nexo-pairing 0.1.8

Setup-code pairing store and DM-challenge gate for Nexo channel plugins.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

//! Prometheus telemetry for the pairing flow.
//!
//! Counters and one push-tracked gauge:
//!
//! - `pairing_approvals_total{channel,result}` — counter
//! - `pairing_codes_expired_total` — counter
//! - `pairing_bootstrap_tokens_issued_total{profile}` — counter
//! - `pairing_requests_pending{channel}` — gauge
//!
//! Layering note: this crate is a leaf (no `nexo-core` dep) so the
//! metric primitives ship here and `nexo_core::telemetry::render_prometheus`
//! stitches the [`render`] block into the exposition response. Same
//! pattern as `nexo_web_search::telemetry`.
//!
//! The gauge is push-tracked: `inc/dec` from each lifecycle event and
//! [`set`] for an authoritative refresh. Drift after a daemon crash is
//! recovered by calling [`crate::refresh_pending_gauge`] against the
//! store.

use dashmap::DashMap;
use std::sync::atomic::{AtomicI64, AtomicU64, Ordering};
use std::sync::LazyLock;

#[derive(Clone, Debug, Hash, Eq, PartialEq)]
struct ApprovalKey {
    channel: String,
    result: String,
}

static APPROVALS: LazyLock<DashMap<ApprovalKey, AtomicU64>> = LazyLock::new(DashMap::new);
static CODES_EXPIRED: AtomicU64 = AtomicU64::new(0);
static BOOTSTRAP_TOKENS_ISSUED: LazyLock<DashMap<String, AtomicU64>> = LazyLock::new(DashMap::new);
static REQUESTS_PENDING: LazyLock<DashMap<String, AtomicI64>> = LazyLock::new(DashMap::new);

/// Bump the pairing-approval counter. `result` is one of
/// `"ok" | "expired" | "not_found"`. `channel` is the empty string for
/// `not_found` (the row was never located so its channel is unknown).
pub fn inc_approvals(channel: &str, result: &str) {
    APPROVALS
        .entry(ApprovalKey {
            channel: channel.to_string(),
            result: result.to_string(),
        })
        .or_insert_with(|| AtomicU64::new(0))
        .fetch_add(1, Ordering::Relaxed);
}

/// Add `n` expirations to the pruned-codes counter. Bumped from two
/// sites: per row deleted by [`crate::PairingStore::purge_expired`] and
/// once per `approve` call that finds a row past TTL.
pub fn add_codes_expired(n: u64) {
    CODES_EXPIRED.fetch_add(n, Ordering::Relaxed);
}

/// Bump the bootstrap-token issuance counter. `profile` reflects the
/// claims profile that the token will carry.
pub fn inc_bootstrap_tokens_issued(profile: &str) {
    BOOTSTRAP_TOKENS_ISSUED
        .entry(profile.to_string())
        .or_insert_with(|| AtomicU64::new(0))
        .fetch_add(1, Ordering::Relaxed);
}

/// Increment the pending-requests gauge for `channel`.
pub fn inc_requests_pending(channel: &str) {
    REQUESTS_PENDING
        .entry(channel.to_string())
        .or_insert_with(|| AtomicI64::new(0))
        .fetch_add(1, Ordering::Relaxed);
}

/// Decrement the pending-requests gauge for `channel`. Clamps at 0 —
/// going negative would mean the bookkeeping drifted (a daemon crash
/// between insert and `+1`, or a double `dec`). We stay at 0 and
/// rely on [`crate::refresh_pending_gauge`] for authoritative recovery
/// rather than trusting an underflow.
pub fn dec_requests_pending(channel: &str) {
    let entry = REQUESTS_PENDING
        .entry(channel.to_string())
        .or_insert_with(|| AtomicI64::new(0));
    let mut current = entry.load(Ordering::Relaxed);
    loop {
        if current <= 0 {
            entry.store(0, Ordering::Relaxed);
            return;
        }
        match entry.compare_exchange_weak(
            current,
            current - 1,
            Ordering::Relaxed,
            Ordering::Relaxed,
        ) {
            Ok(_) => return,
            Err(actual) => current = actual,
        }
    }
}

/// Subtract `n` from the pending-requests gauge for `channel` (clamped
/// at 0). Used by `purge_expired` to batch a per-channel decrement.
pub fn sub_requests_pending(channel: &str, n: i64) {
    if n <= 0 {
        return;
    }
    let entry = REQUESTS_PENDING
        .entry(channel.to_string())
        .or_insert_with(|| AtomicI64::new(0));
    let mut current = entry.load(Ordering::Relaxed);
    loop {
        let next = (current - n).max(0);
        match entry.compare_exchange_weak(current, next, Ordering::Relaxed, Ordering::Relaxed) {
            Ok(_) => return,
            Err(actual) => current = actual,
        }
    }
}

/// Authoritative set of the pending-requests gauge for `channel`.
/// Called by [`crate::refresh_pending_gauge`] from a `SELECT COUNT(*)`
/// result so a process restart resyncs without relying on
/// inc/dec bookkeeping.
pub fn set_requests_pending(channel: &str, value: i64) {
    REQUESTS_PENDING
        .entry(channel.to_string())
        .or_insert_with(|| AtomicI64::new(0))
        .store(value.max(0), Ordering::Relaxed);
}

/// Snapshot of every channel currently tracked by the gauge. Used by
/// the refresh routine to zero out channels that no longer have any
/// pending rows.
pub fn pending_channels() -> Vec<String> {
    REQUESTS_PENDING.iter().map(|e| e.key().clone()).collect()
}

// === Test helpers — read counter values. ===

pub fn approvals_total(channel: &str, result: &str) -> u64 {
    APPROVALS
        .get(&ApprovalKey {
            channel: channel.to_string(),
            result: result.to_string(),
        })
        .map(|v| v.value().load(Ordering::Relaxed))
        .unwrap_or(0)
}

pub fn codes_expired_total() -> u64 {
    CODES_EXPIRED.load(Ordering::Relaxed)
}

pub fn bootstrap_tokens_issued_total(profile: &str) -> u64 {
    BOOTSTRAP_TOKENS_ISSUED
        .get(profile)
        .map(|v| v.value().load(Ordering::Relaxed))
        .unwrap_or(0)
}

pub fn requests_pending(channel: &str) -> i64 {
    REQUESTS_PENDING
        .get(channel)
        .map(|v| v.value().load(Ordering::Relaxed))
        .unwrap_or(0)
}

/// Reset every 26.y counter — test-only. The 26.x counter
/// (`pairing_inbound_challenged_total`) lives in `nexo-core` and is
/// not touched here.
pub fn reset_for_test() {
    APPROVALS.clear();
    CODES_EXPIRED.store(0, Ordering::Relaxed);
    BOOTSTRAP_TOKENS_ISSUED.clear();
    REQUESTS_PENDING.clear();
}

fn escape(s: &str) -> String {
    let mut out = String::with_capacity(s.len());
    for c in s.chars() {
        match c {
            '\\' => out.push_str("\\\\"),
            '"' => out.push_str("\\\""),
            '\n' => out.push_str("\\n"),
            _ => out.push(c),
        }
    }
    out
}

/// Append the pairing 26.y metrics block to a Prometheus exposition
/// buffer. Called by `nexo_core::telemetry::render_prometheus`.
pub fn render(out: &mut String) {
    out.push_str(
        "# HELP pairing_approvals_total Pairing approval attempts by channel and result.\n",
    );
    out.push_str("# TYPE pairing_approvals_total counter\n");
    if APPROVALS.is_empty() {
        out.push_str("pairing_approvals_total{channel=\"\",result=\"\"} 0\n");
    } else {
        let mut rows: Vec<(ApprovalKey, u64)> = APPROVALS
            .iter()
            .map(|e| (e.key().clone(), e.value().load(Ordering::Relaxed)))
            .collect();
        rows.sort_by(|a, b| {
            (a.0.channel.clone(), a.0.result.clone())
                .cmp(&(b.0.channel.clone(), b.0.result.clone()))
        });
        for (k, v) in rows {
            out.push_str(&format!(
                "pairing_approvals_total{{channel=\"{}\",result=\"{}\"}} {}\n",
                escape(&k.channel),
                escape(&k.result),
                v
            ));
        }
    }

    out.push_str("# HELP pairing_codes_expired_total Pairing setup codes pruned past TTL or rejected as expired on approve.\n");
    out.push_str("# TYPE pairing_codes_expired_total counter\n");
    out.push_str(&format!(
        "pairing_codes_expired_total {}\n",
        CODES_EXPIRED.load(Ordering::Relaxed)
    ));

    out.push_str(
        "# HELP pairing_bootstrap_tokens_issued_total Bootstrap tokens minted by profile.\n",
    );
    out.push_str("# TYPE pairing_bootstrap_tokens_issued_total counter\n");
    if BOOTSTRAP_TOKENS_ISSUED.is_empty() {
        out.push_str("pairing_bootstrap_tokens_issued_total{profile=\"\"} 0\n");
    } else {
        let mut rows: Vec<(String, u64)> = BOOTSTRAP_TOKENS_ISSUED
            .iter()
            .map(|e| (e.key().clone(), e.value().load(Ordering::Relaxed)))
            .collect();
        rows.sort_by(|a, b| a.0.cmp(&b.0));
        for (profile, v) in rows {
            out.push_str(&format!(
                "pairing_bootstrap_tokens_issued_total{{profile=\"{}\"}} {}\n",
                escape(&profile),
                v
            ));
        }
    }

    out.push_str(
        "# HELP pairing_requests_pending Pending pairing requests by channel (push-tracked).\n",
    );
    out.push_str("# TYPE pairing_requests_pending gauge\n");
    if REQUESTS_PENDING.is_empty() {
        out.push_str("pairing_requests_pending{channel=\"\"} 0\n");
    } else {
        let mut rows: Vec<(String, i64)> = REQUESTS_PENDING
            .iter()
            .map(|e| (e.key().clone(), e.value().load(Ordering::Relaxed)))
            .collect();
        rows.sort_by(|a, b| a.0.cmp(&b.0));
        for (channel, v) in rows {
            out.push_str(&format!(
                "pairing_requests_pending{{channel=\"{}\"}} {}\n",
                escape(&channel),
                v
            ));
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::sync::Mutex;

    static TEST_LOCK: Mutex<()> = Mutex::new(());

    #[test]
    fn approvals_inc_and_read() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        inc_approvals("whatsapp", "ok");
        inc_approvals("whatsapp", "ok");
        inc_approvals("telegram", "expired");
        assert_eq!(approvals_total("whatsapp", "ok"), 2);
        assert_eq!(approvals_total("telegram", "expired"), 1);
        assert_eq!(approvals_total("whatsapp", "expired"), 0);
    }

    #[test]
    fn codes_expired_accumulates() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        add_codes_expired(3);
        add_codes_expired(2);
        assert_eq!(codes_expired_total(), 5);
    }

    #[test]
    fn bootstrap_tokens_per_profile() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        inc_bootstrap_tokens_issued("default");
        inc_bootstrap_tokens_issued("staging");
        inc_bootstrap_tokens_issued("default");
        assert_eq!(bootstrap_tokens_issued_total("default"), 2);
        assert_eq!(bootstrap_tokens_issued_total("staging"), 1);
    }

    #[test]
    fn requests_pending_inc_dec_clamp() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        inc_requests_pending("whatsapp");
        inc_requests_pending("whatsapp");
        assert_eq!(requests_pending("whatsapp"), 2);
        dec_requests_pending("whatsapp");
        assert_eq!(requests_pending("whatsapp"), 1);
        dec_requests_pending("whatsapp");
        dec_requests_pending("whatsapp"); // would underflow
        assert_eq!(requests_pending("whatsapp"), 0);
    }

    #[test]
    fn requests_pending_sub_clamp() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        for _ in 0..5 {
            inc_requests_pending("telegram");
        }
        sub_requests_pending("telegram", 3);
        assert_eq!(requests_pending("telegram"), 2);
        sub_requests_pending("telegram", 99); // clamps
        assert_eq!(requests_pending("telegram"), 0);
    }

    #[test]
    fn set_pending_authoritative() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        set_requests_pending("whatsapp", 7);
        assert_eq!(requests_pending("whatsapp"), 7);
        set_requests_pending("whatsapp", 0);
        assert_eq!(requests_pending("whatsapp"), 0);
        set_requests_pending("whatsapp", -3); // clamps
        assert_eq!(requests_pending("whatsapp"), 0);
    }

    #[test]
    fn render_zero_when_empty() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        let mut s = String::new();
        render(&mut s);
        assert!(s.contains("pairing_approvals_total{channel=\"\",result=\"\"} 0"));
        assert!(s.contains("pairing_codes_expired_total 0"));
        assert!(s.contains("pairing_bootstrap_tokens_issued_total{profile=\"\"} 0"));
        assert!(s.contains("pairing_requests_pending{channel=\"\"} 0"));
    }

    #[test]
    fn render_emits_values() {
        let _g = TEST_LOCK.lock().unwrap_or_else(|p| p.into_inner());
        reset_for_test();
        inc_approvals("whatsapp", "ok");
        add_codes_expired(4);
        inc_bootstrap_tokens_issued("default");
        set_requests_pending("telegram", 2);
        let mut s = String::new();
        render(&mut s);
        assert!(s.contains("pairing_approvals_total{channel=\"whatsapp\",result=\"ok\"} 1"));
        assert!(s.contains("pairing_codes_expired_total 4"));
        assert!(s.contains("pairing_bootstrap_tokens_issued_total{profile=\"default\"} 1"));
        assert!(s.contains("pairing_requests_pending{channel=\"telegram\"} 2"));
    }
}