adding of to environment, config and terraform

.env.example

@@ -5,6 +5,7 @@ DISABLE_HEADER=false
 
 # Should Echo Server validate messages it recieves are from the Relay when attempting to send a push notification
 VALIDATE_SIGNATURES=true
+RELAY_PUBLIC_KEY=
 
 # Filter irrelevant logs from other crates, but enable traces for the relay.
 # We're using separate log levels for stderr and telemetry. Note: telemetry

.env.multi-tenant-example

@@ -3,6 +3,9 @@ PUBLIC_URL=http://localhost:3000
 DATABASE_URL=postgres://user:pass@host:port/database
 LOG_LEVEL=debug,echo-server=debug
 
+# Public key can be obtained from the https://relay.walletconnect.com/public-key
+RELAY_PUBLIC_KEY=
+
 # Don't validate signatures - allows for users to send push notifications from
 # HTTP clients e.g. curl, insomnia, postman, etc
 VALIDATE_SIGNATURES=false

.env.single-tenant-example

@@ -3,6 +3,9 @@ PUBLIC_URL=http://localhost:3000
 DATABASE_URL=postgres://user:pass@host:port/database
 LOG_LEVEL=debug,echo-server=debug
 
+# Public key can be obtained from the https://relay.walletconnect.com/public-key
+RELAY_PUBLIC_KEY=
+
 # Don't validate signatures - allows for users to send push notifications from
 # HTTP clients e.g. curl, insomnia, postman, etc
 VALIDATE_SIGNATURES=false

.github/workflows/cd.yml

@@ -86,6 +86,7 @@ jobs:
           TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }}
           TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }}
           TF_VAR_image_version: ${{ inputs.image_tag }}
+          TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }}
         with:
           environment: "staging"
 
@@ -156,6 +157,7 @@ jobs:
           TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }}
           TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }}
           TF_VAR_image_version: ${{ inputs.image_tag }}
+          TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }}
         with:
           environment: "prod"
 

.github/workflows/ci_terraform.yml

@@ -126,6 +126,7 @@ jobs:
           TF_VAR_grafana_endpoint: ${{ steps.grafana-get-details.outputs.endpoint }}
           TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }}
           TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }}
+          TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }}
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           environment: staging

src/config.rs

@@ -26,6 +26,7 @@ pub struct Config {
     pub disable_header: bool,
     #[serde(default = "default_relay_url")]
     pub relay_url: String,
+    pub relay_public_key: String, 
     #[serde(default = "default_validate_signatures")]
     pub validate_signatures: bool,
     pub database_url: String,
@@ -111,6 +112,13 @@ impl Config {
             Err(e) => Err(e),
         }?;
 
+        // Empty Relay public key is not allowed
+        if self.relay_public_key.is_empty() {
+            return Err(InvalidConfiguration(
+                "`RELAY_PUBLIC_KEY` cannot be empty".to_string(),
+            ));
+        }
+
         Ok(())
     }
 

terraform/ecs/main.tf

@@ -95,7 +95,8 @@ resource "aws_ecs_task_definition" "app_task_definition" {
         { name = "CLOUD_API_KEY", value = var.cloud_api_key },
         { name = "CLOUD_API_URL", value = var.cloud_api_url },
 
-        { name = "JWT_SECRET", value = var.jwt_secret }
+        { name = "JWT_SECRET", value = var.jwt_secret },
+        { name = "RELAY_PUBLIC_KEY", value = var.relay_public_key }
       ],
       dependsOn = [
         { containerName = "aws-otel-collector", condition = "START" }

terraform/ecs/variables.tf

@@ -137,3 +137,8 @@ variable "jwt_secret" {
   type      = string
   sensitive = true
 }
+
+variable "relay_public_key" {
+  type      = string
+  sensitive = true
+}

terraform/main.tf

@@ -179,6 +179,7 @@ module "ecs" {
   cloud_api_url = "https://registry.walletconnect.com/"
 
   jwt_secret = var.jwt_secret
+  relay_public_key = var.relay_public_key
 
   autoscaling_max_capacity = local.environment == "prod" ? 4 : 1
   autoscaling_min_capacity = local.environment == "prod" ? 2 : 1