diff --git a/common/credential-proxy/src/error.rs b/common/credential-proxy/src/error.rs index b1e1506763a..d6e3e8d28fd 100644 --- a/common/credential-proxy/src/error.rs +++ b/common/credential-proxy/src/error.rs @@ -168,6 +168,14 @@ pub enum CredentialProxyError { device_id: String, credential_id: String, }, + + #[error( + "the attestation check url has not been provided through either the CLI nor the default .env config" + )] + AttestationCheckUrlNotSet, + + #[error("the provided attestation check url is malformed: {source}")] + MalformedAttestationCheckUrl { source: url::ParseError }, } impl From for CredentialProxyError { diff --git a/common/network-defaults/src/mainnet.rs b/common/network-defaults/src/mainnet.rs index 8bace8f485d..291f397482e 100644 --- a/common/network-defaults/src/mainnet.rs +++ b/common/network-defaults/src/mainnet.rs @@ -54,6 +54,11 @@ pub const NYM_APIS: &[ApiUrlConst] = &[ ]; pub const NYM_VPN_API: &str = "https://nymvpn.com/api/"; + +pub const UPGRADE_MODE_ATTESTATION_URL: &str = "https://nym.com/upgrade-mode/attestation.json"; +pub const UPGRADE_MODE_ATTESTER_ED25519_BS58_PUBKEY: &str = + "3bgffBYcfFkTTXc2npNNn9MkddFZ3H2LrPjXDmnJzrqd"; + #[cfg(feature = "network")] pub const NYM_VPN_APIS: &[ApiUrlConst] = &[ ApiUrlConst { @@ -159,6 +164,14 @@ pub fn export_to_env() { set_var_to_default(var_names::NYXD_WEBSOCKET, NYXD_WS); set_var_to_default(var_names::EXIT_POLICY_URL, EXIT_POLICY_URL); set_var_to_default(var_names::NYM_VPN_API, NYM_VPN_API); + set_var_to_default( + var_names::UPGRADE_MODE_ATTESTATION_URL, + UPGRADE_MODE_ATTESTATION_URL, + ); + set_var_to_default( + var_names::UPGRADE_MODE_ATTESTER_ED25519_BS58_PUBKEY, + UPGRADE_MODE_ATTESTER_ED25519_BS58_PUBKEY, + ); } #[cfg(all(feature = "env", feature = "network"))] @@ -199,4 +212,12 @@ pub fn export_to_env_if_not_set() { set_var_conditionally_to_default(var_names::NYM_API, NYM_API); set_var_conditionally_to_default(var_names::NYXD_WEBSOCKET, NYXD_WS); set_var_conditionally_to_default(var_names::EXIT_POLICY_URL, EXIT_POLICY_URL); + set_var_conditionally_to_default( + var_names::UPGRADE_MODE_ATTESTATION_URL, + UPGRADE_MODE_ATTESTATION_URL, + ); + set_var_conditionally_to_default( + var_names::UPGRADE_MODE_ATTESTER_ED25519_BS58_PUBKEY, + UPGRADE_MODE_ATTESTER_ED25519_BS58_PUBKEY, + ); } diff --git a/common/network-defaults/src/var_names.rs b/common/network-defaults/src/var_names.rs index 5bcebe85eb5..897937b0fe3 100644 --- a/common/network-defaults/src/var_names.rs +++ b/common/network-defaults/src/var_names.rs @@ -25,6 +25,8 @@ pub const NYXD_WEBSOCKET: &str = "NYXD_WS"; pub const EXIT_POLICY_URL: &str = "EXIT_POLICY"; pub const NYM_VPN_API: &str = "NYM_VPN_API"; pub const CLIENT_STATS_COLLECTION_PROVIDER: &str = "CLIENT_STATS_COLLECTION_PROVIDER"; +pub const UPGRADE_MODE_ATTESTATION_URL: &str = "UPGRADE_MODE_ATTESTATION_URL"; +pub const UPGRADE_MODE_ATTESTER_ED25519_BS58_PUBKEY: &str = "UPGRADE_MODE_ATTESTER_ED25519_PUBKEY"; pub const DKG_TIME_CONFIGURATION: &str = "DKG_TIME_CONFIGURATION"; diff --git a/nym-credential-proxy/nym-credential-proxy/src/cli.rs b/nym-credential-proxy/nym-credential-proxy/src/cli.rs index a8de014423c..d5c27a7730c 100644 --- a/nym-credential-proxy/nym-credential-proxy/src/cli.rs +++ b/nym-credential-proxy/nym-credential-proxy/src/cli.rs @@ -156,12 +156,8 @@ pub struct Cli { #[derive(Args, Debug, Clone)] pub struct UpgradeModeConfig { /// URL for polling for upgrade mode changes. - #[clap( - long, - env = "NYM_CREDENTIAL_PROXY_ATTESTATION_CHECK_URL", - default_value = "5m" - )] - pub(crate) attestation_check_url: Url, + #[clap(long, env = "NYM_CREDENTIAL_PROXY_ATTESTATION_CHECK_URL")] + pub(crate) attestation_check_url: Option, /// Default polling interval of the upgrade mode endpoint. #[clap( diff --git a/nym-credential-proxy/nym-credential-proxy/src/helpers.rs b/nym-credential-proxy/nym-credential-proxy/src/helpers.rs index a353c3b447b..cd061d89626 100644 --- a/nym-credential-proxy/nym-credential-proxy/src/helpers.rs +++ b/nym-credential-proxy/nym-credential-proxy/src/helpers.rs @@ -8,6 +8,8 @@ use nym_bin_common::bin_info; use nym_credential_proxy_lib::error::CredentialProxyError; use nym_credential_proxy_lib::storage::CredentialProxyStorage; use nym_credential_proxy_lib::ticketbook_manager::TicketbookManager; +use nym_network_defaults::var_names; +use nym_network_defaults::var_names::CONFIGURED; use tracing::{error, info}; pub async fn wait_for_signal() { @@ -55,6 +57,28 @@ pub(crate) async fn run_api(cli: Cli) -> Result<(), CredentialProxyError> { let webhook_cfg = cli.webhook; let jwt_signing_keys = cli.jwt_signing_keys.signing_keys()?; + let upgrade_mode_attestation_check_url = match cli.upgrade_mode.attestation_check_url { + Some(url) => url, + None => { + // argument hasn't been provided and env is not configured + if std::env::var(CONFIGURED).is_err() { + return Err(CredentialProxyError::AttestationCheckUrlNotSet); + } + // argument hasn't been provided and the relevant env value hasn't been set + // (technically this shouldn't be possible) + let Ok(env_url) = std::env::var(var_names::UPGRADE_MODE_ATTESTATION_URL) else { + return Err(CredentialProxyError::AttestationCheckUrlNotSet); + }; + + match env_url.parse() { + Ok(url) => url, + Err(err) => { + return Err(CredentialProxyError::MalformedAttestationCheckUrl { source: err }); + } + } + } + }; + let ticketbook_manager = TicketbookManager::new( build_sha_short(), cli.quorum_check_interval, @@ -70,7 +94,7 @@ pub(crate) async fn run_api(cli: Cli) -> Result<(), CredentialProxyError> { cli.upgrade_mode.attestation_check_regular_polling_interval, cli.upgrade_mode .attestation_check_expedited_polling_interval, - cli.upgrade_mode.attestation_check_url, + upgrade_mode_attestation_check_url, jwt_signing_keys, cli.upgrade_mode.upgrade_mode_jwt_validity, ); diff --git a/nym-wallet/Cargo.lock b/nym-wallet/Cargo.lock index 546ee6409d6..26df1b52e66 100644 --- a/nym-wallet/Cargo.lock +++ b/nym-wallet/Cargo.lock @@ -4219,6 +4219,7 @@ dependencies = [ "serde_plain", "serde_yaml", "thiserror 2.0.12", + "tokio", "tracing", "url", "wasmtimer",