Minimal api #3001
Minimal api #3001
Conversation
There was a problem hiding this comment.
Sorry for letting you wait so long.
Please use the correct file header (featuring "Bisq" instead of "Bitsquare") and add it to any source file.
IMHO, we do not need the docker config yet. That is a thing we can feature once the API is completed and hardened. Or does that affect the really nice test setup?
- Rename BisqSetupCompleteListener to BisqSetupListener - Add onInitP2pNetwork and onInitWallet to BisqSetupListener - make onInitP2pNetwork and onInitWallet default so no impl. required
- Add onInitWallet to HttpApiMain and start http server there - Add onRequestWalletPassword to BisqSetupListener - Override setupHandlers in HttpApiHeadlessApp and adjust setRequestWalletPasswordHandler (impl. missing) - Add onRequestWalletPassword to HttpApiMain
Docker config is very handy for local development. I've committed only |
|
If docker is not needed for CI, I would kindly ask you to exclude the docker part from the PR. However, I like the idea of having docker containers started by CI to simulate a small Bisq testnet network, so please do not throw that part away. |
|
Actually integration tests use docker containers to spin up regtest env. |
|
it seems the integration tests do not run on |
|
Integration tests are slow so I intentionally excluded them from default build phase. https://github.com/blabno/exchange/tree/minimal-api-2/api#integration-tests |
|
Context: I am not familiar with prior discussions and decisions regarding API. Please excuse if my remarks are irrelevant or already addressed elsewhere.
|
|
I agree with @battleofwizards there are way too many new jar dependencies, Bisq is a high risk project and we need to be really careful about adding trusted third parties. We should be looking to remove jar deps, not add new ones. Implementing a HTTP API should not require new jar deps. |
|
BTW we already have a simple HTTP API webapp in the project. |
|
Spring boot would also be a new dependency, it's local to the pricenode and not deployed to the client (I hope). Zeromq, grpc etc would also be new dependencies. I agree with the reluctance to add deps, but writing everything from scratch is very expensive. Let's find a solution together so this PR can be merged! |
|
Just as @mrosseel said, external dependencies are here to reuse already existing, battle tested code. I will be very happy to write everything from scratch, but that is going to cost a lot and take a lot of time.
Have you ever succeeded with this idea? It might seem that it's just an HTTP api. Well, how about data translation (json->java classes), validation, documentation generation, http connection handling? Regarding springboot. It introduces the same amount of dependencies. Regarding zeromq. This is for asynchronous messaging. |
|
@blabno I think you did what is truly the best practice in a usual context of startups building nice API-s. It's just that Bisq is not that usual context. And no, dependencies do need to be upgraded all the time b/c security fixes, Java upgrades, other dependencies interconnections, etc. One needs to plan for always-upgrading all dependencies. Again, here are some flexibility points to consider:
|
What added value does this bring into this conversation?
Doesn't this contradict that "unusual context" statement.
Are you sure about that gradle-witness part?
I've spent over a year going back and forth with this API stuff, trying different approaches. |
You are right. The
My big kudos to you! Please do not lose your energy and patience due to my whining. |
|
I think a webserver like undertow or jetty could be the only additional dependency (I really like undertow because its so light weight and high performance). We already have a gson dependency for json. |
|
@christophsturm I don't think it's that simple. Jetty without servlet-api doesn't provide much functionality. Even with servlet-api, but without jersey (jax-rs rest framework) we'd have to write a lot of boilerplate. |
|
Minimal Jetty dependencies are:
Cutting out other deps will require us to:
That's a lot of additional effort. |
|
@blabno you surely put a lot of effort in, it's time to make some decisions I'm thinking there might be a middle ground between 'no new deps' and 'add all the deps'. Rewriting all the things is an option, but very costly and I'm personally not convinced it will be better (security bugs) or more non-hackable (rogue contributor). So my proposal is that either the deps are loaded as-needed or the api is shipped in a different binary. If others insist on the 'rewrite everything' option, I understand that blabno needs some assurances that this will then be merged. This is a difficult topic, hopefully the next dev call will shed some light :) |
|
Sorry to bring another issue to the mix and be pain in the ass again :( The authorization based on a fixed token is not secure against replay attacks,
|
What fixed tokens? You get a new token each time you sign in and they have certain lifetime.
No comment.
No, the API is meant to be used over TOR, and at some point to be consumed by mobile clients. |
|
@mrosseel The problem with loading additional jars is that it opens gates for loading more jars than we intended. Initially I wanted to to go that way (https://docs.oracle.com/javase/7/docs/api/java/util/ServiceLoader.html) but Manfred was strongly against it, and I have to agree. |
To protect against replay attacks authorization must be unique per request. Not per session.
This is insecure for moving money (edit: in general case). Please learn about replay attacks.
Excellent. You can do it already in the initial version or add secure remote usage later on (releasing more incrementally). |
|
@battleofwizards If you want token per request approach then contributions are welcome (even though I consider it too limiting). |
|
@blabno good news! Fortunately, my take regarding authorization for money moving was overly generic and not applicable in this specific context. Very sorry for that! To make replay attacks concern irrelevant these must be true:
Despite TLS-level protections against replay attacks, money moving protocols tend to do request signing. This is partly for historical reasons (legacy SSL did not have this property) and partly to have second layer of security. However, this is far from mandatory in the context of modern TLS. I believe it is enough to document TLS usage (likely, with help of nginx or similar reverse proxy). |
|
My thoughts after the last dev call: Currently the desktop and core jars are really tangled up. There is domain logic in desktop and presentation related code in core. Adding an api jar will confuse things even more. The only way I see forward without taking on tones of technical debt and maintenance cost is to first work to provide a clean separation of core and desktop projects with a use case driven java api. |
|
@bodymindarts I was thinking along the very same lines. We first need clean Java API. A nice way to think about it is the concept of use cases. Then we can build frontends on top of this (desktop frontend, integration tests frontend, CLI frontend, Java trading bot frontend, HTTPS API frontend, ...). |
|
The It's basically It's pretty much self-contained and very low on dependencies while still covering all typical needs like objects ser/deser, param validation, routing, server, and client. As we already use protobuf and Google stack of Java libraries, this feels like a good fit for Bisq. Not sure if there are no hidden blockers though, would require more research! Just FYI. |
|
@battleofwizards sure, but did you listen to the last dev call discussing the API ? there are a lot of opinions and it seems the consensus is HTTP REST for now. also this has been stuck in limbo for literally years so I think everyone should compromise just to ship something for now. |
|
@wiz thanks for the update! |
|
This API is really important for the reasons @cbeams stated on the call - what will eventually happen is that Bisq becomes like bitcoin-qt where it's just the reference implementation and everyone will use the RPC API to implement their own trading apps on top of it. |
|
Moved to bisq-network/incubator-bisq-api#1 |
No description provided.