfAbsent(final WorkerpoolAuthorization workerpoolAuthorization) {
         try {
             authorizationRepository.save(new Authorization(workerpoolAuthorization));
             log.debug("Workerpool authorization entry added [chainTaskId:{}, workerWallet:{}]",

src/main/java/com/iexec/resultproxy/chain/ChainConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,22 +16,45 @@
 
 package com.iexec.resultproxy.chain;
 
+import com.iexec.commons.poco.chain.validation.ValidNonZeroEthereumAddress;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Positive;
+import jakarta.validation.constraints.PositiveOrZero;
 import lombok.Value;
+import org.hibernate.validator.constraints.URL;
+import org.hibernate.validator.constraints.time.DurationMax;
+import org.hibernate.validator.constraints.time.DurationMin;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.context.properties.ConstructorBinding;
+import org.springframework.validation.annotation.Validated;
 
 import java.time.Duration;
 
 @Value
-@ConstructorBinding
+@Validated
 @ConfigurationProperties(prefix = "chain")
-//TODO: validate configuration property names and use the same set of names everywhere (blockchain-adapter-api, sms)
 public class ChainConfig {
+    @Positive(message = "Chain id must be greater than 0")
+    @NotNull(message = "Chain id must not be null")
     int id;
+
     boolean sidechain;
-    String privateAddress;
+
+    @URL(message = "Node address must be a valid URL")
+    @NotEmpty(message = "Node address must not be empty")
+    String nodeAddress;
+
+    @ValidNonZeroEthereumAddress(message = "Hub address must be a valid non zero Ethereum address")
     String hubAddress;
+
+    @DurationMin(millis = 100, message = "Block time must be greater than 100ms")
+    @DurationMax(seconds = 20, message = "Block time must be less than 20s")
+    @NotNull(message = "Block time must not be null")
     Duration blockTime;
+
+    @Positive(message = "Gas price multiplier must be greater than 0")
     float gasPriceMultiplier;
+
+    @PositiveOrZero(message = "Gas price cap must be greater or equal to 0")
     long gasPriceCap;
 }

src/main/java/com/iexec/resultproxy/chain/Web3jService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 IEXEC BLOCKCHAIN TECH
+ * Copyright 2020-2025 IEXEC BLOCKCHAIN TECH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ public class Web3jService extends Web3jAbstractService {
     public Web3jService(ChainConfig chainConfig) {
         super(
                 chainConfig.getId(),
-                chainConfig.getPrivateAddress(),
+                chainConfig.getNodeAddress(),
                 chainConfig.getBlockTime(),
                 chainConfig.getGasPriceMultiplier(),
                 chainConfig.getGasPriceCap(),