Merge parallel feature flag local certificate logic in cli ohttp (payjoin#726)

spacebear21 · web-flow · commit c35b20a4fba5 · 2025-06-06T18:18:27.000-04:00
These ohttp functions had parallel methods when running tests vs running
in production. This made it difficult to read as there were two
functions that appeared to do completely different things when a feature
flag was present.

Because localhost relays are not actually able to be proxies here we
still need to opportunistically select them from the config when running
our tests instead of just allowing local cert validation.
```
[2025-05-30T17:17:53Z DEBUG payjoin_cli::app::v2::ohttp] Failed to connect to relay: http://localhost:34391/, Internal(InternalError(Reqwest(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("payjo.in")), port: None, path: "/.well-known/ohttp-gateway", query: None, fragment: None }, source: hyper_util::client::legacy::Error(Connect, "unsuccessful tunnel") })))
```
diff --git a/payjoin-cli/src/app/v2/mod.rs b/payjoin-cli/src/app/v2/mod.rs
@@ -16,7 +16,7 @@ use tokio::sync::watch;
 use super::config::Config;
 use super::wallet::BitcoindWallet;
 use super::App as AppTrait;
-use crate::app::v2::ohttp::{unwrap_ohttp_keys_or_else_fetch, validate_relay, RelayManager};
+use crate::app::v2::ohttp::{unwrap_ohttp_keys_or_else_fetch, RelayManager};
 use crate::app::{handle_interrupt, http_agent};
 use crate::db::v2::{ReceiverPersister, SenderPersister};
 use crate::db::Database;
@@ -78,7 +78,9 @@ impl AppTrait for App {
     async fn receive_payjoin(&self, amount: Amount) -> Result<()> {
         let address = self.wallet().get_new_address()?;
         let ohttp_keys =
-            unwrap_ohttp_keys_or_else_fetch(&self.config, self.relay_manager.clone()).await?;
+            unwrap_ohttp_keys_or_else_fetch(&self.config, None, self.relay_manager.clone())
+                .await?
+                .ohttp_keys;
         let mut persister = ReceiverPersister::new(self.db.clone());
         let new_receiver = NewReceiver::new(
             address,
@@ -160,7 +162,9 @@ impl App {
         println!("Receive session established");
         let mut pj_uri = session.pj_uri();
         pj_uri.amount = amount;
-        let ohttp_relay = self.unwrap_relay_or_else_fetch().await?;
+        let ohttp_relay = self
+            .unwrap_relay_or_else_fetch(Some(session.pj_uri().extras.endpoint().clone()))
+            .await?;
 
         println!("Request Payjoin by sharing this Payjoin Uri:");
         println!("{pj_uri}");
@@ -201,7 +205,7 @@ impl App {
     }
 
     async fn long_poll_post(&self, req_ctx: &mut Sender<WithReplyKey>) -> Result<Psbt> {
-        let ohttp_relay = self.unwrap_relay_or_else_fetch().await?;
+        let ohttp_relay = self.unwrap_relay_or_else_fetch(Some(req_ctx.endpoint().clone())).await?;
 
         match req_ctx.extract_v2(ohttp_relay.clone()) {
             Ok((req, ctx)) => {
@@ -246,7 +250,9 @@ impl App {
         &self,
         session: &mut Receiver<WithContext>,
     ) -> Result<Receiver<UncheckedProposal>> {
-        let ohttp_relay = self.unwrap_relay_or_else_fetch().await?;
+        let ohttp_relay = self
+            .unwrap_relay_or_else_fetch(Some(session.pj_uri().extras.endpoint().clone()))
+            .await?;
 
         loop {
             let (req, context) = session.extract_req(&ohttp_relay)?;
@@ -302,12 +308,18 @@ impl App {
         Ok(payjoin_proposal)
     }
 
-    async fn unwrap_relay_or_else_fetch(&self) -> Result<payjoin::Url> {
+    async fn unwrap_relay_or_else_fetch(
+        &self,
+        directory: Option<payjoin::Url>,
+    ) -> Result<payjoin::Url> {
         let selected_relay =
             self.relay_manager.lock().expect("Lock should not be poisoned").get_selected_relay();
         let ohttp_relay = match selected_relay {
             Some(relay) => relay,
-            None => validate_relay(&self.config, self.relay_manager.clone()).await?,
+            None =>
+                unwrap_ohttp_keys_or_else_fetch(&self.config, directory, self.relay_manager.clone())
+                    .await?
+                    .relay_url,
         };
         Ok(ohttp_relay)
     }
diff --git a/payjoin-cli/src/app/v2/ohttp.rs b/payjoin-cli/src/app/v2/ohttp.rs
@@ -1,60 +1,58 @@
 use std::sync::{Arc, Mutex};
 
-#[cfg(feature = "_danger-local-https")]
-use anyhow::Result;
-#[cfg(not(feature = "_danger-local-https"))]
 use anyhow::{anyhow, Result};
 
 use super::Config;
 
 #[derive(Debug, Clone)]
 pub struct RelayManager {
     selected_relay: Option<payjoin::Url>,
-    #[cfg(not(feature = "_danger-local-https"))]
     failed_relays: Vec<payjoin::Url>,
 }
 
 impl RelayManager {
-    #[cfg(feature = "_danger-local-https")]
-    pub fn new() -> Self { RelayManager { selected_relay: None } }
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn new() -> Self { RelayManager { selected_relay: None, failed_relays: Vec::new() } }
 
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn set_selected_relay(&mut self, relay: payjoin::Url) { self.selected_relay = Some(relay); }
 
     pub fn get_selected_relay(&self) -> Option<payjoin::Url> { self.selected_relay.clone() }
 
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn add_failed_relay(&mut self, relay: payjoin::Url) { self.failed_relays.push(relay); }
 
-    #[cfg(not(feature = "_danger-local-https"))]
     pub fn get_failed_relays(&self) -> Vec<payjoin::Url> { self.failed_relays.clone() }
 }
 
+pub(crate) struct ValidatedOhttpKeys {
+    pub(crate) ohttp_keys: payjoin::OhttpKeys,
+    pub(crate) relay_url: payjoin::Url,
+}
+
 pub(crate) async fn unwrap_ohttp_keys_or_else_fetch(
     config: &Config,
+    directory: Option<payjoin::Url>,
     relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<payjoin::OhttpKeys> {
-    if let Some(keys) = config.v2()?.ohttp_keys.clone() {
+) -> Result<ValidatedOhttpKeys> {
+    if let Some(ohttp_keys) = config.v2()?.ohttp_keys.clone() {
         println!("Using OHTTP Keys from config");
-        Ok(keys)
+        return Ok(ValidatedOhttpKeys {
+            ohttp_keys,
+            relay_url: config.v2()?.ohttp_relays[0].clone(),
+        });
     } else {
         println!("Bootstrapping private network transport over Oblivious HTTP");
+        let fetched_keys = fetch_ohttp_keys(config, directory, relay_manager).await?;
 
-        fetch_keys(config, relay_manager.clone())
-            .await
-            .and_then(|keys| keys.ok_or_else(|| anyhow::anyhow!("No OHTTP keys found")))
+        Ok(fetched_keys)
     }
 }
 
-#[cfg(not(feature = "_danger-local-https"))]
-async fn fetch_keys(
+async fn fetch_ohttp_keys(
     config: &Config,
+    directory: Option<payjoin::Url>,
     relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<Option<payjoin::OhttpKeys>> {
+) -> Result<ValidatedOhttpKeys> {
     use payjoin::bitcoin::secp256k1::rand::prelude::SliceRandom;
-    let payjoin_directory = config.v2()?.pj_directory.clone();
+    let payjoin_directory = directory.unwrap_or(config.v2()?.pj_directory.clone());
     let relays = config.v2()?.ohttp_relays.clone();
 
     loop {
@@ -80,72 +78,25 @@ async fn fetch_keys(
             .set_selected_relay(selected_relay.clone());
 
         let ohttp_keys = {
-            payjoin::io::fetch_ohttp_keys(selected_relay.clone(), payjoin_directory.clone()).await
-        };
-
-        match ohttp_keys {
-            Ok(keys) => return Ok(Some(keys)),
-            Err(payjoin::io::Error::UnexpectedStatusCode(e)) => {
-                return Err(payjoin::io::Error::UnexpectedStatusCode(e).into());
+            #[cfg(feature = "_danger-local-https")]
+            {
+                let cert_der = crate::app::read_local_cert()?;
+                payjoin::io::fetch_ohttp_keys_with_cert(
+                    &selected_relay,
+                    &payjoin_directory,
+                    cert_der,
+                )
+                .await
             }
-            Err(e) => {
-                log::debug!("Failed to connect to relay: {selected_relay}, {e:?}");
-                relay_manager
-                    .lock()
-                    .expect("Lock should not be poisoned")
-                    .add_failed_relay(selected_relay);
+            #[cfg(not(feature = "_danger-local-https"))]
+            {
+                payjoin::io::fetch_ohttp_keys(&selected_relay, &payjoin_directory).await
             }
-        }
-    }
-}
-
-///Local relays are incapable of acting as proxies so we must opportunistically fetch keys from the config
-#[cfg(feature = "_danger-local-https")]
-async fn fetch_keys(
-    config: &Config,
-    _relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<Option<payjoin::OhttpKeys>> {
-    let keys = config.v2()?.ohttp_keys.clone().expect("No OHTTP keys set");
-
-    Ok(Some(keys))
-}
-
-#[cfg(not(feature = "_danger-local-https"))]
-pub(crate) async fn validate_relay(
-    config: &Config,
-    relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<payjoin::Url> {
-    use payjoin::bitcoin::secp256k1::rand::prelude::SliceRandom;
-    let payjoin_directory = config.v2()?.pj_directory.clone();
-    let relays = config.v2()?.ohttp_relays.clone();
-
-    loop {
-        let failed_relays =
-            relay_manager.lock().expect("Lock should not be poisoned").get_failed_relays();
-
-        let remaining_relays: Vec<_> =
-            relays.iter().filter(|r| !failed_relays.contains(r)).cloned().collect();
-
-        if remaining_relays.is_empty() {
-            return Err(anyhow!("No valid relays available"));
-        }
-
-        let selected_relay =
-            match remaining_relays.choose(&mut payjoin::bitcoin::key::rand::thread_rng()) {
-                Some(relay) => relay.clone(),
-                None => return Err(anyhow!("Failed to select from remaining relays")),
-            };
-
-        relay_manager
-            .lock()
-            .expect("Lock should not be poisoned")
-            .set_selected_relay(selected_relay.clone());
-
-        let ohttp_keys =
-            payjoin::io::fetch_ohttp_keys(selected_relay.clone(), payjoin_directory.clone()).await;
+        };
 
         match ohttp_keys {
-            Ok(_) => return Ok(selected_relay),
+            Ok(keys) =>
+                return Ok(ValidatedOhttpKeys { ohttp_keys: keys, relay_url: selected_relay }),
             Err(payjoin::io::Error::UnexpectedStatusCode(e)) => {
                 return Err(payjoin::io::Error::UnexpectedStatusCode(e).into());
             }
@@ -159,13 +110,3 @@ pub(crate) async fn validate_relay(
         }
     }
 }
-
-#[cfg(feature = "_danger-local-https")]
-pub(crate) async fn validate_relay(
-    config: &Config,
-    _relay_manager: Arc<Mutex<RelayManager>>,
-) -> Result<payjoin::Url> {
-    let relay = config.v2()?.ohttp_relays.first().expect("no OHTTP relay set").clone();
-
-    Ok(relay)
-}
