LSPS5 implementation #3662
LSPS5 implementation #3662
Conversation
|
👋 Thanks for assigning @tnull as a reviewer! |
|
This is a huge PR, but it wasn’t obvious to me how to split it in a way that would still make sense (I did split it into small commits to make it easier to review.). I’m open to suggestions if you have ideas on how this could be structured differently. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3662 +/- ##
==========================================
- Coverage 89.05% 88.84% -0.21%
==========================================
Files 167 171 +4
Lines 121800 123097 +1297
Branches 121800 123097 +1297
==========================================
+ Hits 108464 109364 +900
- Misses 10928 11351 +423
+ Partials 2408 2382 -26
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Wow, thank you for looking into this! I did a first pass, and it looks pretty amazing already!
Before going too much into further details, here are a few general comments upfront:
-
I'm generally no fan of introducing additional dependencies here, an in particular not
reqwestandtokio. I think following the pattern so farBroadcastNotificationscould be a request that the user handles with any HTTP client they want and then could call back intoLSPS5ServiceHandler. Alternatively, we could also use a trait similar to the currentHTTPClient, but I don't think we want to keep the default implementation. Note that the blockingreqwestvariant wraps atokioruntime internally, and therefore should never (1, 2, ...) be used together. I guess technically we could consider a defaultasyncversion of the trait that usesasyncreqwest, but I would prefer to simply have well-documented trait on our end that the user can implement however they choose to. Also note that stackingtokioruntimes is heavily discouraged in general, so assuming our users would themselves use atokioruntime, we shouldn't wrap one inLSPS5ServiceHandler. -
Note that
lightning-liquidityis optionally no-stdcompliant, so please don't rely onstdwherever possible, often it's just a matter of usingcoreinstead and importing the respective types fromcrate::prelude. If you really find yourselves needing to usestd, make sure it's feature gated behindfeature = "std"and we provide an alternative for users that don't support it. -
Minor: Regarding formatting we're using tabs, not spaces. Feel free to run
./contrib/run-rustfmt.shafter each commit to run our formatting scripts. -
This PR in its current scope is great, just want to note that eventually we need to add persistence for the state. As we haven't fully fleshed out the persistence strategy for
lightning-liquidityin general yet, it's actually preferred to defer this to a follow-up, but just wanted to mention it. Also note that some changes toMessageQueue/EventQueuewill happen in #3509, but will ping you to rebase once that has been merged. (just sidenotes here).
I hope these initial points make sense, let me know if you have any questions, or once you made corresponding changes and think this is ready for the next round of review!
|
👋 The first review has been submitted! Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer. |
Thanks for asking! I'm totally fine to keep this (with its current scope) in a single PR, as long as we keep the commit history pretty clean to allow continuing review to happen commit-by-commit. To this end, please make sure add any fixup commits clearly marked (e.g. via a |
|
Btw, I'm not sure if you're familiar with the previous attempt of implementing LSPS5: #3499 Given this is a clean slate, not sure how much there is to learn, but still might be worth a look. Also not sure if @johncantrell97 would be interested in reviewing this PR, too, as he's familiar with the codebase and LSPS5. |
martinsaposnic
force-pushed
the
lsps5
branch
2 times, most recently
from
1d4b47c to
edf5346
Compare
|
@tnull, ready for the next review round!
CI is failing because of the usage of the |
martinsaposnic
force-pushed
the
lsps5
branch
7 times, most recently
from
9809682 to
af5929e
Compare
|
🔔 1st Reminder Hey @tnull @valentinewallace! This PR has been waiting for your review. |
1 similar comment
|
🔔 1st Reminder Hey @tnull @valentinewallace! This PR has been waiting for your review. |
martinsaposnic
force-pushed
the
lsps5
branch
2 times, most recently
from
2586494 to
d0f64cc
Compare
Rebase done and conflicts resolved. Also, the bug discussed on friday (notification signing flow bug) is fixed now. As discussed, a
This sounds good to me, and I have the changes ready (in a different branch), which I prefer to include in a follow up once this PR is merged, if that's ok to you @tnull @TheBlueMatt |
There was a problem hiding this comment.
Fixups look mostly good to me. I did another pass and commented what stood out to me. For me only the comments regarding the new NodeSigner::sign_message interface and revisiting the commit messages are blocking, everything else could happily be done in follow ups after we land this.
| config.clone(), | ||
| time_provider, | ||
| ); | ||
| time_provider.clone(), |
There was a problem hiding this comment.
Why do we suddenly need to clone here?
| @@ -930,6 +930,9 @@ pub trait NodeSigner { | |||
| /// message to be broadcast, as otherwise it may prevent one from receiving funds over the | |||
| /// corresponding channel. | |||
| fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()>; | |||
|
|
|||
| /// Sign an arbitrary message with the node's secret key. | |||
| fn sign_message(&self, msg: &[u8]) -> Result<String, ()>; | |||
There was a problem hiding this comment.
I think we should be able to make this infallible? Should we include the docs from sign here, too?
Also, I wonder if we also mention that this might panic, similar to what we do above in sign_gossip_message, although it seems we could do a better job describing when this would panic.
There was a problem hiding this comment.
I will make this only return String.
I thought it made sense to keep the style of the other sign methods, but message_signing::sign does not panic, so I don't see the point of returning a Result instead of a String
There was a problem hiding this comment.
Thanks, the fixup looks good, but I have to eat my words as it turns out we made the signing methods fallible to account for the case of a remote signer. So, we need to make sign_message fallible afterall, excuse the churn :/
There was a problem hiding this comment.
No problem at all. I dropped the commit that changed the sign_message method return type and replaced it with this one 75ece86 that only changes the documentation of sign_message
There was a problem hiding this comment.
nit: Commit message of this commit is outdated by now (e.g., we don't have an HttpClient trait anymore). Might be good to revisit all of them once more to check they reflect the current state before we land this PR?
| /// | ||
| /// This trait is used to provide the current time for LSPS5 service operations | ||
| /// and to convert between timestamps and durations. | ||
| pub trait TimeProvider { |
There was a problem hiding this comment.
Might be worth moving this to some crate::utils::time or similar path, if we'll end up keeping it at all. (in a follow-up)
| self.broadcast_notification(client_id, notification) | ||
| } | ||
|
|
||
| fn broadcast_notification( |
There was a problem hiding this comment.
nit: This is named a bit misleading, as we just send the notification, we don't 'broadcast' (i.e., disseminate to multiple peers/endpoints). (could be renamed in a follow-up)
| if webhook | ||
| .last_notification_sent | ||
| .get(¬ification.method) | ||
| .map(|last_sent| now.clone().abs_diff(&last_sent)) |
There was a problem hiding this comment.
I think we should just make LSPSDateTime copy rather than explictly cloneing here and below, etc.
(in a follow-up)
| @@ -214,6 +239,16 @@ impl LSPSDateTime { | |||
| self.0.timestamp().try_into().expect("expiration to be ahead of unix epoch"); | |||
| now_seconds_since_epoch > datetime_seconds_since_epoch | |||
| } | |||
|
|
|||
| /// Returns the time in seconds since the unix epoch. | |||
There was a problem hiding this comment.
These docs are wrong. I also wonder if this should just be fn duration_since(&self, other: &Self) -> Duration rather than returning a u64. (could both be done in a follow-up)
| #[derive(Debug, Clone)] | ||
| /// Configuration for the LSPS5 client | ||
| pub struct LSPS5ClientConfig { | ||
| /// Maximum age in seconds for cached responses (default: 3600 - 1 hour). |
There was a problem hiding this comment.
nit: Rather than replicating the default values in the doc, let's just link to DEFAULT_RESPONSE_MAX_AGE_SECS, which avoids them getting stale (in a follow-up).
| { | ||
| let mut outer_state_lock = self.per_peer_state.write().unwrap(); | ||
| let inner_state_lock = outer_state_lock.entry(counterparty_node_id).or_insert(Mutex::new( | ||
| PeerState::new(self.config.response_max_age_secs, self.time_provider.clone()), |
There was a problem hiding this comment.
We'll cleanup the individual response entries, but would we ever clean up the overall PeerState once it's empty?
This will be used to allow disabling time-dependent functionality. 'time' is included in the features default.
Introduce new_from_duration_since_epoch constructor from Duration. Also add abs_diff function to use on client / service. Also do feature='time' instead of feature='std' on time related functionality
|
The requested changes on Let me know if they look ok so I can squash them @tnull Changes coming in a follow up (I may create an issue for this?):
|
Yes, please open (a) tracking issue(s) for these, preferably with links to the original comment to establish context. |
There was a problem hiding this comment.
Alright, feel free to squash from my side, and then we should land this as-is, IMO, if that's alright with @TheBlueMatt
…5/service when signing notifications
Allows validating webhook URLs without depending on the external url crate.
Define LSPSMessage request, response and error types. Also introduce LSPS5AppName, LSPS5WebhookUrl, WebhookNotification types
Introduce SendWebhookNotification event for LSPS5/service, and also WebhookRegistered, WebhookRegistrationFailed, WebhooksListed, WebhookRemoved and WebhookRemovalFailed events for LSPS5/client.
Implements the LSPS5 webhook registration service that allows LSPs to notify clients of important events via webhooks. This service handles webhook registration, listing, removal, and notification delivery according to the LSPS5 specification.
Implements the client-side functionality for LSPS5 webhook registration, allowing clients to register, list, and remove webhooks with LSPs.
…ions from an LSP. As context, this utility started as part of the client, but was extracted in favor of having it separated, so it's clear that this functions should not be used by the client, but by the proxy server that has to forward the notifications
Fully integrates the LSPS5 webhook components into the lightning-liquidity framework, enabling usage through the LiquidityManager.
|
Fixups squashed! issue with follow ups #3944 |
| @@ -930,6 +930,14 @@ pub trait NodeSigner { | |||
| /// message to be broadcast, as otherwise it may prevent one from receiving funds over the | |||
| /// corresponding channel. | |||
| fn sign_gossip_message(&self, msg: UnsignedGossipMessage) -> Result<Signature, ()>; | |||
|
|
|||
| /// Sign an arbitrary message with the node's secret key. | |||
There was a problem hiding this comment.
nit This makes it sound like the message should be signed directly, but in fact we should sign with the prefix "Lightning Signed Message:"
| std = ["lightning/std", "lightning-liquidity/std", "bitcoin-io/std", "bitcoin_hashes/std"] | ||
| time = ["std", "lightning-liquidity/time"] |
There was a problem hiding this comment.
If we're gonna introduce a time feature in the BP crate we have to make sure we don't fetch time when its not set. That means disabling the threaded/std BP constructor too. I'm not really convinced having a separate feature here is worth it, then, because we enable the same set of things between std and time (there's only really two things in the whole crate - the async+no-std BP and the sync/threaded/std/time one).
A complete implementation for LSPS5 (spec defined here lightning/blips#55)
Reviewing commit by commit is recommended (~40% of the added lines are tests)
Notes:
- Will rebase fromDONElightning-liquidity: IntroduceEventQueuenotifier and wake BP for message processing #3509 once that PR is merged