feat: aleo proving service (#7656)

yjamin · web-flow · commit 8514a6c57b1e · 2025-12-19T13:01:10.000Z
diff --git a/rust/main/chains/hyperlane-aleo/src/error.rs b/rust/main/chains/hyperlane-aleo/src/error.rs
@@ -49,6 +49,9 @@ pub enum HyperlaneAleoError {
     /// TryFromSliceError
     #[error("{0}")]
     TryFromSliceError(#[from] std::array::TryFromSliceError),
+    /// Missing Auth Header
+    #[error("Missing Auth Header")]
+    MissingAuthHeader,
     /// Malicious Program Detected
     #[error("Malicious Program Detected: program_id={program_id}, transition={transition}")]
     MaliciousProgramDetected {
diff --git a/rust/main/chains/hyperlane-aleo/src/provider/aleo.rs b/rust/main/chains/hyperlane-aleo/src/provider/aleo.rs
@@ -31,15 +31,14 @@ use hyperlane_core::{
 use hyperlane_metric::prometheus_metric::PrometheusClientMetrics;
 
 use crate::{
-    provider::{fallback::FallbackHttpClient, HttpClient, ProvingClient, RpcClient},
+    provider::{
+        fallback::FallbackHttpClient, AleoClient, BaseHttpClient, JWTBaseHttpClient, ProvingClient,
+        RpcClient,
+    },
     utils::{get_tx_id, to_h256},
     AleoSigner, ConnectionConf, CurrentNetwork, FeeEstimate, HyperlaneAleoError,
 };
 
-/// Aleo Http Client trait alias
-pub trait AleoClient: HttpClient + Clone + Debug + Send + Sync + 'static {}
-impl<T> AleoClient for T where T: HttpClient + Clone + Debug + Send + Sync + 'static {}
-
 #[derive(Debug, Clone, Hash, Eq, PartialEq)]
 struct FeeEstimateCacheKey {
     program_id: String,
@@ -53,7 +52,7 @@ pub struct AleoProvider<C: AleoClient = FallbackHttpClient> {
     client: RpcClient<C>,
     domain: HyperlaneDomain,
     network: u16,
-    proving_service: Option<ProvingClient<C>>,
+    proving_service: Option<ProvingClient<FallbackHttpClient<JWTBaseHttpClient>>>,
     signer: Option<AleoSigner>,
     priority_fee_multiplier: f64,
     estimate_cache: Arc<RwLock<HashMap<FeeEstimateCacheKey, FeeEstimate>>>,
@@ -98,7 +97,7 @@ impl AleoProvider<FallbackHttpClient> {
         chain: Option<hyperlane_metric::prometheus_metric::ChainInfo>,
     ) -> ChainResult<Self> {
         let proving_service = if !conf.proving_service.is_empty() {
-            let client = FallbackHttpClient::new(
+            let client = FallbackHttpClient::new::<JWTBaseHttpClient>(
                 conf.proving_service.clone(),
                 metrics.clone(),
                 chain.clone(),
@@ -110,7 +109,7 @@ impl AleoProvider<FallbackHttpClient> {
         };
 
         Ok(Self {
-            client: RpcClient::new(FallbackHttpClient::new(
+            client: RpcClient::new(FallbackHttpClient::new::<BaseHttpClient>(
                 conf.rpcs.clone(),
                 metrics,
                 chain,
diff --git a/rust/main/chains/hyperlane-aleo/src/provider/base.rs b/rust/main/chains/hyperlane-aleo/src/provider/base.rs
@@ -1,14 +1,20 @@
+use std::{
+    sync::Arc,
+    time::{Duration, Instant},
+};
+
 use async_trait::async_trait;
+use reqwest::header::{HeaderValue, AUTHORIZATION};
 use reqwest::Client as ReqestClient;
 use reqwest_utils::parse_custom_rpc_headers;
 use serde::de::DeserializeOwned;
+use tokio::sync::RwLock;
+use url::Url;
 
 use hyperlane_core::{ChainCommunicationError, ChainResult};
-use url::Url;
 
-use crate::provider::HttpClient;
+use crate::provider::{HttpClient, HttpClientBuilder};
 use crate::HyperlaneAleoError;
-use std::time::Duration;
 
 // Default timeouts
 pub const DEFAULT_CONNECT_TIMEOUT: Duration = Duration::from_secs(10);
@@ -34,52 +40,156 @@ impl BaseHttpClient {
         let suffix = match network {
             0 => "mainnet",
             1 => "testnet",
+            2 => "canary",
             id => return Err(HyperlaneAleoError::UnknownNetwork(id).into()),
         };
         Ok(Self {
             client,
             base_url: url.to_string().trim_end_matches("/").to_string() + "/" + suffix,
         })
     }
+}
+
+#[async_trait]
+impl HttpClient for BaseHttpClient {
+    /// Makes a GET request to the API
+    async fn request<T: DeserializeOwned + Send>(
+        &self,
+        path: &str,
+        query: impl Into<Option<serde_json::Value>> + Send,
+    ) -> ChainResult<T> {
+        let url = format!("{}/{}", self.base_url, path);
+        let query: serde_json::Value = query.into().unwrap_or_default();
+        let response = self
+            .client
+            .get(&url)
+            .query(&query)
+            .send()
+            .await
+            .map_err(HyperlaneAleoError::from)?;
+        let response = response
+            .error_for_status()
+            .map_err(HyperlaneAleoError::from)?;
+        let json = response.json().await.map_err(HyperlaneAleoError::from)?;
+        Ok(json)
+    }
 
-    pub fn with_timeouts(
-        base_url: impl Into<String>,
-        connect_timeout: Duration,
-        request_timeout: Duration,
-    ) -> Result<Self, HyperlaneAleoError> {
+    /// Makes a POST request to the API
+    async fn request_post<T: DeserializeOwned + Send>(
+        &self,
+        path: &str,
+        body: &serde_json::Value,
+    ) -> ChainResult<T> {
+        let url = format!("{}/{}", self.base_url, path);
+        let response = self
+            .client
+            .post(&url)
+            .json(body)
+            .send()
+            .await
+            .map_err(HyperlaneAleoError::from)?;
+        let response = response
+            .error_for_status()
+            .map_err(HyperlaneAleoError::from)?;
+        Ok(response.json().await.map_err(HyperlaneAleoError::from)?)
+    }
+}
+
+impl HttpClientBuilder for BaseHttpClient {
+    type Client = BaseHttpClient;
+
+    fn build(url: Url, network: u16) -> ChainResult<Self::Client> {
+        BaseHttpClient::new(url, network)
+    }
+}
+
+/// Base Http client that performs REST-ful queries
+#[derive(Clone, Debug)]
+pub struct JWTBaseHttpClient {
+    client: ReqestClient,
+    base_url: String,
+    suffix: String,
+    auth_url: String,
+    auth_token: Arc<RwLock<Option<(HeaderValue, Instant)>>>,
+}
+
+impl JWTBaseHttpClient {
+    /// Creates a new Http client
+    pub fn new(base_url: Url, network: u16) -> ChainResult<Self> {
+        let (headers, url) =
+            parse_custom_rpc_headers(&base_url).map_err(ChainCommunicationError::from_other)?;
+        let auth_url = headers
+            .get("x-auth-url")
+            .and_then(|v| v.to_str().ok())
+            .unwrap_or_default()
+            .to_string();
         let client = ReqestClient::builder()
-            .connect_timeout(connect_timeout)
-            .timeout(request_timeout)
+            .connect_timeout(DEFAULT_CONNECT_TIMEOUT)
+            .timeout(DEFAULT_REQUEST_TIMEOUT)
+            .default_headers(headers)
             .build()
             .map_err(HyperlaneAleoError::from)?;
+        let suffix = match network {
+            0 => "mainnet",
+            1 => "testnet",
+            2 => "canary",
+            id => return Err(HyperlaneAleoError::UnknownNetwork(id).into()),
+        };
         Ok(Self {
             client,
-            base_url: base_url.into(),
+            base_url: url.to_string().trim_end_matches("/").to_string(),
+            auth_token: Default::default(),
+            suffix: suffix.to_string(),
+            auth_url,
         })
     }
 
-    pub fn client(&self) -> &ReqestClient {
-        &self.client
-    }
+    /// Gets the authentication token if it is still valid
+    pub async fn get_auth_token(&self) -> ChainResult<HeaderValue> {
+        {
+            let auth_token = self.auth_token.read().await;
+            if let Some((token, expires_at)) = &*auth_token {
+                if Instant::now() < *expires_at {
+                    return Ok(token.clone());
+                }
+            }
+        }
 
-    pub fn base_url(&self) -> &str {
-        &self.base_url
+        let response = self
+            .client
+            .post(&self.auth_url)
+            .send()
+            .await
+            .map_err(HyperlaneAleoError::from)?;
+        let result = response
+            .headers()
+            .get(AUTHORIZATION)
+            .ok_or(HyperlaneAleoError::MissingAuthHeader)?
+            .clone();
+        let expires = Instant::now()
+            .checked_add(Duration::from_secs(60 * 15))
+            .unwrap_or(Instant::now()); // Tokens last 15 minutes
+        let mut auth_token = self.auth_token.write().await;
+        *auth_token = Some((result.clone(), expires));
+        Ok(result.clone())
     }
 }
 
 #[async_trait]
-impl HttpClient for BaseHttpClient {
+impl HttpClient for JWTBaseHttpClient {
     /// Makes a GET request to the API
     async fn request<T: DeserializeOwned + Send>(
         &self,
         path: &str,
         query: impl Into<Option<serde_json::Value>> + Send,
     ) -> ChainResult<T> {
-        let url = format!("{}/{}", self.base_url, path);
+        let url = format!("{}/{}/{}", self.base_url, self.suffix, path);
         let query: serde_json::Value = query.into().unwrap_or_default();
+        let auth = self.get_auth_token().await?;
         let response = self
             .client
             .get(&url)
+            .header(AUTHORIZATION, auth)
             .query(&query)
             .send()
             .await
@@ -97,10 +207,12 @@ impl HttpClient for BaseHttpClient {
         path: &str,
         body: &serde_json::Value,
     ) -> ChainResult<T> {
-        let url = format!("{}/{}", self.base_url, path);
+        let url = format!("{}/{}/{}", self.base_url, self.suffix, path);
+        let auth = self.get_auth_token().await?;
         let response = self
             .client
             .post(&url)
+            .header(AUTHORIZATION, auth)
             .json(body)
             .send()
             .await
@@ -111,3 +223,11 @@ impl HttpClient for BaseHttpClient {
         Ok(response.json().await.map_err(HyperlaneAleoError::from)?)
     }
 }
+
+impl HttpClientBuilder for JWTBaseHttpClient {
+    type Client = JWTBaseHttpClient;
+
+    fn build(url: Url, network: u16) -> ChainResult<Self::Client> {
+        JWTBaseHttpClient::new(url, network)
+    }
+}
diff --git a/rust/main/chains/hyperlane-aleo/src/provider/fallback.rs b/rust/main/chains/hyperlane-aleo/src/provider/fallback.rs
@@ -10,17 +10,19 @@ use hyperlane_metric::prometheus_metric::{
 use snarkvm_console_account::{DeserializeOwned, Itertools};
 use url::Url;
 
-use crate::provider::{metric::MetricHttpClient, HttpClient, RpcClient};
+use crate::provider::{
+    metric::MetricHttpClient, AleoClient, BaseHttpClient, HttpClient, HttpClientBuilder, RpcClient,
+};
 
 /// Fallback Http Client that tries multiple RpcClients in order
 #[derive(Clone, Debug)]
-pub struct FallbackHttpClient {
-    fallback: FallbackProvider<RpcClient<MetricHttpClient>, RpcClient<MetricHttpClient>>,
+pub struct FallbackHttpClient<C: AleoClient = BaseHttpClient> {
+    fallback: FallbackProvider<RpcClient<MetricHttpClient<C>>, RpcClient<MetricHttpClient<C>>>,
 }
 
-impl FallbackHttpClient {
+impl<C: AleoClient> FallbackHttpClient<C> {
     /// Creates a new FallbackHttpClient from a list of base urls
-    pub fn new(
+    pub fn new<Builder: HttpClientBuilder<Client = C>>(
         urls: Vec<Url>,
         metrics: PrometheusClientMetrics,
         chain: Option<hyperlane_metric::prometheus_metric::ChainInfo>,
@@ -31,7 +33,7 @@ impl FallbackHttpClient {
             .map(|url| {
                 let metrics_config =
                     PrometheusConfig::from_url(&url, ClientConnectionType::Rpc, chain.clone());
-                MetricHttpClient::new(url, metrics.clone(), metrics_config, network)
+                MetricHttpClient::new::<Builder>(url, metrics.clone(), metrics_config, network)
             })
             .collect::<ChainResult<Vec<_>>>()?
             .into_iter()
@@ -51,7 +53,7 @@ impl<C: HttpClient + std::fmt::Debug + Send + Sync> BlockNumberGetter for RpcCli
 }
 
 #[async_trait]
-impl HttpClient for FallbackHttpClient {
+impl<C: AleoClient> HttpClient for FallbackHttpClient<C> {
     /// Makes a GET request to the API
     async fn request<T: DeserializeOwned + Send>(
         &self,
diff --git a/rust/main/chains/hyperlane-aleo/src/provider/metric.rs b/rust/main/chains/hyperlane-aleo/src/provider/metric.rs
@@ -1,4 +1,4 @@
-use std::time::Instant;
+use std::{ops::Deref, time::Instant};
 
 use async_trait::async_trait;
 use snarkvm_console_account::DeserializeOwned;
@@ -7,25 +7,33 @@ use url::Url;
 use hyperlane_core::ChainResult;
 use hyperlane_metric::prometheus_metric::{PrometheusClientMetrics, PrometheusConfig};
 
-use crate::provider::{BaseHttpClient, HttpClient, RpcClient};
+use crate::provider::{AleoClient, BaseHttpClient, HttpClient, HttpClientBuilder, RpcClient};
 
 /// Fallback Http Client that tries multiple RpcClients in order
 #[derive(Debug)]
-pub struct MetricHttpClient {
-    inner: RpcClient<BaseHttpClient>,
+pub struct MetricHttpClient<C: AleoClient = BaseHttpClient> {
+    inner: RpcClient<C>,
     metrics: PrometheusClientMetrics,
     metrics_config: PrometheusConfig,
 }
 
-impl Drop for MetricHttpClient {
+impl<C: AleoClient> Deref for MetricHttpClient<C> {
+    type Target = RpcClient<C>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.inner
+    }
+}
+
+impl<C: AleoClient> Drop for MetricHttpClient<C> {
     fn drop(&mut self) {
         // decrement provider metric count
         let chain_name = PrometheusConfig::chain_name(&self.metrics_config.chain);
         self.metrics.decrement_provider_instance(chain_name);
     }
 }
 
-impl Clone for MetricHttpClient {
+impl<C: AleoClient> Clone for MetricHttpClient<C> {
     fn clone(&self) -> Self {
         // increment provider metric count
         let chain_name = PrometheusConfig::chain_name(&self.metrics_config.chain);
@@ -39,9 +47,9 @@ impl Clone for MetricHttpClient {
     }
 }
 
-impl MetricHttpClient {
-    /// Creates a new FallbackHttpClient from a list of base urls
-    pub fn new(
+impl<C: AleoClient> MetricHttpClient<C> {
+    /// Creates a new MetricHttpClient
+    pub fn new<Builder: HttpClientBuilder<Client = C>>(
         url: Url,
         metrics: PrometheusClientMetrics,
         metrics_config: PrometheusConfig,
@@ -51,7 +59,7 @@ impl MetricHttpClient {
         let chain_name = PrometheusConfig::chain_name(&metrics_config.chain);
         metrics.increment_provider_instance(chain_name);
 
-        let base_client = BaseHttpClient::new(url, network)?;
+        let base_client = Builder::build(url, network)?;
         Ok(Self {
             inner: RpcClient::new(base_client),
             metrics,
@@ -61,7 +69,7 @@ impl MetricHttpClient {
 }
 
 #[async_trait]
-impl HttpClient for MetricHttpClient {
+impl<C: AleoClient> HttpClient for MetricHttpClient<C> {
     /// Makes a GET request to the API
     async fn request<T: DeserializeOwned + Send>(
         &self,
diff --git a/rust/main/chains/hyperlane-aleo/src/provider/traits.rs b/rust/main/chains/hyperlane-aleo/src/provider/traits.rs
diff --git a/rust/main/helm/hyperlane-agent/templates/external-secret.yaml b/rust/main/helm/hyperlane-agent/templates/external-secret.yaml
