refactor(cat-gateway): Modify signed_doc::EnvVars.admin_keys a single value CatalystId (#3662)

* initial

* feat: admin

* fix: comments

* chore: bump

---------

Co-authored-by: Alex Pozhylenkov <[email protected]>

Author: apskhem

catalyst-gateway/bin/Cargo.toml

@@ -15,12 +15,12 @@ repository.workspace = true
 workspace = true
 
 [dependencies]
-cardano-chain-follower = { version = "0.0.17", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "cardano-chain-follower/v0.0.17" }
-rbac-registration = { version = "0.0.13", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "rbac-registration/v0.0.13" }
-catalyst-signed-doc = { version = "0.0.9", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-signed-doc/v0.0.9" }
+cardano-chain-follower = { version = "0.0.18", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "cardano-chain-follower/v0.0.18" }
+rbac-registration = { version = "0.0.14", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "rbac-registration/v0.0.14" }
+catalyst-signed-doc = { version = "0.0.10", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-signed-doc/v0.0.10" }
 catalyst-signed-doc-v1 = { package = "catalyst-signed-doc", version = "0.0.4", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-signed-doc/v.0.0.4" }
 c509-certificate = { version = "0.0.3", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "c509-certificate-v0.0.3" }
-catalyst-types = { version = "0.0.9", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-types/v0.0.9" }
+catalyst-types = { version = "0.0.10", git = "https://github.com/input-output-hk/catalyst-libs.git", tag = "catalyst-types/v0.0.10" }
 
 clap = { version = "4.5.20", features = ["derive", "env"] }
 tracing = { version = "0.1.40", features = ["log"] }

catalyst-gateway/bin/src/db/index/block/cip36/insert_cip36_invalid.rs

@@ -3,6 +3,7 @@
 use std::{fmt::Debug, sync::Arc};
 
 use cardano_chain_follower::{pallas_addresses::Address, Cip36, Slot, TxnIndex, VotingPubKey};
+use poem_openapi::types::ToJSON;
 use scylla::{client::session::Session, value::MaybeUnset, SerializeRow};
 use tracing::error;
 
@@ -11,6 +12,7 @@ use crate::{
         index::queries::{PreparedQueries, SizedBatch},
         types::{DbSlot, DbTxnIndex},
     },
+    service::common::objects::generic::problem_report::ProblemReport,
     settings::cassandra_db,
 };
 
@@ -86,13 +88,7 @@ impl Params {
             .unwrap_or_default();
         let is_cip36 = cip36.is_cip36().map_or(MaybeUnset::Unset, MaybeUnset::Set);
         let payment_address = cip36.payment_address().map_or(Vec::new(), Address::to_vec);
-        let problem_report = serde_json::to_string(cip36.err_report()).unwrap_or_else(|e| {
-            error!(
-                "Failed to serialize problem report: {e:?}. Report = {:?}",
-                cip36.err_report()
-            );
-            String::new()
-        });
+        let problem_report = ProblemReport::from(cip36.err_report().clone()).to_json_string();
 
         Params {
             stake_public_key,

catalyst-gateway/bin/src/service/api/documents/common/mod.rs

@@ -6,7 +6,7 @@ use catalyst_signed_doc::CatalystSignedDocument;
 use crate::{
     db::event::{error::NotFoundError, signed_docs::FullSignedDoc},
     service::common::auth::rbac::token::CatalystRBACTokenV1,
-    settings::Settings,
+    settings::{admin::get_admin_key, Settings},
 };
 
 /// A wrapper struct to unify both implementations of `CatalystSignedDocumentProvider` and
@@ -68,9 +68,13 @@ impl catalyst_signed_doc::providers::CatalystIdProvider for ValidationProvider {
         &self,
         kid: &catalyst_signed_doc::CatalystId,
     ) -> anyhow::Result<Option<ed25519_dalek::VerifyingKey>> {
-        self.verifying_key_provider
-            .try_get_registered_key(kid)
-            .await
+        if kid.is_admin() {
+            Ok(get_admin_key(kid))
+        } else {
+            self.verifying_key_provider
+                .try_get_registered_key(kid)
+                .await
+        }
     }
 }
 

catalyst-gateway/bin/src/settings/admin.rs

@@ -0,0 +1,18 @@
+//! Helpers related to the Admin Role.
+
+use ed25519_dalek::VerifyingKey;
+
+use crate::settings::ENV_VARS;
+
+/// Returns the Admin's role0 public key if the given Catalyst ID matches with the
+/// assigned Admin Catalyst ID.
+pub(crate) fn get_admin_key(cat_id: &catalyst_signed_doc::CatalystId) -> Option<VerifyingKey> {
+    let admin_key = ENV_VARS.signed_doc.admin_key();
+    if let Some(admin_key) = admin_key {
+        if cat_id == admin_key {
+            return Some(admin_key.role0_pk());
+        }
+    }
+
+    None
+}

catalyst-gateway/bin/src/settings/mod.rs

@@ -21,6 +21,7 @@ use crate::{
     utils::blake2b_hash::generate_uuid_string_from_data,
 };
 
+pub(crate) mod admin;
 pub(crate) mod cardano_assets_cache;
 pub(crate) mod cassandra_db;
 pub(crate) mod chain_follower;

catalyst-gateway/bin/src/settings/signed_doc.rs

@@ -1,9 +1,6 @@
 //! Command line and environment variable settings for the Catalyst Signed Docs
 
-use std::{collections::HashMap, str::FromStr, time::Duration};
-
-use hex::FromHex;
-use itertools::Itertools;
+use std::{str::FromStr, time::Duration};
 
 use super::str_env_var::StringEnvVar;
 
@@ -22,10 +19,9 @@ pub(crate) struct EnvVars {
     /// The Catalyst Signed Document threshold, document cannot be too far behind.
     past_threshold: Duration,
 
-    /// The Catalyst Signed Document Admin keys map from the `SIGNED_DOC_ADMIN_KEYS` env
-    /// var. Each Admin key entry is a pair of `CatalystId` string and hex encoded
-    /// `VerifyingKey` separated by ';' character.
-    admin_keys: HashMap<catalyst_signed_doc::CatalystId, ed25519_dalek::VerifyingKey>,
+    /// The Catalyst Signed Document Admin Catalyst ID from the `SIGNED_DOC_ADMIN_KEYS`
+    /// env.
+    admin_key: Option<catalyst_signed_doc::CatalystId>,
 }
 
 impl EnvVars {
@@ -37,16 +33,20 @@ impl EnvVars {
         let past_threshold =
             StringEnvVar::new_as_duration("SIGNED_DOC_PAST_THRESHOLD", DEFAULT_PAST_THRESHOLD);
 
-        let admin_keys = string_to_admin_keys(
+        let admin_key = string_to_catalyst_id(
             &StringEnvVar::new_optional("SIGNED_DOC_ADMIN_KEYS", false)
                 .map(|v| v.as_string())
                 .unwrap_or_default(),
         );
 
+        if admin_key.is_none() {
+            tracing::error!("Missing or invalid Catalyst ID for Admin. This is required.");
+        }
+
         Self {
             future_threshold,
             past_threshold,
-            admin_keys,
+            admin_key,
         }
     }
 
@@ -62,58 +62,21 @@ impl EnvVars {
         self.past_threshold
     }
 
-    /// The Catalyst Signed Document Admin keys map.
+    /// The Catalyst Signed Document Admin key.
     #[allow(dead_code)]
-    pub(crate) fn admin_keys(
-        &self
-    ) -> &HashMap<catalyst_signed_doc::CatalystId, ed25519_dalek::VerifyingKey> {
-        &self.admin_keys
+    pub(crate) fn admin_key(&self) -> Option<&catalyst_signed_doc::CatalystId> {
+        self.admin_key.as_ref()
     }
 }
 
-/// Transform a string list of admin keys into a map.
-/// Each Admin key entry is a pair of `CatalystId` string and hex encoded
-/// `VerifyingKey` separated by ';' character.
-fn string_to_admin_keys(
-    admin_keys: &str
-) -> HashMap<catalyst_signed_doc::CatalystId, ed25519_dalek::VerifyingKey> {
-    admin_keys
-        .split(',')
-        // filters out at the beginning all empty entries, because they all would be invalid and
-        // filtered out anyway
-        .filter(|s| !s.is_empty())
-        .filter_map(|s| {
-            // split `CatalystId` and `VerifyingKey` by `;` character.
-            let Some((id, key)) = s.split(';').collect_tuple() else {
-                tracing::error!(entry = s, "Invalid admin key entry");
-                return None;
-            };
-
-            let id = catalyst_signed_doc::CatalystId::from_str(id)
-                .inspect_err(|err| {
-                    tracing::error!(
-                        err = ?err,
-                        "Cannot parse Admin CatalystId entry, skipping the value..."
-                    );
-                })
-                .ok()?;
-
-            // Strip the prefix and convert to 32 bytes array
-            let key = key
-                .strip_prefix("0x")
-                .ok_or(anyhow::anyhow!(
-                    "Admin key hex value does not start with '0x'"
-                ))
-                .and_then(|s| Ok(Vec::from_hex(s)?))
-                .and_then(|bytes| Ok(bytes.as_slice().try_into()?))
-                .inspect_err(|err| {
-                    tracing::error!(
-                        err = ?err,
-                        "Cannot parse Admin VerifyingKey entry, skipping the value..."
-                    );
-                })
-                .ok()?;
-            Some((id, key))
+/// Convert an Envvar into the Catalyst ID type, `None` if missing or invalid value.
+fn string_to_catalyst_id(s: &str) -> Option<catalyst_signed_doc::CatalystId> {
+    catalyst_signed_doc::CatalystId::from_str(s)
+        .inspect_err(|err| {
+            tracing::error!(
+                err = ?err,
+                "Cannot parse Admin CatalystId entry"
+            );
         })
-        .collect()
+        .ok()
 }