Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(balances): adding project IDs denylist #931

Merged
merged 1 commit into from
Feb 4, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion src/env/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use {
analytics::Config as AnalyticsConfig,
database::config::PostgresConfig,
error,
handlers::balance::Config as BalanceConfig,
names::Config as NamesConfig,
profiler::ProfilerConfig,
project::{storage::Config as StorageConfig, Config as RegistryConfig},
Expand Down Expand Up @@ -66,6 +67,7 @@ pub struct Config {
pub rate_limiting: RateLimitingConfig,
pub irn: IrnConfig,
pub names: NamesConfig,
pub balances: BalanceConfig,
}

impl Config {
Expand All @@ -81,6 +83,7 @@ impl Config {
rate_limiting: from_env("RPC_PROXY_RATE_LIMITING_")?,
irn: from_env("RPC_PROXY_IRN_")?,
names: from_env("RPC_PROXY_NAMES_")?,
balances: from_env("RPC_PROXY_BALANCES_")?,
})
}
}
Expand Down Expand Up @@ -108,6 +111,7 @@ mod test {
analytics,
database::config::PostgresConfig,
env::{Config, ServerConfig},
handlers::balance::Config as BalanceConfig,
names::Config as NamesConfig,
profiler::ProfilerConfig,
project,
Expand Down Expand Up @@ -229,6 +233,8 @@ mod test {
("RPC_PROXY_IRN_NAMESPACE_SECRET", "namespace"),
// Names configuration
("RPC_PROXY_NAMES_ALLOWED_ZONES", "test1.id,test2.id"),
// Account balances-related configuration
("RPC_PROXY_BALANCES_DENYLIST_PROJECT_IDS", "test_project_id"),
];

values.iter().for_each(set_env_var);
Expand Down Expand Up @@ -323,7 +329,10 @@ mod test {
},
names: NamesConfig {
allowed_zones: Some(vec!["test1.id".to_owned(), "test2.id".to_owned()]),
}
},
balances: BalanceConfig {
denylist_project_ids: Some(vec!["test_project_id".to_owned()]),
},
}
);

Expand Down
15 changes: 15 additions & 0 deletions src/handlers/balance.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,13 @@ pub const H160_EMPTY_ADDRESS: H160 = H160::repeat_byte(0xee);
const PROVIDER_MAX_CALLS: usize = 2;
const METADATA_CACHE_TTL: Duration = Duration::from_secs(60 * 60 * 24); // 1 day

#[derive(Debug, Clone, Deserialize, Eq, PartialEq)]
pub struct Config {
/// List of project ids that are not allowed to use the balance RPC call
/// An empty balances list will be returned for the project ids in the denylist
pub denylist_project_ids: Option<Vec<String>>,
}

#[derive(Debug, Deserialize, Clone)]
#[serde(rename_all = "camelCase")]
pub struct BalanceQueryParams {
Expand Down Expand Up @@ -127,6 +134,14 @@ async fn handler_internal(
Path(address): Path<String>,
) -> Result<Response, RpcError> {
let project_id = query.project_id.clone();

// Check the denylist for the project id
if let Some(denylist_project_ids) = &state.config.balances.denylist_project_ids {
if denylist_project_ids.contains(&project_id) {
return Ok(Json(BalanceResponseBody { balances: vec![] }).into_response());
}
}

state.validate_project_access_and_quota(&project_id).await?;

// if headers not contains `x-sdk-version` then respond with an empty balance
Expand Down
1 change: 1 addition & 0 deletions terraform/ecs/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ resource "aws_ecs_task_definition" "app_task" {
{ name = "RPC_PROXY_IRN_NAMESPACE_SECRET", value = var.irn_namespace_secret },

{ name = "RPC_PROXY_NAMES_ALLOWED_ZONES", value = var.names_allowed_zones },
{ name = "RPC_PROXY_BALANCES_DENYLIST_PROJECT_IDS", value = var.balances_denylist_project_ids },

{ name = "RPC_PROXY_ANALYTICS_EXPORT_BUCKET", value = var.analytics_datalake_bucket_name },
],
Expand Down
7 changes: 7 additions & 0 deletions terraform/ecs/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -428,3 +428,10 @@ variable "names_allowed_zones" {
description = "Comma separated list of allowed zones for names"
type = string
}

#-------------------------------------------------------------------------------
# Address balances projects denylist
variable "balances_denylist_project_ids" {
description = "Comma separated list of project IDs to denylist"
type = string
}
3 changes: 3 additions & 0 deletions terraform/res_ecs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ module "ecs" {
# ENS Names
names_allowed_zones = var.names_allowed_zones

# Address balances related configuration
balances_denylist_project_ids = var.balances_denylist_project_ids

# Analytics
analytics_datalake_bucket_name = data.terraform_remote_state.datalake.outputs.datalake_bucket_id
analytics_datalake_kms_key_arn = data.terraform_remote_state.datalake.outputs.datalake_kms_key_arn
Expand Down
7 changes: 7 additions & 0 deletions terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -278,3 +278,10 @@ variable "names_allowed_zones" {
description = "Comma separated list of allowed zones for names"
type = string
}

#-------------------------------------------------------------------------------
# Address balances projects denylist
variable "balances_denylist_project_ids" {
description = "Comma separated list of project IDs to denylist"
type = string
}