Add command line arg to disable grpc reflection (in production) (#48)

Readme.md

@@ -29,6 +29,7 @@ RUST_LOG=debug cargo run -p prover_cli -- --ip 127.0.0.1 --metrics-ip 127.0.0.1
 
 ## Debug
 
+* grpcurl -plaintext 127.0.0.1:50051 list
 * grpcurl -plaintext -d '{"sender": "Alice", "tx_id": "42"}' '[::1]:50051' prover.RlnProver/SendTransaction
 * grpcurl -plaintext '[::1]:50051' prover.RlnProver/GetProofs
 

prover/benches/prover_bench.rs

@@ -191,6 +191,7 @@ fn proof_generation_bench(c: &mut Criterion) {
         registration_min_amount: AppArgs::default_minimal_amount_for_registration(),
         rln_identifier: AppArgs::default_rln_identifier_name(),
         spam_limit: 1_000_000u64,
+        no_grpc_reflection: true,
     };
 
     // Tokio notify - wait for some time after spawning run_prover then notify it's ready to accept

prover/benches/prover_many_subscribers.rs

@@ -155,6 +155,7 @@ fn proof_generation_bench(c: &mut Criterion) {
         registration_min_amount: AppArgs::default_minimal_amount_for_registration(),
         rln_identifier: AppArgs::default_rln_identifier_name(),
         spam_limit: 1_000_000u64,
+        no_grpc_reflection: true,
     };
 
     // Tokio notify - wait for some time after spawning run_prover then notify it's ready to accept

prover/src/args.rs

@@ -32,6 +32,11 @@ const ARGS_DEFAULT_TRANSACTION_CHANNEL_SIZE: &str = "256";
 /// Used by grpc service to send the generated proof to the Verifier. A too low value could stall
 /// the broadcast channel.
 const ARGS_DEFAULT_PROOF_SENDER_CHANNEL_SIZE: &str = "100";
+/// Disable the grpc reflection service
+///
+/// By default, the prover offers GRPC reflection (to ease with the development). This could be turned off
+/// in production.
+const ARGS_DEFAULT_NO_GRPC_REFLECTION: &str = "false";
 
 const ARGS_DEFAULT_RLN_IDENTIFIER_NAME: &str = "test-rln-identifier";
 const ARGS_DEFAULT_PROVER_SPAM_LIMIT: u64 = 10_000_u64;
@@ -194,6 +199,14 @@ pub struct AppArgs {
         hide = true,
     )] // see const doc for more info
     pub proof_sender_channel_size: usize,
+    #[arg(
+        help_heading = "grpc",
+        long = "no-grpc-reflection",
+        help = "Disable grpc reflection",
+        default_value = ARGS_DEFAULT_NO_GRPC_REFLECTION,
+        hide = true,
+    )] // see const doc for more info
+    pub no_grpc_reflection: bool,
 }
 
 impl AppArgs {

prover/src/grpc_service.rs

@@ -296,6 +296,7 @@ pub(crate) struct GrpcProverService<P: Provider> {
     // pub rln_sc_info: Option<(Url, Address)>,
     pub provider: Option<P>,
     pub proof_sender_channel_size: usize,
+    pub grpc_reflection: bool,
 }
 
 impl<P: Provider + Clone + Send + Sync + 'static> GrpcProverService<P> {
@@ -320,9 +321,15 @@ impl<P: Provider + Clone + Send + Sync + 'static> GrpcProverService<P> {
             proof_sender_channel_size: self.proof_sender_channel_size,
         };
 
-        let reflection_service = tonic_reflection::server::Builder::configure()
-            .register_encoded_file_descriptor_set(prover_proto::FILE_DESCRIPTOR_SET)
-            .build_v1()?;
+        let reflection_service = if self.grpc_reflection {
+            Some(
+                tonic_reflection::server::Builder::configure()
+                    .register_encoded_file_descriptor_set(prover_proto::FILE_DESCRIPTOR_SET)
+                    .build_v1()?,
+            )
+        } else {
+            None
+        };
 
         let r = RlnProverServer::new(prover_service)
             .max_decoding_message_size(PROVER_SERVICE_MESSAGE_DECODING_MAX_SIZE.as_u64() as usize)
@@ -361,7 +368,7 @@ impl<P: Provider + Clone + Send + Sync + 'static> GrpcProverService<P> {
             // services
             .layer(cors)
             .layer(GrpcWebLayer::new())
-            .add_service(reflection_service)
+            .add_optional_service(reflection_service)
             .add_service(r)
             .serve(self.addr)
             .map_err(AppError::from)
@@ -382,9 +389,15 @@ impl<P: Provider + Clone + Send + Sync + 'static> GrpcProverService<P> {
             proof_sender_channel_size: self.proof_sender_channel_size,
         };
 
-        let reflection_service = tonic_reflection::server::Builder::configure()
-            .register_encoded_file_descriptor_set(prover_proto::FILE_DESCRIPTOR_SET)
-            .build_v1()?;
+        let reflection_service = if self.grpc_reflection {
+            Some(
+                tonic_reflection::server::Builder::configure()
+                    .register_encoded_file_descriptor_set(prover_proto::FILE_DESCRIPTOR_SET)
+                    .build_v1()?,
+            )
+        } else {
+            None
+        };
 
         let r = RlnProverServer::new(prover_service)
             .max_decoding_message_size(PROVER_SERVICE_MESSAGE_DECODING_MAX_SIZE.as_u64() as usize)
@@ -423,7 +436,7 @@ impl<P: Provider + Clone + Send + Sync + 'static> GrpcProverService<P> {
             // services
             .layer(cors)
             .layer(GrpcWebLayer::new())
-            .add_service(reflection_service)
+            .add_optional_service(reflection_service)
             .add_service(r)
             .serve(self.addr)
             .map_err(AppError::from)

prover/src/lib.rs

@@ -186,6 +186,7 @@ pub async fn run_prover(app_args: AppArgs) -> Result<(), AppError> {
             karma_sc_info: None,
             provider: provider.clone(),
             proof_sender_channel_size: app_args.proof_sender_channel_size,
+            grpc_reflection: !app_args.no_grpc_reflection,
         };
 
         if app_args.ws_rpc_url.is_some() {

prover/tests/grpc_e2e.rs

@@ -257,6 +257,7 @@ async fn test_grpc_gen_proof() {
         registration_min_amount: AppArgs::default_minimal_amount_for_registration(),
         rln_identifier: AppArgs::default_rln_identifier_name(),
         spam_limit: AppArgs::default_spam_limit(),
+        no_grpc_reflection: true,
     };
 
     info!("Starting prover with args: {:?}", app_args);