From 6bfe997094bd5af545d1bdc1a697a3723067f5eb Mon Sep 17 00:00:00 2001
From: Max Kalashnikoff <geekmaks@gmail.com>
Date: Mon, 9 Oct 2023 22:32:59 +0300
Subject: [PATCH] adding of  to environment, config and terraform

---
 .env.example                       | 1 +
 .env.multi-tenant-example          | 3 +++
 .env.single-tenant-example         | 3 +++
 .github/workflows/cd.yml           | 2 ++
 .github/workflows/ci_terraform.yml | 1 +
 src/config.rs                      | 8 ++++++++
 terraform/ecs/main.tf              | 3 ++-
 terraform/ecs/variables.tf         | 5 +++++
 terraform/main.tf                  | 1 +
 9 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 5ab6e3b3..f8d05c01 100644
--- a/.env.example
+++ b/.env.example
@@ -5,6 +5,7 @@ DISABLE_HEADER=false
 
 # Should Echo Server validate messages it recieves are from the Relay when attempting to send a push notification
 VALIDATE_SIGNATURES=true
+RELAY_PUBLIC_KEY=
 
 # Filter irrelevant logs from other crates, but enable traces for the relay.
 # We're using separate log levels for stderr and telemetry. Note: telemetry
diff --git a/.env.multi-tenant-example b/.env.multi-tenant-example
index 1f61037d..cc772ae3 100644
--- a/.env.multi-tenant-example
+++ b/.env.multi-tenant-example
@@ -3,6 +3,9 @@ PUBLIC_URL=http://localhost:3000
 DATABASE_URL=postgres://user:pass@host:port/database
 LOG_LEVEL=debug,echo-server=debug
 
+# Public key can be obtained from the https://relay.walletconnect.com/public-key
+RELAY_PUBLIC_KEY=
+
 # Don't validate signatures - allows for users to send push notifications from
 # HTTP clients e.g. curl, insomnia, postman, etc
 VALIDATE_SIGNATURES=false
diff --git a/.env.single-tenant-example b/.env.single-tenant-example
index 0ba59582..785b5378 100644
--- a/.env.single-tenant-example
+++ b/.env.single-tenant-example
@@ -3,6 +3,9 @@ PUBLIC_URL=http://localhost:3000
 DATABASE_URL=postgres://user:pass@host:port/database
 LOG_LEVEL=debug,echo-server=debug
 
+# Public key can be obtained from the https://relay.walletconnect.com/public-key
+RELAY_PUBLIC_KEY=
+
 # Don't validate signatures - allows for users to send push notifications from
 # HTTP clients e.g. curl, insomnia, postman, etc
 VALIDATE_SIGNATURES=false
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 21abb0fb..5d3df508 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -86,6 +86,7 @@ jobs:
           TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }}
           TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }}
           TF_VAR_image_version: ${{ inputs.image_tag }}
+          TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }}
         with:
           environment: "staging"
 
@@ -156,6 +157,7 @@ jobs:
           TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }}
           TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }}
           TF_VAR_image_version: ${{ inputs.image_tag }}
+          TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }}
         with:
           environment: "prod"
 
diff --git a/.github/workflows/ci_terraform.yml b/.github/workflows/ci_terraform.yml
index bcf5b59f..32259b95 100644
--- a/.github/workflows/ci_terraform.yml
+++ b/.github/workflows/ci_terraform.yml
@@ -126,6 +126,7 @@ jobs:
           TF_VAR_grafana_endpoint: ${{ steps.grafana-get-details.outputs.endpoint }}
           TF_VAR_cloud_api_key: ${{ secrets.CLOUD_API_KEY }}
           TF_VAR_jwt_secret: ${{ secrets.JWT_SECRET }}
+          TF_VAR_relay_public_key: ${{ secrets.RELAY_PUBLIC_KEY }}
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           environment: staging
diff --git a/src/config.rs b/src/config.rs
index e5f11fd4..add941cc 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -26,6 +26,7 @@ pub struct Config {
     pub disable_header: bool,
     #[serde(default = "default_relay_url")]
     pub relay_url: String,
+    pub relay_public_key: String, 
     #[serde(default = "default_validate_signatures")]
     pub validate_signatures: bool,
     pub database_url: String,
@@ -111,6 +112,13 @@ impl Config {
             Err(e) => Err(e),
         }?;
 
+        // Empty Relay public key is not allowed
+        if self.relay_public_key.is_empty() {
+            return Err(InvalidConfiguration(
+                "`RELAY_PUBLIC_KEY` cannot be empty".to_string(),
+            ));
+        }
+
         Ok(())
     }
 
diff --git a/terraform/ecs/main.tf b/terraform/ecs/main.tf
index b8815b52..515e054e 100644
--- a/terraform/ecs/main.tf
+++ b/terraform/ecs/main.tf
@@ -95,7 +95,8 @@ resource "aws_ecs_task_definition" "app_task_definition" {
         { name = "CLOUD_API_KEY", value = var.cloud_api_key },
         { name = "CLOUD_API_URL", value = var.cloud_api_url },
 
-        { name = "JWT_SECRET", value = var.jwt_secret }
+        { name = "JWT_SECRET", value = var.jwt_secret },
+        { name = "RELAY_PUBLIC_KEY", value = var.relay_public_key }
       ],
       dependsOn = [
         { containerName = "aws-otel-collector", condition = "START" }
diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf
index f4f66e52..10e8e888 100644
--- a/terraform/ecs/variables.tf
+++ b/terraform/ecs/variables.tf
@@ -137,3 +137,8 @@ variable "jwt_secret" {
   type      = string
   sensitive = true
 }
+
+variable "relay_public_key" {
+  type      = string
+  sensitive = true
+}
diff --git a/terraform/main.tf b/terraform/main.tf
index bbf424f6..48f2d66d 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -179,6 +179,7 @@ module "ecs" {
   cloud_api_url = "https://registry.walletconnect.com/"
 
   jwt_secret = var.jwt_secret
+  relay_public_key = var.relay_public_key
 
   autoscaling_max_capacity = local.environment == "prod" ? 4 : 1
   autoscaling_min_capacity = local.environment == "prod" ? 2 : 1