diff --git a/certifier/mainnet.yml b/certifier/mainnet.yml deleted file mode 100644 index 14a3ee91..00000000 --- a/certifier/mainnet.yml +++ /dev/null @@ -1,11 +0,0 @@ -# Mainnet configuration -listen: "0.0.0.0:80" -post_cfg: - k1: 26 - k2: 37 - k3: 37 - pow_difficulty: "000dfb23b0979b4b000000000000000000000000000000000000000000000000" - scrypt: - n: 8192 - r: 1 - p: 1 diff --git a/certifier/src/certifier.rs b/certifier/src/certifier.rs index 6fb2ac9a..5eff3c34 100644 --- a/certifier/src/certifier.rs +++ b/certifier/src/certifier.rs @@ -4,8 +4,9 @@ use axum::http::StatusCode; use axum::{extract::State, Json}; use axum::{routing::post, Router}; use ed25519_dalek::{Signer, SigningKey}; +use post::config::{InitConfig, ProofConfig}; use post::pow::randomx::{PoW, RandomXFlag}; -use post::verification::{Verifier, VerifyingParams}; +use post::verification::Verifier; use serde::{Deserialize, Serialize}; use serde_with::{base64::Base64, serde_as}; use tracing::instrument; @@ -35,24 +36,20 @@ async fn certify( let pub_key = request.metadata.node_id; let s = state.clone(); - let params = match VerifyingParams::new(&request.metadata, &s.cfg) { - Ok(params) => params, - Err(e) => return Err((StatusCode::BAD_REQUEST, format!("invalid metadata: {e:?}"))), - }; let result = tokio::task::spawn_blocking(move || { - s.verifier.verify(&request.proof, &request.metadata, params) + s.verifier + .verify(&request.proof, &request.metadata, &s.cfg, &s.init_cfg) }) - .await; - match result { - Err(e) => { - return Err(( - StatusCode::INTERNAL_SERVER_ERROR, - format!("internal error verifying proof: {e:?}"), - )) - } - Ok(Err(e)) => return Err((StatusCode::FORBIDDEN, format!("invalid proof: {e:?}"))), - _ => {} - } + .await + .map_err(|e| { + tracing::error!("internal error verifying proof: {e:?}"); + ( + StatusCode::INTERNAL_SERVER_ERROR, + "error verifying proof".into(), + ) + })?; + + result.map_err(|e| (StatusCode::FORBIDDEN, format!("invalid proof: {e:?}")))?; // Sign the nodeID let response = CertifyResponse { @@ -64,16 +61,18 @@ async fn certify( struct AppState { verifier: Verifier, - cfg: post::config::Config, + cfg: ProofConfig, + init_cfg: InitConfig, signer: SigningKey, } -pub fn new(cfg: post::config::Config, signer: SigningKey) -> Router { +pub fn new(cfg: ProofConfig, init_cfg: InitConfig, signer: SigningKey) -> Router { let state = AppState { verifier: Verifier::new(Box::new( PoW::new(RandomXFlag::get_recommended_flags()).expect("creating RandomX PoW verifier"), )), cfg, + init_cfg, signer, }; diff --git a/certifier/src/configuration.rs b/certifier/src/configuration.rs index 6442e559..5f78c12d 100644 --- a/certifier/src/configuration.rs +++ b/certifier/src/configuration.rs @@ -12,7 +12,8 @@ pub struct Config { /// The base64-encoded secret key used to sign the proofs. /// It's 256-bit key as defined in [RFC8032 ยง 5.1.5]. pub signing_key: SecretKey, - pub post_cfg: post::config::Config, + pub post_cfg: post::config::ProofConfig, + pub init_cfg: post::config::InitConfig, /// Whether to enable metrics on /metrics. pub metrics: bool, diff --git a/certifier/src/main.rs b/certifier/src/main.rs index 4fa583c5..0b597335 100644 --- a/certifier/src/main.rs +++ b/certifier/src/main.rs @@ -74,7 +74,7 @@ async fn main() -> Result<(), Box> { info!("listening on: {:?}, pubkey: {}", config.listen, pubkey_b64,); info!("using POST configuration: {:?}", config.post_cfg); - let mut app = certifier::certifier::new(config.post_cfg, signer); + let mut app = certifier::certifier::new(config.post_cfg, config.init_cfg, signer); if config.metrics { info!("metrics on: {}/metrics", config.listen.to_string());