From 10d82124fe2ddcc1faaf27c8493752ca65770144 Mon Sep 17 00:00:00 2001
From: "Michael Bradley, Jr" <michaelsbradleyjr@gmail.com>
Date: Thu, 29 Oct 2020 20:53:34 -0500
Subject: [PATCH] refactor: embed Infura key at compile time

Allow environmental override at runtime. Also, in the Makefile set a free-tier
default token so that setting up an Infura account isn't strictly necessary for
community contributors to build the app, even though in our docs it should be
recommended they do so.

Core contributors should setup their own free-tier Infura account, create a
key, and set it in the environment variable INFURA_TOKEN in their environment
used to build the desktop app locally.

There is one aspect of this work that is incomplete. Ideally, in the handler
for the `login` event the relevant settings in the database should always be
updated with the resolved Infura key. However, when calling
`getSetting[string](Setting.Networks_Networks)` in the handler it causes a
segfault every time. Neither the reason for the crash nor a workaround have
been worked out at this time.
---
 Makefile                                    | 12 +++++-
 ci/Jenkinsfile.linux                        | 10 ++---
 ci/Jenkinsfile.macos                        | 47 +++++++++------------
 src/status/libstatus/accounts/constants.nim | 26 +++++++++---
 4 files changed, 53 insertions(+), 42 deletions(-)

diff --git a/Makefile b/Makefile
index c4df5b6f57..c4d63ce4b1 100644
--- a/Makefile
+++ b/Makefile
@@ -215,11 +215,11 @@ $(FLEETFILE): | deps
 		| jq --indent 4 --sort-keys . \
 		> fleets.json
 
-remove-fleet: 
+remove-fleet:
 	rm -f fleets.json
 
 update-fleets: remove-fleet $(FLEETFILE)
-  
+
 rcc:
 	echo -e $(BUILD_MSG) "resources.rcc"
 	rm -f ./resources.rcc
@@ -227,6 +227,14 @@ rcc:
 	./ui/generate-rcc.sh
 	rcc -binary ui/resources.qrc -o ./resources.rcc
 
+# default token is a free-tier token with limited capabilities and usage
+# limits; our docs should include directions for community contributor to setup
+# their own Infura account and token instead of relying on this default token
+# during development
+DEFAULT_TOKEN := 220a1abb4b6943a093c35d0ce4fb0732
+INFURA_TOKEN ?= $(DEFAULT_TOKEN)
+NIM_PARAMS += -d:INFURA_TOKEN:"$(INFURA_TOKEN)"
+
 nim_status_client: | $(DOTHERSIDE) $(STATUSGO) $(QRCODEGEN) $(FLEETFILE) rcc deps
 	echo -e $(BUILD_MSG) "$@" && \
 		$(ENV_SCRIPT) nim c $(NIM_PARAMS) --passL:"-L$(STATUSGO_LIBDIR)" --passL:"-lstatus" $(NIM_EXTRA_PARAMS) --passL:"$(QRCODEGEN)" --passL:"-lm" src/nim_status_client.nim && \
diff --git a/ci/Jenkinsfile.linux b/ci/Jenkinsfile.linux
index 1eb7074d0b..79f7749d66 100644
--- a/ci/Jenkinsfile.linux
+++ b/ci/Jenkinsfile.linux
@@ -51,21 +51,17 @@ pipeline {
       steps { sh 'make status-go' }
     }
 
-    stage('Client') {
-      steps { 
+    stage('Package') {
+      steps {
         withCredentials([string(
           credentialsId: utils.getInfuraTokenCred(),
           variable: 'INFURA_TOKEN'
         )]) {
-          sh 'make nim_status_client'
+          sh 'make pkg-linux'
         }
       }
     }
 
-    stage('Package') {
-      steps { sh 'make pkg-linux' }
-    }
-
     stage('Parallel Upload') {
       parallel {
         stage('Upload') {
diff --git a/ci/Jenkinsfile.macos b/ci/Jenkinsfile.macos
index e8715f9412..97286b6f23 100644
--- a/ci/Jenkinsfile.macos
+++ b/ci/Jenkinsfile.macos
@@ -47,36 +47,31 @@ pipeline {
       steps { sh 'make status-go' }
     }
 
-    stage('Client') {
-      steps { 
-        withCredentials([string(
-          credentialsId: utils.getInfuraTokenCred(),
-          variable: 'INFURA_TOKEN'
-        )]) {
-          sh 'make nim_status_client'
+    stage('Package') {
+      steps {
+        withCredentials([
+          string(
+            credentialsId: 'macos-keychain-identity',
+            variable: 'MACOS_CODESIGN_IDENT'
+          ),
+          string(
+            credentialsId: 'macos-keychain-pass',
+            variable: 'MACOS_KEYCHAIN_PASS'
+          ),
+          file(
+            credentialsId: 'macos-keychain-file',
+            variable: 'MACOS_KEYCHAIN_FILE'
+          ),
+          string(
+            credentialsId: utils.getInfuraTokenCred(),
+            variable: 'INFURA_TOKEN'
+          )
+        ]) {
+          sh 'make pkg-macos'
         }
       }
     }
 
-    stage('Package') { steps {
-      withCredentials([
-        string(
-          credentialsId: 'macos-keychain-identity',
-          variable: 'MACOS_CODESIGN_IDENT'
-        ),
-        string(
-          credentialsId: 'macos-keychain-pass',
-          variable: 'MACOS_KEYCHAIN_PASS'
-        ),
-        file(
-          credentialsId: 'macos-keychain-file',
-          variable: 'MACOS_KEYCHAIN_FILE'
-        ),
-      ]) {
-        sh 'make pkg-macos'
-      }
-    } }
-
     stage('Parallel Upload') {
       parallel {
         stage('Upload') {
diff --git a/src/status/libstatus/accounts/constants.nim b/src/status/libstatus/accounts/constants.nim
index 3fd1ee836a..6ad50b118a 100644
--- a/src/status/libstatus/accounts/constants.nim
+++ b/src/status/libstatus/accounts/constants.nim
@@ -16,6 +16,18 @@ const PATH_DEFAULT_WALLET* = PATH_WALLET_ROOT & "/0"
 # EIP1581 Chat Key 0, the default whisper key
 const PATH_WHISPER* = PATH_EIP_1581 & "/0'/0"
 
+# set via `nim c` param `-d:INFURA_TOKEN:[token]`; should be set in CI/release builds
+const INFURA_TOKEN {.strdefine.} = ""
+# allow runtime override via environment variable; core contributors can set a
+# release token in this way for local development
+let INFURA_TOKEN_ENV = $getEnv("INFURA_TOKEN")
+
+let INFURA_TOKEN_RESOLVED =
+  if INFURA_TOKEN_ENV != "":
+    INFURA_TOKEN_ENV
+  else:
+    INFURA_TOKEN
+
 let DEFAULT_NETWORKS* = %* [
   {
     "id": "testnet_rpc",
@@ -26,7 +38,7 @@ let DEFAULT_NETWORKS* = %* [
       "DataDir": "/ethereum/testnet_rpc",
       "UpstreamConfig": {
         "Enabled": true,
-        "URL": "https://ropsten.infura.io/v3/7230123556ec4a8aac8d89ccd0dd74d7"
+        "URL": "https://ropsten.infura.io/v3/" & INFURA_TOKEN_RESOLVED
       }
     }
   },
@@ -39,7 +51,7 @@ let DEFAULT_NETWORKS* = %* [
       "DataDir": "/ethereum/rinkeby_rpc",
       "UpstreamConfig": {
         "Enabled": true,
-        "URL": "https://rinkeby.infura.io/v3/7230123556ec4a8aac8d89ccd0dd74d7"
+        "URL": "https://rinkeby.infura.io/v3/" & INFURA_TOKEN_RESOLVED
       }
     }
   },
@@ -65,7 +77,7 @@ let DEFAULT_NETWORKS* = %* [
       "DataDir": "/ethereum/mainnet_rpc",
       "UpstreamConfig": {
         "Enabled": true,
-        "URL": "https://mainnet.infura.io/v3/7230123556ec4a8aac8d89ccd0dd74d7"
+        "URL": "https://mainnet.infura.io/v3/" & INFURA_TOKEN_RESOLVED
       }
     }
   },
@@ -133,16 +145,16 @@ var NODE_CONFIG* = %* {
     "MaxMessageDeliveryAttempts": 6,
     "PFSEnabled": true,
     "VerifyENSContractAddress": "0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e",
-    "VerifyENSURL": "https://mainnet.infura.io/v3/7230123556ec4a8aac8d89ccd0dd74d7",
+    "VerifyENSURL": "https://mainnet.infura.io/v3/" & INFURA_TOKEN_RESOLVED,
     "VerifyTransactionChainID": 1,
-    "VerifyTransactionURL": "https://mainnet.infura.io/v3/7230123556ec4a8aac8d89ccd0dd74d7"
+    "VerifyTransactionURL": "https://mainnet.infura.io/v3/" & INFURA_TOKEN_RESOLVED
   },
   "StatusAccountsConfig": {
     "Enabled": true
   },
   "UpstreamConfig": {
     "Enabled": true,
-    "URL": "https://mainnet.infura.io/v3/7230123556ec4a8aac8d89ccd0dd74d7"
+    "URL": "https://mainnet.infura.io/v3/" & INFURA_TOKEN_RESOLVED
   },
   "WakuConfig": {
     "BloomFilterMode": nil,
@@ -189,4 +201,4 @@ let clientDir =
 
 let DATADIR* = joinPath(clientDir, "data") & sep
 let KEYSTOREDIR* = joinPath(clientDir, "data", "keystore") & sep
-let TMPDIR* = joinPath(clientDir, "tmp") & sep
\ No newline at end of file
+let TMPDIR* = joinPath(clientDir, "tmp") & sep