Merge pull request #1672 from statechannels/fildev-payment-client

Fildev demo

Author: geoknee

.github/workflows/deploy-cloud-nodes.yml

@@ -4,21 +4,21 @@ on:
   workflow_dispatch:
     inputs:
       build-image:
-        description: 'Build docker image'
+        description: "Build docker image"
         required: false
-        default: 'true'
+        default: "true"
       deploy-iris:
-        description: 'Deploy Iris'
+        description: "Deploy Iris"
         required: false
-        default: 'true'
+        default: "true"
       deploy-anthony:
-        description: 'Deploy Anthony'
+        description: "Deploy Anthony"
         required: false
-        default: 'true'
+        default: "true"
       deploy-brad:
-        description: 'Deploy Brad'
+        description: "Deploy Brad"
         required: false
-        default: 'true'
+        default: "true"
 
 jobs:
   build-image:
@@ -53,9 +53,9 @@ jobs:
           SSH_PRIVATE_KEY: ${{ secrets.IRIS_SSH_PRIVATE_KEY }}
           SC_PK: ${{ secrets.IRIS_SC_PK }}
           CHAIN_PK: ${{ secrets.IRIS_CHAIN_PK }}
-          NITRO_CONFIG_PATH: './nitro_config/iris.toml'
-          DROPLET_IP: '67.207.88.72'
-          NODE_NAME: 'nitro_iris'
+          NITRO_CONFIG_PATH: "./nitro_config/iris.toml"
+          DROPLET_IP: "67.207.88.72"
+          NODE_NAME: "nitro_iris"
         run: |
           echo "$SSH_PRIVATE_KEY" > private_key.pem
           chmod 600 private_key.pem
@@ -71,6 +71,7 @@ jobs:
               -e SC_PK=$SC_PK \
               -e CHAIN_PK=$CHAIN_PK \
               -v /var/nitro_store:/app/data \
+              -v /etc/letsencrypt:/app/certs \
               registry.digitalocean.com/magmo/go-nitro:latest
           ENDSSH
           rm private_key.pem
@@ -87,9 +88,9 @@ jobs:
           SSH_PRIVATE_KEY: ${{ secrets.ANTHONY_SSH_PRIVATE_KEY }}
           SC_PK: ${{ secrets.ANTHONY_SC_PK }}
           CHAIN_PK: ${{ secrets.ANTHONY_CHAIN_PK }}
-          NITRO_CONFIG_PATH: './nitro_config/anthony.toml'
-          DROPLET_IP: '134.122.114.102'
-          NODE_NAME: 'nitro_anthony'
+          NITRO_CONFIG_PATH: "./nitro_config/anthony.toml"
+          DROPLET_IP: "134.122.114.102"
+          NODE_NAME: "nitro_anthony"
         run: |
           echo "$SSH_PRIVATE_KEY" > private_key.pem
           chmod 600 private_key.pem
@@ -105,6 +106,7 @@ jobs:
               -e SC_PK=$SC_PK \
               -e CHAIN_PK=$CHAIN_PK \
               -v /var/nitro_store:/app/data \
+              -v /etc/letsencrypt:/app/certs \
               registry.digitalocean.com/magmo/go-nitro:latest
           ENDSSH
           rm private_key.pem
@@ -121,9 +123,9 @@ jobs:
           SSH_PRIVATE_KEY: ${{ secrets.BRAD_SSH_PRIVATE_KEY }}
           SC_PK: ${{ secrets.BRAD_SC_PK }}
           CHAIN_PK: ${{ secrets.BRAD_CHAIN_PK }}
-          NITRO_CONFIG_PATH: './nitro_config/brad.toml'
-          DROPLET_IP: '192.81.214.172'
-          NODE_NAME: 'nitro_brad'
+          NITRO_CONFIG_PATH: "./nitro_config/brad.toml"
+          DROPLET_IP: "192.81.214.172"
+          NODE_NAME: "nitro_brad"
         run: |
           echo "$SSH_PRIVATE_KEY" > private_key.pem
           chmod 600 private_key.pem
@@ -139,6 +141,7 @@ jobs:
               -e SC_PK=$SC_PK \
               -e CHAIN_PK=$CHAIN_PK \
               -v /var/nitro_store:/app/data \
+              -v /etc/letsencrypt:/app/certs \
               registry.digitalocean.com/magmo/go-nitro:latest
           ENDSSH
           rm private_key.pem

.github/workflows/deploy-patsy.yml

@@ -4,13 +4,13 @@ on:
   workflow_dispatch:
     inputs:
       build-image:
-        description: 'Build docker image'
+        description: "Build docker image"
         required: false
-        default: 'true'
+        default: "true"
       deploy-patsy:
-        description: 'Deploy Patsy'
+        description: "Deploy Patsy"
         required: false
-        default: 'true'
+        default: "true"
 
 jobs:
   build-image:
@@ -43,10 +43,13 @@ jobs:
         env:
           DO_API_KEY: ${{ secrets.DO_API_KEY }}}
           SSH_PRIVATE_KEY: ${{ secrets.PATSY_SSH_PRIVATE_KEY }}
-          DROPLET_IP: '165.22.197.200'
-          NAME: 'nitro-payment-proxy'
-          NITRO_ENDPOINT: 'brad-node.statechannels.org:4005/api/v1'
-          DESTINATION_URL: 'https://magmo.com'
+          DROPLET_IP: "165.22.197.200"
+          NAME: "nitro-payment-proxy"
+          NITRO_ENDPOINT: "brad-node.statechannels.org:4005/api/v1"
+          DESTINATION_URL: "https://core8.datasetcreators.com/"
+          TLS_CERT_FILE: /app/certs/live/payment-proxy.statechannels.org/fullchain.pem
+          TLS_KEY_FILE: /app/certs/live/payment-proxy.statechannels.org/privkey.pem
+          PROXY_PORT: 443
         run: |
           echo "$SSH_PRIVATE_KEY" > private_key.pem
           chmod 600 private_key.pem
@@ -56,9 +59,13 @@ jobs:
             docker stop $NAME || true
             docker rm $NAME || true
             docker run --restart=unless-stopped -it -d --name $NAME \
+              -v /etc/letsencrypt:/app/certs \
               -p 443:443 -p 80:80 -p 5511:5511 \
               -e NITRO_ENDPOINT=$NITRO_ENDPOINT \
               -e DESTINATION_URL=$DESTINATION_URL \
+              -e TLS_CERT_FILE=$TLS_CERT_FILE \
+              -e TLS_KEY_FILE=$TLS_KEY_FILE \
+              -e PROXY_PORT=$PROXY_PORT \
               registry.digitalocean.com/magmo/nitro-payment-proxy:latest
           ENDSSH
           rm private_key.pem

cmd/sample-file-server/main.go

@@ -2,8 +2,10 @@ package main
 
 import (
 	"fmt"
+	"image"
+	"image/color"
+	"image/png"
 	"log"
-	"math/rand"
 	"net/http"
 	"os"
 	"os/signal"
@@ -29,12 +31,7 @@ func main() {
 				Value:   8088,
 				Aliases: []string{"p"},
 			},
-			&cli.StringFlag{
-				Name:    FILE_URL,
-				Usage:   "Specifies the url to serve the file at.",
-				Value:   "/test.txt",
-				Aliases: []string{"f"},
-			},
+
 			&cli.UintFlag{
 				Name:    FILE_LENGTH,
 				Usage:   "Specifies the length of the file to serve.",
@@ -44,17 +41,22 @@ func main() {
 		},
 		Action: func(c *cli.Context) error {
 			const (
-				fileName = "test.txt"
+				fileName = "test.png"
 			)
 
 			fileContent := generateFileData(c.Int(FILE_LENGTH))
 			filePath, cleanup := setupFile(fileName, fileContent)
 			defer cleanup()
 
-			http.HandleFunc(c.String(FILE_URL), func(w http.ResponseWriter, r *http.Request) {
+			http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 				// Set the Content-Disposition header to suggest a filename
 				w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", fileName))
 
+				// Add CORS headers to allow all origins (*).
+				w.Header().Set("Access-Control-Allow-Origin", "*")
+				w.Header().Set("Access-Control-Allow-Headers", "*")
+				w.Header().Set("Access-Control-Expose-Headers", "*")
+
 				http.ServeFile(w, r, filePath)
 			})
 
@@ -81,7 +83,7 @@ func waitForKillSignal() {
 }
 
 // setupFile creates a file with the given name and content, and returns a cleanup function
-func setupFile(fileName string, fileContent string) (string, func()) {
+func setupFile(fileName string, fileContent *image.RGBA) (string, func()) {
 	dataFolder, err := os.MkdirTemp("", "sample-file-server-*")
 	if err != nil {
 		panic(err)
@@ -94,11 +96,12 @@ func setupFile(fileName string, fileContent string) (string, func()) {
 	}
 	defer file.Close()
 
-	_, err = file.WriteString(fileContent)
-	if err != nil {
+	if err := png.Encode(file, fileContent); err != nil {
+		fmt.Println("Failed to encode image:", err)
 		os.Remove(filePath)
 		panic(err)
 	}
+
 	return filePath, func() {
 		err := os.Remove(fileName)
 		if err != nil {
@@ -108,22 +111,26 @@ func setupFile(fileName string, fileContent string) (string, func()) {
 }
 
 // generateFileData generates a string of the given length composed of random words
-func generateFileData(length int) (fileData string) {
-	if length < 10 {
-		panic("file length must be at least 10")
-	}
-	wordSelection := []string{
-		"Alpha", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot", "Golf", "Hotel",
-		"India", "Juliet", "Kilo", "Lima", "Mike", "November", "Oscar", "Papa",
-		"Quebec", "Romeo", "Sierra", "Tango", "Uniform", "Victor", "Whiskey",
-		"X-ray", "Yankee", "Zulu",
-	}
-	fileData = "START"
-	// Continue adding words until we reach the desired length or beyond
-	for len(fileData) < length {
-		randomIndex := rand.Intn(len(wordSelection))
-		fileData = fileData + " " + wordSelection[randomIndex]
+func generateFileData(length int) (img *image.RGBA) {
+	// Define image dimensions
+	width, height := length, length
+
+	// Create an empty RGBA image
+	img = image.NewRGBA(image.Rect(0, 0, width, height))
+
+	// Fill the image with a gradient
+	for y := 0; y < height; y++ {
+		for x := 0; x < width; x++ {
+			// Gradient: Horizontal red, Vertical blue
+			c := color.RGBA{
+				R: uint8(x * 255 / width),
+				B: uint8(y * 255 / height),
+				G: 0,
+				A: 255, // Fully opaque
+			}
+			img.Set(x, y, c)
+		}
 	}
 
-	return fileData[:length-3] + "END"
+	return img
 }

cmd/start-payment-proxy/main.go

@@ -16,6 +16,9 @@ const (
 	PROXY_ADDRESS   = "proxyaddress"
 	DESTINATION_URL = "destinationurl"
 	COST_PER_BYTE   = "costperbyte"
+
+	TLS_CERT_FILEPATH = "tlscertfilepath"
+	TLS_KEY_FILEPATH  = "tlskeyfilepath"
 )
 
 func main() {
@@ -48,6 +51,16 @@ func main() {
 				Value:   1,
 				Aliases: []string{"c"},
 			},
+			&cli.StringFlag{
+				Name:  TLS_CERT_FILEPATH,
+				Usage: "Filepath to the TLS certificate. If not specified, TLS will not be used.",
+				Value: "",
+			},
+			&cli.StringFlag{
+				Name:  TLS_KEY_FILEPATH,
+				Usage: "Filepath to the TLS private key. If not specified, TLS will not be used.",
+				Value: "",
+			},
 		},
 		Action: func(c *cli.Context) error {
 			proxyEndpoint := c.String(PROXY_ADDRESS)
@@ -60,6 +73,8 @@ func main() {
 				nitroEndpoint,
 				c.String(DESTINATION_URL),
 				c.Uint64(COST_PER_BYTE),
+				c.String(TLS_CERT_FILEPATH),
+				c.String(TLS_KEY_FILEPATH),
 			)
 
 			return proxy.Start()

docker/nitro/anthony.toml

@@ -11,13 +11,16 @@ pk = ""
 # Chain Public Address: 0x56032FA02b2592338b9A42B1865d5a5BEEaF2B75
 chainpk = ""
 
-naaddress = "0xe32d4B5C5a80660710f6a2aD3cB1c11664138F34"
-vpaaddress = "0x4D1a804e1cE383D75032C52878553212992C98D7"
-caaddress = "0x0C9D79725afc344A388045235CD0B23eA4f0E838"
+naaddress = "0xe1790ea824035184a3bf344e087fb61744992545"
+vpaaddress = "0x95EfacCb38106C249F5ddC25b71677d5aF6d31A0"
+caaddress = "0xe1790ea824035184a3bf344e087fb61744992545"
 
 # RPC provider docs: https://lotus.filecoin.io/lotus/developers/glif-nodes/#testnet-endpoint
 chainurl = "wss://wss.calibration.node.glif.io/apigw/lotus/rpc/v0"
-chainstartblock = 909569
+chainstartblock = 915929
 chainauthtoken = ""
 
 bootpeers = "/ip4/67.207.88.72/tcp/3005/p2p/16Uiu2HAmDQj9XnHPD1d4GzS1K3DhmM5Z1cSGLfVTwVcNVdEsAN3Q"
+
+tlscertfilepath = "/app/certs/live/anthony-node.statechannels.org/fullchain.pem"
+tlskeyfilepath = "/app/certs/live/anthony-node.statechannels.org/privkey.pem"

docker/nitro/brad.toml

@@ -11,13 +11,16 @@ pk = ""
 # Chain Public Address: 0xB62da17fab129AD3DF8858B7B1a834e570b8eead
 chainpk = ""
 
-naaddress = "0xe32d4B5C5a80660710f6a2aD3cB1c11664138F34"
-vpaaddress = "0x4D1a804e1cE383D75032C52878553212992C98D7"
-caaddress = "0x0C9D79725afc344A388045235CD0B23eA4f0E838"
+naaddress = "0xe1790ea824035184a3bf344e087fb61744992545"
+vpaaddress = "0x95EfacCb38106C249F5ddC25b71677d5aF6d31A0"
+caaddress = "0xe1790ea824035184a3bf344e087fb61744992545"
 
 # RPC provider docs: https://lotus.filecoin.io/lotus/developers/glif-nodes/#testnet-endpoint
 chainurl = "wss://wss.calibration.node.glif.io/apigw/lotus/rpc/v0"
-chainstartblock = 909569
+chainstartblock = 915929
 chainauthtoken = ""
 
 bootpeers = "/ip4/67.207.88.72/tcp/3005/p2p/16Uiu2HAmDQj9XnHPD1d4GzS1K3DhmM5Z1cSGLfVTwVcNVdEsAN3Q"
+
+tlscertfilepath = "/app/certs/live/brad-node.statechannels.org/fullchain.pem"
+tlskeyfilepath = "/app/certs/live/brad-node.statechannels.org/privkey.pem"

docker/nitro/iris.toml

@@ -11,13 +11,16 @@ pk = ""
 # Chain Public Address: 0x16e43DDc5FE417046Da7A0C469cCD4DE6b4764fA
 chainpk = ""
 
-naaddress = "0xe32d4B5C5a80660710f6a2aD3cB1c11664138F34"
-vpaaddress = "0x4D1a804e1cE383D75032C52878553212992C98D7"
-caaddress = "0x0C9D79725afc344A388045235CD0B23eA4f0E838"
+naaddress = "0xe1790ea824035184a3bf344e087fb61744992545"
+vpaaddress = "0x95EfacCb38106C249F5ddC25b71677d5aF6d31A0"
+caaddress = "0xe1790ea824035184a3bf344e087fb61744992545"
 
 # RPC provider docs: https://lotus.filecoin.io/lotus/developers/glif-nodes/#testnet-endpoint
 chainurl = "wss://wss.calibration.node.glif.io/apigw/lotus/rpc/v0"
-chainstartblock = 908130
+chainstartblock = 915929
 chainauthtoken = ""
 
 bootpeers = ""
+
+tlscertfilepath = "/app/certs/live/iris-node.statechannels.org/fullchain.pem"
+tlskeyfilepath = "/app/certs/live/iris-node.statechannels.org/privkey.pem"

docker/paymentproxy/Dockerfile

@@ -1,7 +1,7 @@
 FROM golang:1.21-bullseye AS builder
 WORKDIR /app
 COPY . .
-COPY ./docker/local/config.toml .
+
 RUN go build -o proxy ./cmd/start-payment-proxy
 
 FROM debian:bullseye-slim
@@ -16,6 +16,8 @@ ENV PROXY_PORT=5511
 ENV NITRO_ENDPOINT=host.docker.internal:4007/api/v1
 ENV DESTINATION_URL=http://host.docker.internal:8088
 ENV COST_PER_BYTE=1
+ENV TLS_CERT_FILE=""
+ENV TLS_KEY_FILE=""
 
 EXPOSE $PROXY_PORT
-CMD ./proxy --nitroendpoint $NITRO_ENDPOINT --proxyaddress 0.0.0.0:$PROXY_PORT --destinationurl $DESTINATION_URL --costperbyte $COST_PER_BYTE
+CMD ./proxy --nitroendpoint $NITRO_ENDPOINT --proxyaddress 0.0.0.0:$PROXY_PORT --destinationurl $DESTINATION_URL --costperbyte $COST_PER_BYTE --tlscertfilepath $TLS_CERT_FILE --tlskeyfilepath $TLS_KEY_FILE 

main.go

@@ -242,10 +242,13 @@ func main() {
 			if err != nil {
 				return err
 			}
+			var cert tls.Certificate
 
-			cert, err := tls.LoadX509KeyPair(tlsCertFilepath, tlsKeyFilepath)
-			if err != nil {
-				panic(err)
+			if tlsCertFilepath != "" && tlsKeyFilepath != "" {
+				cert, err = tls.LoadX509KeyPair(tlsCertFilepath, tlsKeyFilepath)
+				if err != nil {
+					panic(err)
+				}
 			}
 
 			rpcServer, err := rpc.InitializeRpcServer(node, rpcPort, useNats, &cert)