feat: running validators in REST API

[gabrielmer]

Description

We currently add message validators to libp2p's gossipsub, which are run before sending a message. In this PR, we're running the validators in POST /relay/v1/messages/{pubsubTopic} REST handler in order to catch earlier any wrong message and be able to return the user an error in case it's invalid and the message is not published.

In addition to that, a check for messages bigger than the maximum configured size was added to the handler. That's also a check currently made at the libp2p layer before relaying the message, and we want to catch these messages earlier in the flow.

A big change of this PR is that we got rid of topic-specific validators. Now the same validators will run for every pubsub topic.

After completing this PR, a new PR will be opened implementing the same validation logic for other autosharding and lightpush's REST handlers.

Changes

• removed topic-specific validators and converted them to general validators
• running validators in POST /relay/v1/messages/{pubsubTopic} REST handler
• checking for max message size in the above REST handler
• implemented test to check that the max size validator is run at the handler

Issue

Part of #2284

[github-actions]

You can find the image built from this PR at

quay.io/wakuorg/nwaku-pr:2373

Built from 2f820b7

[SionoiS]

👍 This approach seams sensible. No strong opinion either way. Maybe WakuMessages could check their own size?

[gabrielmer]

Notice that for RLN's case for example, the validator's inside logic is used directly in the handler and therefore we had more possible error messages to return the user.

Once we use our validators directly, which only return if validation passed or not, we can only have one possible error message per validator.

The specific details still get logged, but one con of this approach vs hardcoding the checks in the handlers is that we can only have one unique error message per validator

[gabrielmer]

👍 This approach seams sensible. No strong opinion either way. Maybe WakuMessages could check their own size?

Makes sense! Thought about it and found 2 issues to this.

First one, is that we don't use a WakuMessage.init() proc or something similar that runs logic when creating a WakuMessage, we just assign values to the struct as they are. We could create one, but not sure if refactoring it in the whole code only for this use case is worth it.

Apart from that, the easiest way to calculate the size in bytes of a WakuMessage is to create the struct and then check its size. We could calculate the size of all its separate fields and add them together, but that might be prone to bugs in case we add a field or make any change in the type.

LMK what you all think :))

[Ivansete-status]

Thanks for the PR!
I've added a few comments. If possible, I'd try to simplify the approach and just have one kind of validator (avoiding the use of the generic/default validators list) but ofc I might be missing something :)

[SionoiS]

Apart from that, the easiest way to calculate the size in bytes of a WakuMessage is to create the struct and then check its size. We could calculate the size of all its separate fields and add them together, but that might be prone to bugs in case we add a field or make any change in the type.

What I was thinking is something like

if not myMessage.isWakuValid():
   return err("Max size 150KB! This message is too large per Waku RFC 64.")

if not myMessage.isGossipSubValid():
   return err("Max size 1MiB! This message is too large for GossipSub.")

Plus some tests.

[gabrielmer]

Apart from that, the easiest way to calculate the size in bytes of a WakuMessage is to create the struct and then check its size. We could calculate the size of all its separate fields and add them together, but that might be prone to bugs in case we add a field or make any change in the type.

What I was thinking is something like

if not myMessage.isWakuValid():
   return err("Max size 150KB! This message is too large per Waku RFC 64.")

if not myMessage.isGossipSubValid():
   return err("Max size 1MiB! This message is too large for GossipSub.")

Plus some tests.

Oooh got it! So basically having the check inside a proc. That's cool, 100% can be useful and nicer :)

[NagyZoltanPeter]

Overall thank you for this great stuff. I agree with the comments added before me, but I can approve it from my side, bet you will answer the rest. ;-)

[SionoiS]

@gabrielmer you are aware of #1700 right?

[gabrielmer]

@gabrielmer you are aware of #1700 right?

Ooooh, was definitely not aware of that GitHub issue! I was aware of the overall idea, that's why I took this approach here with validators instead of hardcoding the checks.

Thanks!

[gabrielmer]

Changing PR to draft as there's still many changes to be done

[gabrielmer]

I'll also add to this proc a check that the message size is smaller than GossipSub's max.

Currently the max size is defined in nim-libp2p here: https://github.com/status-im/nim-libp2p/blob/e3c967ad1939fb33b8e13759037d193734acd202/libp2p/protocols/pubsub/pubsub.nim#L556

I don't want to have it hardcoded, so I'll first open a PR in nim-libp2p defining it as a global const and will then add an if condition in this proc

[gabrielmer]

I think I implemented all the feedback received, please let me know if I missed something or if there's anything else we can improve :)

So this PR doesn't get way too big, I'll implement the same validation logic in a separate PR for lightpush's and autosharding's REST handlers.

[SionoiS]

LGTM thanks!

[Ivansete-status]

Looks great indeed! However, I can't approve yet as per the doubt I have re rest/relay/handlers.nim :)

[Ivansete-status]

Why are we removing this wakuRlnRelay validation? This is quite important :) Or are we making this validation in another place?

[gabrielmer]

Yes!

So now we register the validator here:

nwaku/waku/node/waku_node.nim

Line 990 in 6171f31

node.wakuRelay.addValidator(validator, "RLN validation failed")

And this runs in the REST handler here:

nwaku/waku/waku_api/rest/relay/handlers.nim

Line 138 in 6171f31

(await node.wakuRelay.validateMessage(pubsubTopic, message)).isOkOr:

So instead of hardcoding again the RLN validation in the handler, this gets run when going over all the registered validators

[Ivansete-status]

Beautiful!, I see that the validation is performed in the following place:

nwaku/waku/waku_rln_relay/rln_relay.nim

Line 331 in 3e65cc1

let validationRes = wakuRlnRelay.validateMessageAndUpdateLog(message)

[Ivansete-status]

LGTM! Thanks for the master-piece PR and the patience! 🥳

[Ivansete-status]

Beautiful!, I see that the validation is performed in the following place:

nwaku/waku/waku_rln_relay/rln_relay.nim

Line 331 in 3e65cc1

let validationRes = wakuRlnRelay.validateMessageAndUpdateLog(message)