Directory Service Tracking Issue #941
Description
See #775 for discussion
Sub bullets indicate spinoffs of parent, which are directly dependent. Otherwise tasks mostly don't depend on each other.
Most of these do depend on #1232 however, as the ultimate goal here is to unify the directory and relay services.
- refactor: introduce payjoin_directory::Service #914
- Introduce metrics Collection via prometheus for payjoin directory #848
- tower_http::metrics for simple in flight reqs metric, indicates ~ number of active sessions proxied by concurrent GET requests that are blocking on data
- Configure directory with config & clap #927
- Ensure key rotation is accounted for in server and client implementations #445
- config reloading? not sure how valuable this would be with acme and automatic key rotation
- Replace redis with file based mailbox storage #915
- DB should also be a tower::Service, using tower::{timeout,limit::rate}
- tokio-rustls-acme
- configure rustls for PQ
- Fold ohttp-relay into rust-payjoin monorepo #1215
- merge ohttp-relay & payjoin-directory into a Unified payjoin service #1232
- deny access to own directory from the relay
payjoin-serviceshould use axum to simplify routes, split app into sub-apps that all implement the Service trait (e.g. the OHTTP target resources) (supersedes Remove hyper and migrate to axum. #1101)- backwards compatibility routes can be done using the tower_http::follow_redirect middleware instead of being aliased as they are today
- use tokio-listener, --listen-addr instead of --port or something like that
- that makes it more flexible if systemd does the listening for e.g. a nixos module. no more code complexity for us but more flexibility to override the nixos module... but equally systemd unit could just start it and it could bind on something
- Prometheus metrics with axum middleware in payjoin-service #1284
- handle HTTP 2
- maybe factor out a tower_http OHTTP gateway middleware
- remove boilerplate with tower middleware
- tower_http::trace, remove boilerplate tracing and only leave domain relevant logging
- tower_http::limit, remove our custom body size limiter
- tower::limit::rate, POST reqs should be limited to 25/s to ensure all mailboxes have a TTL of minimum 24hrs given default capacity limit
- tokio_http::cors, removes tiny bit of boilerplate
- Set up GitHub Actions for Docker image builds using flake.nix #1286
- Shift integration tests to payjoin-service once ready
- Deprecate payjoin-directory binary and library
- We also need to beef up our directory service docs. E.g what hardware resources you need to run one, instructions to run, explaining how to configure the directory.
Far future:
- QUIC
- arti_client for Tor for bootstrapping #766 (hidden service for directories & tor bridge for relays), kinda tricky without https://gitlab.torproject.org/tpo/core/arti/-/issues/1932 see https://docs.rs/arti-client/0.33.0/arti_client/index.html#-warnings-
- multihop OHTTP Gateway opt-in makes onion routing over relays possible #582
-
- /{id} and /{authority} paths are distinguishable, ShortIDs are 13 bech32 chars, authorities must have
:or.
- /{id} and /{authority} paths are distinguishable, ShortIDs are 13 bech32 chars, authorities must have
-