[Feature] Fallback gateway listener and remove legacy key support

common/client-core/gateways-storage/Cargo.toml

@@ -9,7 +9,6 @@ rust-version.workspace = true
 
 [dependencies]
 async-trait.workspace = true
-cosmrs.workspace = true
 serde = { workspace = true, features = ["derive"] }
 thiserror.workspace = true
 time.workspace = true
@@ -20,6 +19,7 @@ zeroize = { workspace = true, features = ["zeroize_derive"] }
 
 nym-crypto = { path = "../../crypto", features = ["asymmetric"] }
 nym-gateway-requests = { path = "../../gateway-requests" }
+nym-gateway-client = { path = "../../client-libs/gateway-client" }
 
 [target."cfg(not(target_arch = \"wasm32\"))".dependencies.sqlx]
 workspace = true

common/client-core/gateways-storage/fs_gateways_migrations/20251126120000_remove_legacy_add_fallback.sql

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2025 - Nym Technologies SA <contact@nymtech.net>
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+CREATE TABLE remote_gateway_details_temp
+(
+    gateway_id_bs58                          TEXT NOT NULL UNIQUE PRIMARY KEY REFERENCES registered_gateway (gateway_id_bs58),
+    derived_aes256_gcm_siv_key               BLOB NOT NULL,
+    gateway_listener                         TEXT NOT NULL,
+    fallback_listener                        TEXT,
+    expiration_timestamp                     TIMESTAMP WITHOUT TIME ZONE NOT NULL
+);
+
+
+INSERT INTO remote_gateway_details_temp SELECT gateway_id_bs58, derived_aes256_gcm_siv_key, gateway_listener, NULL, datetime(0, 'unixepoch') FROM remote_gateway_details;
+
+DROP TABLE remote_gateway_details;
+ALTER TABLE remote_gateway_details_temp RENAME TO remote_gateway_details;
+
+
+

common/client-core/gateways-storage/src/backend/fs_backend/manager.rs

@@ -144,13 +144,10 @@ impl StorageManager {
         &self,
         gateway_id: &str,
     ) -> Result<RawRemoteGatewayDetails, sqlx::Error> {
-        sqlx::query_as!(
-            RawRemoteGatewayDetails,
-            "SELECT * FROM remote_gateway_details WHERE gateway_id_bs58 = ?",
-            gateway_id
-        )
-        .fetch_one(&self.connection_pool)
-        .await
+        sqlx::query_as("SELECT * FROM remote_gateway_details WHERE gateway_id_bs58 = ?")
+            .bind(gateway_id)
+            .fetch_one(&self.connection_pool)
+            .await
     }
 
     pub(crate) async fn set_remote_gateway_details(
@@ -159,41 +156,35 @@ impl StorageManager {
     ) -> Result<(), sqlx::Error> {
         sqlx::query!(
             r#"
-                INSERT INTO remote_gateway_details(gateway_id_bs58, derived_aes128_ctr_blake3_hmac_keys_bs58, derived_aes256_gcm_siv_key, gateway_owner_address, gateway_listener)
+                INSERT INTO remote_gateway_details(gateway_id_bs58, derived_aes256_gcm_siv_key, gateway_listener, fallback_listener, expiration_timestamp)
                 VALUES (?, ?, ?, ?, ?)
             "#,
             remote.gateway_id_bs58,
-            remote.derived_aes128_ctr_blake3_hmac_keys_bs58,
             remote.derived_aes256_gcm_siv_key,
-            remote.gateway_owner_address,
             remote.gateway_listener,
+            remote.fallback_listener,
+            remote.expiration_timestamp
         )
             .execute(&self.connection_pool)
             .await?;
         Ok(())
     }
 
-    pub(crate) async fn update_remote_gateway_key(
+    pub(crate) async fn update_remote_gateway_details(
         &self,
-        gateway_id_bs58: &str,
-        derived_aes128_ctr_blake3_hmac_keys_bs58: Option<&str>,
-        derived_aes256_gcm_siv_key: Option<&[u8]>,
+        remote: &RawRemoteGatewayDetails,
     ) -> Result<(), sqlx::Error> {
         sqlx::query!(
             r#"
-                UPDATE remote_gateway_details
-                SET
-                    derived_aes128_ctr_blake3_hmac_keys_bs58 = ?,
-                    derived_aes256_gcm_siv_key = ?
-                WHERE gateway_id_bs58 = ?
+                UPDATE remote_gateway_details SET gateway_listener = ?, fallback_listener = ?, expiration_timestamp = ? WHERE gateway_id_bs58 = ?
             "#,
-            derived_aes128_ctr_blake3_hmac_keys_bs58,
-            derived_aes256_gcm_siv_key,
-            gateway_id_bs58
+            remote.gateway_listener,
+            remote.fallback_listener,
+            remote.expiration_timestamp,
+            remote.gateway_id_bs58
         )
-        .execute(&self.connection_pool)
-        .await?;
-
+            .execute(&self.connection_pool)
+            .await?;
         Ok(())
     }
 

common/client-core/gateways-storage/src/backend/fs_backend/mod.rs

@@ -8,12 +8,10 @@ use crate::{
 use async_trait::async_trait;
 use manager::StorageManager;
 use nym_crypto::asymmetric::ed25519;
-use nym_gateway_requests::SharedSymmetricKey;
 use std::path::Path;
 
 pub mod error;
 mod manager;
-mod models;
 
 #[derive(Clone)]
 pub struct OnDiskGatewaysDetails {
@@ -134,18 +132,20 @@ impl GatewaysDetailsStore for OnDiskGatewaysDetails {
         Ok(())
     }
 
-    async fn upgrade_stored_remote_gateway_key(
+    async fn update_gateway_details(
         &self,
-        gateway_id: ed25519::PublicKey,
-        updated_key: &SharedSymmetricKey,
+        details: &GatewayRegistration,
     ) -> Result<(), Self::StorageError> {
-        self.manager
-            .update_remote_gateway_key(
-                &gateway_id.to_base58_string(),
-                None,
-                Some(updated_key.as_bytes()),
-            )
-            .await?;
+        match &details.details {
+            GatewayDetails::Remote(remote_details) => {
+                let raw_details = &remote_details.into();
+                self.manager
+                    .update_remote_gateway_details(raw_details)
+                    .await?;
+            }
+            GatewayDetails::Custom(_) => {}
+        }
+
         Ok(())
     }
 

common/client-core/gateways-storage/src/backend/mem_backend.rs

@@ -2,10 +2,8 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::types::{ActiveGateway, GatewayRegistration};
-use crate::{BadGateway, GatewayDetails, GatewaysDetailsStore};
+use crate::{BadGateway, GatewaysDetailsStore};
 use async_trait::async_trait;
-use nym_crypto::asymmetric::ed25519::PublicKey;
-use nym_gateway_requests::{SharedGatewayKey, SharedSymmetricKey};
 use std::collections::HashMap;
 use std::sync::Arc;
 use thiserror::Error;
@@ -96,26 +94,12 @@ impl GatewaysDetailsStore for InMemGatewaysDetails {
         Ok(())
     }
 
-    async fn upgrade_stored_remote_gateway_key(
+    // It will overwrite the existing entry, which is what we ultimately want
+    async fn update_gateway_details(
         &self,
-        gateway_id: PublicKey,
-        updated_key: &SharedSymmetricKey,
+        details: &GatewayRegistration,
     ) -> Result<(), Self::StorageError> {
-        let mut guard = self.inner.write().await;
-
-        #[allow(clippy::unwrap_used)]
-        if let Some(target) = guard.gateways.get_mut(&gateway_id.to_string()) {
-            let GatewayDetails::Remote(details) = &mut target.details else {
-                return Ok(());
-            };
-            assert_eq!(Arc::strong_count(&details.shared_key), 1);
-
-            // eh. that's nasty, but it's only ever used for ephemeral clients so should be fine for now...
-            details.shared_key = Arc::new(SharedGatewayKey::Current(
-                SharedSymmetricKey::try_from_bytes(updated_key.as_bytes()).unwrap(),
-            ))
-        }
-
+        self.store_gateway_details(details).await?;
         Ok(())
     }