Skip to main content

Crate dig_rpc

Crate dig_rpc 

Source
Expand description

§dig-rpc

Axum-based JSON-RPC server for the DIG Network fullnode / validator / future wallet. Couples dig-service lifecycle hooks with the dig-rpc-types wire contract, adding:

  • mTLS transport (rustls) with server certs on either a private CA (internal admin port) or a public CA (read-only public port).
  • Cert-CN / SAN → Role mapping via RoleMap.
  • Per-method metadata (MethodMeta) governing min_role, rate-limit bucket, and whether the method is exposed on the public port.
  • Tower middleware stack: request-id, panic-catch, audit, rate-limit, allow-list.
  • Graceful shutdown integrated with dig_service::ShutdownToken.

§Scope — v0.1

v0.1 focuses on the JSON-RPC wire layer and the Tower-layered middleware stack, with TLS server-auth. Full mTLS client-cert verification is wired in via rustls::server::WebPkiClientVerifier but the authenticated-cert → Role resolution uses a pluggable trait so binaries can substitute dev-mode stubs. Production binaries plug in the full cert parsing path (provided) or their own overrides.

§Architecture

  HTTP request
      │
      ▼
  ┌──────────────────────────────────────────────────────┐
  │ tower::Service<Request>  (Axum router)               │
  │ ↓ RequestIdLayer                                     │
  │ ↓ PanicCatchLayer                                    │
  │ ↓ AuthLayer       — TLS peer → Role                  │
  │ ↓ RateLimitLayer  — (peer_key, method) bucket        │
  │ ↓ AllowListLayer  — role >= method.min_role?         │
  │ ↓ Body parse      — JsonRpcRequest<serde_json::Value>│
  │ ↓ RpcApi::dispatch (from dig-service)                │
  │ ↓ Envelope response                                  │
  │ ↓ AuditLayer                                         │
  └──────────────────────────────────────────────────────┘

Re-exports§

pub use dispatch::dispatch_envelope;
pub use error::RpcServerError;
pub use method::MethodClass;
pub use method::MethodMeta;
pub use method::MethodRegistry;
pub use method::RateBucket;
pub use role::CertMatcher;
pub use role::Role;
pub use role::RoleMap;
pub use server::RpcServer;
pub use server::RpcServerMode;
pub use tls::InternalCertPaths;
pub use tls::PublicCertPaths;
pub use tls::TlsConfig;

Modules§

dispatch
JSON-RPC envelope → RpcApi::dispatch adapter.
error
Server-level errors (NOT per-request — per-request errors are JSON-RPC envelopes defined in dig-rpc-types).
method
Per-method metadata — used by the middleware to gate access and attribute rate limits.
middleware
Tower middleware layers applied to every RPC request.
role
Peer role resolution.
server
The RpcServer — Axum-based JSON-RPC server with lifecycle integration for dig_service::ShutdownToken.
tls
TLS / mTLS configuration loading.

Structs§

JsonRpcError
The error body of a JSON-RPC 2.0 failure response.
JsonRpcRequest
A JSON-RPC 2.0 request envelope.
JsonRpcResponse
A JSON-RPC 2.0 response envelope.
ShutdownToken
A cancellation token with a typed ShutdownReason.

Enums§

ErrorCode
Stable JSON-RPC error code.
JsonRpcResponseBody
The body of a response: either a successful result or an error.

Traits§

RpcApi
JSON-RPC dispatcher.