rest

package
v0.1.0-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 16, 2026 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Index

Constants

View Source
const (
	LeaseShellCodeStdout         = 100
	LeaseShellCodeStderr         = 101
	LeaseShellCodeResult         = 102
	LeaseShellCodeFailure        = 103
	LeaseShellCodeStdin          = 104
	LeaseShellCodeTerminalResize = 105
)
View Source
const (
	LeaseMetadataPathPrefix = "/lease-metadata"

	// PodMetadataPeersTimeout caps each `/peers` proxy call so a
	// stuck wasm querier cannot tie up the pod's reconcile loop.
	PodMetadataPeersTimeout = 8 * time.Second
)

LeaseMetadataPathPrefix is the URL prefix for the pod-facing metadata API. Anchored at `/lease-metadata/{owner}/{dseq}/{gseq}/{oseq}/...`.

Variables

View Source
var (
	// ErrJWTMissing is returned when the JWT is missing.
	ErrJWTMissing = errors.New("jwt: missing")

	// ErrJWTInvalid is returned when the JWT is invalid.
	ErrJWTInvalid     = errors.New("jwt: invalid")
	ErrInvalidRequest = errors.New("invalid request")
	ErrUnauthorized   = errors.New("unauthorized")
)
View Source
var PodMetadataConfigCtxKey = podMetadataConfigCtxKey{}

PodMetadataConfigCtxKey is the exported ctxConfig key — call sites do `ctxConfig[rest.PodMetadataConfigCtxKey] = &cfg` before invoking the gateway constructor.

Functions

func AuthHeaderTokenExtractor

func AuthHeaderTokenExtractor(r *http.Request) (string, error)

AuthHeaderTokenExtractor is a TokenExtractor that takes a request and extracts the token from the Authorization header.

func DefaultErrorHandler

func DefaultErrorHandler(w http.ResponseWriter, _ *http.Request, err error)

func DisableContractManifestBypass

func DisableContractManifestBypass()

DisableContractManifestBypass disables the bypass

func EnableContractManifestBypass

func EnableContractManifestBypass()

EnableContractManifestBypass enables the bypass for contract-owned deployments WARNING: This should only be used in development/testing environments!

func EncodeSmartQueryAsRESTPath

func EncodeSmartQueryAsRESTPath(queryJSON []byte) string

EncodeSmartQueryAsRESTPath returns the base64-encoded path suffix used by Cosmos REST when querying a contract's smart route. Exported so tests + the demo harness can produce equivalent URLs without reaching for a Cosmos client SDK.

func GetBypassUsageCount

func GetBypassUsageCount() uint64

GetBypassUsageCount returns the number of times bypass was used

func IsContractManifestBypassEnabled

func IsContractManifestBypassEnabled() bool

IsContractManifestBypassEnabled returns whether bypass is enabled

func NewHealthServer

func NewHealthServer(
	ctx context.Context,
	logger log.Logger,
	pclient provider.Client,
	address string,
	providerAddr sdk.Address,
	kubeClient kubernetes.Interface,
) *http.Server

NewHealthServer creates a lightweight plain HTTP server that responds to health probes from the ABCI++ valiporacle module. This runs on a separate port (no TLS) so validators can reach it with a simple HTTP GET.

kubeClient (may be nil) enables the per-deployment health array: when set, /health enumerates this provider's lease namespaces and reports each lease's pod readiness under "deployments". The scan is cached (depHealthTTL) so the ABCI probe never hammers the k8s API.

func NewServer

func NewServer(
	ctx context.Context,
	log log.Logger,
	pclient provider.Client,
	cquery gwutils.CertGetter,
	sni string,
	address string,
	pid sdk.Address,
	clusterConfig map[interface{}]interface{},
) (*http.Server, error)

func RegisterPodMetadataRoutes

func RegisterPodMetadataRoutes(
	router *mux.Router,
	logger log.Logger,
	cfg PodMetadataConfig,
)

RegisterPodMetadataRoutes mounts the pod-facing metadata endpoints onto the supplied router. It does NOT call `router.Use` — the router is expected to already carry the provider-address middleware from `newRouter` so `requestProvider(req)` works.

Types

type CtxAuthKey

type CtxAuthKey string

type NoopPodTokenValidator

type NoopPodTokenValidator struct{}

NoopPodTokenValidator trusts an explicit `X-Akash-Pod-Namespace` header instead of validating a token. Only wired when the operator explicitly opts out of TokenReview via the `--insecure-pod-metadata-auth` flag (PodMetadataConfig.InsecureAuth). Must never be used in production — RegisterPodMetadataRoutes emits an Error-level startup warning whenever it is active.

func (NoopPodTokenValidator) ValidatePodToken

func (NoopPodTokenValidator) ValidatePodToken(_ context.Context, _ string, hint string) (string, error)

type PeersProxier

type PeersProxier interface {
	// QueryContractSmart calls the contract `contractAddr` with the
	// supplied JSON-encoded smart query (e.g. `{"peers":{}}`) and
	// returns the raw `.data` JSON bytes from the chain.
	QueryContractSmart(ctx context.Context, contractAddr string, queryJSON []byte) ([]byte, error)
}

PeersProxier is the chain-query side of the metadata API. A production provider wires this up via its existing chain client (e.g. `cosmwasm/wasm/v1/contract/<addr>/smart`); the gateway only needs the abstract interface so it stays decoupled from any specific cosmos client SDK version.

type PodMetadataConfig

type PodMetadataConfig struct {
	ClusterRead    cluster.ReadClient
	Peers          PeersProxier
	TokenValidator PodTokenValidator

	// InsecureAuth switches the API to NoopPodTokenValidator, which
	// trusts the caller-supplied X-Akash-Pod-Namespace header without
	// any TokenReview. Lab-only escape hatch behind the explicit
	// `--insecure-pod-metadata-auth` provider flag; the default (and
	// only safe production value) is false. Phase 3.2: this field is
	// the ONLY way to disable auth — the legacy
	// AKASH_PROVIDER_METADATA_TOKEN_REVIEW_DISABLED env var is
	// ignored except for a migration warning.
	InsecureAuth bool
}

PodMetadataConfig wires the pod-metadata sub-router. The three dependencies are optional; missing pieces degrade gracefully:

  • nil ClusterRead → /metadata returns lease coords only, no services/ports.
  • nil PeersProxier → /peers returns 501.
  • nil TokenValidator → the API FAILS CLOSED (every request is rejected) unless InsecureAuth is explicitly set.

type PodMetadataForwardedPort

type PodMetadataForwardedPort struct {
	Service      string `json:"service"`
	ExternalPort int32  `json:"external_port"`
	InternalPort int32  `json:"internal_port"`
	Protocol     string `json:"protocol"`
	Host         string `json:"host"`
}

PodMetadataForwardedPort is one row of the cluster's forwarded port table flattened into the wire shape pods expect.

type PodMetadataResponse

type PodMetadataResponse struct {
	Owner          string                     `json:"owner"`
	DSeq           uint64                     `json:"dseq"`
	GSeq           uint32                     `json:"gseq"`
	OSeq           uint32                     `json:"oseq"`
	Provider       string                     `json:"provider"`
	Services       []string                   `json:"services,omitempty"`
	ForwardedPorts []PodMetadataForwardedPort `json:"forwarded_ports,omitempty"`
	Namespace      string                     `json:"namespace"`
}

PodMetadataResponse is the JSON returned by GET .../metadata.

Pods use `Owner` as their `AKASH_HA_CONTRACT_ADDR` (for contract-owned leases) and `ForwardedPorts` to compose connection strings without going through the chain.

type PodPeersResponse

type PodPeersResponse struct {
	Contract string          `json:"contract"`
	Query    string          `json:"query"`
	Data     json.RawMessage `json:"data"`
}

PodPeersResponse wraps the proxied contract response so the pod-facing contract is stable even if the wasm side changes shape. `Data` is the raw JSON from the contract; pods decode it the same way they would today decoding the validator's `cosmwasm/wasm/v1/contract/.../smart/<base64-payload>` response.

type PodTokenValidator

type PodTokenValidator interface {
	// ValidatePodToken returns the namespace claim from the token
	// (typically the pod's k8s namespace). Implementations must
	// return an error if the token is invalid, expired, or not
	// bound to a pod ServiceAccount.
	ValidatePodToken(ctx context.Context, bearerToken string, hint string) (namespace string, err error)
}

PodTokenValidator validates a pod-provided Bearer token and returns the namespace the pod is running in. Implementations typically wrap k8s `TokenReview`; the lab/dev path uses `NewNoopPodTokenValidator` which accepts any token and trusts the URL's `X-Akash-Pod-Namespace` header.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL