feat: perms module

prestwich · prestwich · commit e0436b8ef9d0 · 2025-04-23T10:05:08.000-04:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -33,6 +33,7 @@ metrics-exporter-prometheus = "0.16.2"
 # Other
 thiserror = "2.0.11"
 alloy = { version = "0.12.6", optional = true, default-features = false, features = ["std"] }
+chrono = { version = "0.4.40", optional = true }
 
 [dev-dependencies]
 ajj = "0.3.1"
@@ -44,3 +45,4 @@ tokio = { version = "1.43.0", features = ["macros"] }
 [features]
 default = ["alloy"]
 alloy = ["dep:alloy"]
+perms = ["dep:chrono"]
diff --git a/src/lib.rs b/src/lib.rs
@@ -12,7 +12,9 @@
 #![deny(unused_must_use, rust_2018_idioms)]
 #![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))]
 
-use utils::otlp::OtelGuard;
+#[cfg(feature = "perms")]
+/// Permissioning and authorization utilities for Signet builders.
+pub mod perms;
 
 /// Signet utilities.
 pub mod utils {
@@ -64,7 +66,7 @@ pub mod deps {
 ///
 /// [`init_tracing`]: utils::tracing::init_tracing
 /// [`init_metrics`]: utils::metrics::init_metrics
-pub fn init4() -> Option<OtelGuard> {
+pub fn init4() -> Option<utils::otlp::OtelGuard> {
     let guard = utils::tracing::init_tracing();
     utils::metrics::init_metrics();
     guard
diff --git a/src/perms/builders.rs b/src/perms/builders.rs
@@ -0,0 +1,186 @@
+//! #Signet Quincey builder permissioning system.
+//!
+//! The permissioning system decides which builder can perform a certain action at a given time.
+//! The permissioning system uses a simple round-robin design, where each builder is allowed to perform an action at a specific slot.
+//! Builders are permissioned based on their sub, which is present in the JWT token they acquire from our OAuth service.
+//! They are rotated every 12 seconds, which is Ethereum's slot time.
+//! As the logic is timestamp based, the system is deterministic.
+//!
+//! For updating the currently permissioned builders,
+//! Simply update the included `builders.json` file with the new builders.
+
+use crate::utils::from_env::{FromEnvErr, FromEnvVar};
+
+/// The start timestamp for the permissioned builders, in seconds.
+const EPOCH_START: u64 = 0;
+
+/// Ethereum's slot time in seconds.
+pub const ETHEREUM_SLOT_TIME: u64 = 12;
+
+fn now() -> u64 {
+    chrono::Utc::now().timestamp().try_into().unwrap()
+}
+
+/// Possible errors when permissioning a builder.
+#[derive(Debug, thiserror::Error)]
+pub enum BuilderPermissionError {
+    /// Action attempt too early.
+    #[error("action attempt too early")]
+    ActionAttemptTooEarly,
+
+    /// Action attempt too late.
+    #[error("action attempt too late")]
+    ActionAttemptTooLate,
+
+    /// Builder not permissioned for this slot.
+    #[error("builder not permissioned for this slot")]
+    NotPermissioned,
+
+    /// Error loading the environment variable.
+    #[error(
+        "failed to parse environment variable. Expected a comma-seperated list of UUIDs. Got: {input}"
+    )]
+    ParseError {
+        /// The environment variable name.
+        env_var: String,
+        /// The contents of the environment variable.
+        input: String,
+    },
+}
+
+/// An individual builder.
+#[derive(Clone, Debug)]
+pub struct Builder {
+    /// The sub of the builder.
+    pub sub: String,
+}
+
+impl Builder {
+    /// Create a new builder.
+    pub fn new(sub: impl AsRef<str>) -> Self {
+        Self {
+            sub: sub.as_ref().to_owned(),
+        }
+    }
+    /// Get the sub of the builder.
+    pub fn sub(&self) -> &str {
+        &self.sub
+    }
+}
+
+/// Builders struct to keep track of the builders that are allowed to perform actions.
+#[derive(Clone, Debug)]
+pub struct Builders {
+    /// The list of builders.
+    pub builders: Vec<Builder>,
+}
+
+impl Builders {
+    /// Create a new Builders struct.
+    pub const fn new(builders: Vec<Builder>) -> Self {
+        Self { builders }
+    }
+
+    /// Get the builder at a specific index.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the index is out of bounds from the builders array.
+    pub fn builder_at(&self, index: usize) -> &Builder {
+        &self.builders[index]
+    }
+
+    /// Get the builder permissioned at a specific timestamp.
+    pub fn builder_at_timestamp(&self, timestamp: u64) -> &Builder {
+        self.builder_at(self.index(timestamp) as usize)
+    }
+
+    /// Get the index of the builder that is allowed to sign a block for a
+    /// particular timestamp.
+    pub fn index(&self, timestamp: u64) -> u64 {
+        ((timestamp - EPOCH_START) / ETHEREUM_SLOT_TIME) % self.builders.len() as u64
+    }
+
+    /// Get the index of the builder that is allowed to sign a block at the
+    /// current timestamp.
+    pub fn index_now(&self) -> u64 {
+        self.index(now())
+    }
+
+    /// Get the builder that is allowed to sign a block at the current timestamp.
+    pub fn current_builder(&self) -> &Builder {
+        self.builder_at(self.index_now() as usize)
+    }
+
+    /// Checks if a builder is allowed to perform an action.
+    /// This is based on the current timestamp and the builder's sub. It's a
+    /// round-robin design, where each builder is allowed to perform an action
+    /// at a specific slot, and what builder is allowed changes with each slot.
+    pub fn is_builder_permissioned(
+        &self,
+        config: &crate::perms::SlotAuthzConfig,
+        sub: &str,
+    ) -> Result<(), BuilderPermissionError> {
+        // Get the current timestamp.
+        let curr_timestamp = now();
+
+        // Calculate the current slot time, which is a number between 0 and 11.
+        let current_slot_time = (curr_timestamp - config.chain_offset()) % ETHEREUM_SLOT_TIME;
+
+        // Builders can only perform actions between the configured start and cutoff times, to prevent any timing games.
+        if current_slot_time < config.block_query_start() {
+            tracing::debug!("Action attempt too early");
+            return Err(BuilderPermissionError::ActionAttemptTooEarly);
+        }
+        if current_slot_time > config.block_query_cutoff() {
+            tracing::debug!("Action attempt too late");
+            return Err(BuilderPermissionError::ActionAttemptTooLate);
+        }
+
+        if sub != self.current_builder().sub {
+            tracing::debug!(
+                builder = %sub,
+                permissioned_builder = %self.current_builder().sub,
+                "Builder not permissioned for this slot"
+            );
+            return Err(BuilderPermissionError::NotPermissioned);
+        }
+
+        Ok(())
+    }
+}
+
+impl FromIterator<Builder> for Builders {
+    fn from_iter<T: IntoIterator<Item = Builder>>(iter: T) -> Self {
+        Self::new(iter.into_iter().collect())
+    }
+}
+
+impl FromEnvVar for Builders {
+    type Error = BuilderPermissionError;
+
+    fn from_env_var(env_var: &str) -> Result<Self, FromEnvErr<Self::Error>> {
+        let s = String::from_env_var(env_var)
+            .map_err(FromEnvErr::infallible_into::<BuilderPermissionError>)?;
+
+        Ok(s.split(',').map(Builder::new).collect())
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn load_builders() {
+        unsafe { std::env::set_var("TEST", "0,1,2,3,4,5") };
+
+        let builders = Builders::from_env_var("TEST").unwrap();
+        assert_eq!(builders.builder_at(0).sub, "0");
+        assert_eq!(builders.builder_at(1).sub, "1");
+        assert_eq!(builders.builder_at(2).sub, "2");
+        assert_eq!(builders.builder_at(3).sub, "3");
+        assert_eq!(builders.builder_at(4).sub, "4");
+        assert_eq!(builders.builder_at(5).sub, "5");
+    }
+}
diff --git a/src/perms/config.rs b/src/perms/config.rs
@@ -0,0 +1,98 @@
+use crate::utils::from_env::{FromEnv, FromEnvErr, FromEnvVar};
+use core::num;
+
+// Environment variable names for configuration
+const CHAIN_OFFSET: &str = "CHAIN_OFFSET";
+const BLOCK_QUERY_CUTOFF: &str = "BLOCK_QUERY_CUTOFF";
+const BLOCK_QUERY_START: &str = "BLOCK_QUERY_START";
+
+/// Possible errors when loading the slot authorization configuration.
+#[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
+pub enum SlotAuthzConfigError {
+    /// Error reading environment variable.
+    #[error("error reading chain offset: {0}")]
+    ChainOffset(num::ParseIntError),
+    /// Error reading block query cutoff.
+    #[error("error reading block query cutoff: {0}")]
+    BlockQueryCutoff(num::ParseIntError),
+    /// Error reading block query start.
+    #[error("error reading block query start: {0}")]
+    BlockQueryStart(num::ParseIntError),
+}
+
+/// Configuration object that describes the slot time settings for a chain.
+///
+/// This struct is used to configure the slot authorization system
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub struct SlotAuthzConfig {
+    /// The chain offset in seconds. The offset is the a block's timestamp %
+    /// its slot duration. This is used to calculate the slot number for a
+    /// given unix epoch timestamp.
+    ///
+    /// On loading from env, the number will be clamped between 0 and 11, as
+    /// the slot duration is 12 seconds.
+    chain_offset: u8,
+    /// The block query cutoff time in seconds. This is the slot second after
+    /// which requests will not be serviced. E.g. a value of 1 means that
+    /// requests will not be serviced for the last second of any given slot.
+    ///
+    /// On loading from env, the number will be clamped between 0 and 11, as
+    /// the slot duration is 12 seconds.
+    block_query_cutoff: u8,
+    /// The block query start time in seconds. This is the slot second before
+    /// which requests will not be serviced. E.g. a value of 1 means that
+    /// requests will not be serviced for the first second of any given slot.
+    ///
+    /// On loading from env, the number will be clamped between 0 and 11, as
+    /// the slot duration is 12 seconds.
+    block_query_start: u8,
+}
+
+impl SlotAuthzConfig {
+    /// Creates a new `SlotAuthzConfig` with the given parameters, clamping the
+    /// values between 0 and 11.
+    pub fn new(chain_offset: u8, block_query_cutoff: u8, block_query_start: u8) -> Self {
+        Self {
+            chain_offset: chain_offset.clamp(0, 11),
+            block_query_cutoff: block_query_cutoff.clamp(0, 11),
+            block_query_start: block_query_start.clamp(0, 11),
+        }
+    }
+
+    /// Get the chain offset in seconds.
+    pub fn chain_offset(&self) -> u64 {
+        self.chain_offset as u64
+    }
+
+    /// Get the block query cutoff time in seconds.
+    pub fn block_query_cutoff(&self) -> u64 {
+        self.block_query_cutoff as u64
+    }
+
+    /// Get the block query start time in seconds.
+    pub fn block_query_start(&self) -> u64 {
+        self.block_query_start as u64
+    }
+}
+
+impl FromEnv for SlotAuthzConfig {
+    type Error = SlotAuthzConfigError;
+
+    fn from_env() -> Result<Self, FromEnvErr<Self::Error>> {
+        let chain_offset = u8::from_env_var(CHAIN_OFFSET)
+            .map_err(|e| e.map(SlotAuthzConfigError::ChainOffset))?
+            .clamp(0, 11);
+        let block_query_cutoff = u8::from_env_var(BLOCK_QUERY_CUTOFF)
+            .map_err(|e| e.map(SlotAuthzConfigError::BlockQueryCutoff))?
+            .clamp(0, 11);
+        let block_query_start = u8::from_env_var(BLOCK_QUERY_START)
+            .map_err(|e| e.map(SlotAuthzConfigError::BlockQueryStart))?
+            .clamp(0, 11);
+
+        Ok(Self {
+            chain_offset,
+            block_query_cutoff,
+            block_query_start,
+        })
+    }
+}
diff --git a/src/perms/mod.rs b/src/perms/mod.rs
@@ -0,0 +1,5 @@
+mod config;
+pub use config::{SlotAuthzConfig, SlotAuthzConfigError};
+
+mod builders;
+pub use builders::{Builder, BuilderPermissionError, Builders, ETHEREUM_SLOT_TIME};
