strato

#!/usr/bin/env bash
set -e

Green='\033[0;32m'
Red='\033[0;31m'
Yellow='\033[0;33m'
BYellow='\033[1;33m'
NC='\033[0m'


function outputLogo {
echo "
    ____  __           __   ___                        _______________  ___  __________  
   / __ )/ /___  _____/ /__/   |  ____  ____  _____   / ___/_  __/ __ \/   |/_  __/ __ \ 
  / __  / / __ \/ ___/ //_/ /| | / __ \/ __ \/ ___/   \__ \ / / / /_/ / /| | / / / / / / 
 / /_/ / / /_/ / /__/ ,< / ___ |/ /_/ / /_/ (__  )   ___/ // / / _, _/ ___ |/ / / /_/ /  
/_____/_/\____/\___/_/|_/_/  |_/ .___/ .___/____/   /____//_/ /_/ |_/_/  |_/_/  \____/   
                              /_/   /_/                                                  
"
}

function help {
  outputLogo
  echo -e "${BYellow}STRATO run script${NC}
Kickstart the STRATO node.

${Yellow}Optional flags:${NC}
The entrypoints are mutually exclusive.
--help|-h     - this help.
--version|-v  - show strato-getting-started script version.
--stop        - stop STRATO containers (keeps containers and volumes.)
--start       - start the existing STRATO containers after they were stopped (the opposite to --stop.)
--down        - remove strato containers and leave all volumes intact.
--wipe        - stop and remove STRATO containers and wipe out volumes.
--compose     - fetch the latest stable docker-compose.yml.
--pull        - pull images used in docker-compose.yml.
--get-address - get the address of the running node.
--get-pubkey  - get the public key of the running node.
--get-validators          - get the list of validating nodes in the network on the running node.
--get-metadata            - get the node's metadata in JSON format.
--fetch-logs          - fetch all STRATO logs into strato_logs.zip (for more info and options refer to './fetchlogs --help'.)
--fetch-logs-with-db  - fetch all STRATO logs and database dump into strato_logs.zip (WARNING: database data may be sensitive; for more info and options refer to './fetchlogs --help'.)

${Yellow}Optional flags for STRATO:${NC}
--single              - run the single node.

${Yellow}Environment variables:${NC}
NODE_HOST          - (default: localhost) the hostname or IP of the machine (used for APIs and Dashboard).
BOOT_NODE_IP       - IP address of the boot node to connect to (required for secondary node to discover other peers), ignored when used with --single flag.
HTTP_PORT          - (default: 80) Port for HTTP traffic listener.
HTTPS_PORT         - (default: 443) Port for HTTPS traffic listener; only used with ssl=true.
generateKey        - (default: true) [true|false] Whether or not to generate this node's key - set this to false if migrating an old node with an existing key.
isRootNode         - (default: false) [true|false] Whether or not to make this node the initial PBFT validator and admin.
isAdmin            - (default: true) [true|false] Whether or not to make this node its own PBFT admin.
blockstanbulAdmins - (default: []) Optional list of PBFT admins who can send votes to this node.
validators         - (default: []) List of initial PBFT validators.
ssl                - (default: false) [true|false] to run the node with SSL/TLS.
sslCertFileType    - (default: pem) [pem|crt] the SSL certificate type and file extension (should be accessible at ./ssl/certs/server.<sslCertFileType> at deploy time.)
OAUTH_DISCOVERY_URL         - (can be derived by network) OAuth provider's OpenID Connect discovery URL.
OAUTH_CLIENT_ID             - (required) Client ID of OAuth provider valid for the future STRATO url (http(s)://<NODE_HOST>:<HTTP_PORT/HTTPS_PORT>).
OAUTH_CLIENT_SECRET         - (required) Client Secret for the client ID specified.
OAUTH_SCOPE                 - (default: 'openid email profile') The openid scopes used in session cookie verification
OAUTH_VAULT_PROXY_ALT_CLIENT_ID     - (optional) Alternative client id to use in Vault Proxy within STRATO Core for Client Credentials Grant flow (used when Identity Provider does not support multiple grant flows on a single client (e.g. AWS Cognito))
OAUTH_VAULT_PROXY_ALT_CLIENT_SECRET - (optional) Client secret for alternative client id
VAULT_URL                   - (default: BlockApps Vault) The URL of STRATO Vault in the format '<protocol>://<hostname>:<port>' (e.g. https://example.com or https://example.com:8090)

Marketplace App variables:
MP_IS_BOOTNODE                    - (default: false) [true|false] Whether or not to run the Markeplace in boot node mode or connect to the existing marketplace deployment based on address provided in MP_DAPP_ADDRESS
MP_DAPP_ADDRESS                   - (default: c93f9a422a4508a6501a63537291128122f7bcf2) When in MP_IS_BOOTNODE=false mode, this address is used to connect to the existing Marketplace contract on the chain
STRIPE_PAYMENT_SERVER_URL         - (can be derived by network) URL of payment server be used in the Marketplace App
FILE_SERVER_URL                   - (can be derived by network) URL of file server be used in the Marketplace App
GLOBAL_ADMIN_NAME                 - (required for STRATO versions bundled with Marketplace and running in MP_IS_BOOTNODE=true mode)
GLOBAL_ADMIN_PASSWORD             - (required for STRATO versions bundled with Marketplace and running in MP_IS_BOOTNODE=true mode)
"
}

function wipe {
  echo -e "${Yellow}Removing STRATO containers and wiping out volumes${NC}"
  ${docker_compose} down -v -t 0 --remove-orphans
}

function down {
  echo -e "${Yellow}Removing STRATO containers${NC}"
  ${docker_compose} down --remove-orphans
}

function stop {
  echo -e "${Yellow}Gently stopping STRATO containers${NC}"
  ${docker_compose} stop
}

function start {
  echo -e "${Yellow}Starting the earlier stopped STRATO containers${NC}"
  ${docker_compose} start
}

function getCompose {
  echo -e "${Yellow}Downloading the latest stable version of docker-compose.yml...${NC}"
  curl -fLo docker-compose.yml https://github.com/blockapps/strato-getting-started/releases/download/$(curl -s -L https://github.com/blockapps/strato-getting-started/releases/latest | grep -om1 '"/blockapps/strato-getting-started/releases/tag/[^"]*' | grep -oE "[^/]+$")/docker-compose.yml
  echo -e "${Yellow}docker-compose.yml downloaded successfully.${NC}"
}

function pullImages {
  ${docker_compose} pull
}

function getMetadata {
  if [[ -n $(docker ps | grep strato${CNAME_SEP}strato${CNAME_SEP}1) ]]; then
    METADATA_RESP=$(sudo docker exec strato${CNAME_SEP}nginx${CNAME_SEP}1 curl -s -w $%{http_code} -X GET http://strato:3000/eth/v1.2/metadata | tr '\n' ' ')
    METADATA_RESP_STATUS=$(cut -d$ -f2 <<< ${METADATA_RESP})
    METADATA_RESP_CONTENT=$(cut -d$ -f1 <<< ${METADATA_RESP})
    case "${METADATA_RESP_STATUS}" in
      200):
        echo "${METADATA_RESP_CONTENT}"
        ;;
      000):
        echo -e "${Red}Metadata endpoint is unreachable through strato docker network${NC}"
        ;;      
      *):
        echo -e "${Red}Error: Unknown response from metadata endpoint${NC}"
        exit 24
        ;;
    esac
  else
    echo -e "${Red}STRATO is not running. Start STRATO to get the node's metadata${NC}"
    exit 20
  fi
}

function _outputMetadataValue {
  metadata=$(getMetadata)
  if (which jq > /dev/null); then
    echo "${metadata}" | jq -r ".$1"
  else
    # Using text processing with awk is not the best idea as validators may have any name including the names of properties of json. So just exit if no jq found.
    echo "Please install 'jq' library for that feature or use --get-metadata to get a plain response of metadata API endpoint"
    exit 27
  fi
}

function getAddress {
  _outputMetadataValue nodeAddress
}

function getPublicKey {
  _outputMetadataValue nodePubKey
}

function getValidators {
  _outputMetadataValue validators
}

function fetchLogs {
  if [[ "$1" = withdb ]]; then
    withdb_flag="--db-dump"
  fi
  python3 fetchlogs ${withdb_flag}
}

if [ ! -f $(pwd)/strato ]; then
    echo -e "${Red}Should be run from within the strato-getting-started directory. Exit.${NC}"
    exit 4
fi

if ! docker ps &> /dev/null
then
    echo -e "${Red}Error: docker is required: https://www.docker.com/ . If you have it installed - you may need to run STRATO with sudo user${NC}"
    exit 1
fi

if ! docker compose version  &> /dev/null && ! docker-compose -v  &> /dev/null
then
    echo -e "${Red}Error: Docker Compose is required: https://docs.docker.com/compose/install/"
    exit 2
else
  if ! docker compose version &> /dev/null
  then
    docker_compose="docker-compose -p strato --log-level ERROR"
    CNAME_SEP="_"
  else
    # The `-f docker-compose.yml` is required for the command to work correctly despite it's the default (docker bug?)
    docker_compose="docker -l error compose -p strato -f docker-compose.yml"
    CNAME_SEP="-"
  fi
fi

while [ ${#} -gt 0 ]; do
  case "${1}" in
  --help|-h)
    help
    exit 0
    ;;
  --version|-v)
    echo "$(<VERSION)"
    exit 0
    ;;
  --stop)
    stop
    exit 0
    ;;
  --start)
    start
    exit 0
    ;;
  --down)
    down
    exit 0
    ;;
  --wipe)
    wipe
    exit 0
    ;;
  --single)
    node_type=single
    ;;
  --compose)
    getCompose
    exit 0
    ;;
  --pull)
    pullImages
    exit 0
    ;;
  --fetch-logs)
    fetchLogs
    exit 0
    ;;
  --fetch-logs-with-db)
    fetchLogs "withdb"
    exit 0
    ;;
  --set-password)
    echo -e "${BYellow}./strato --set-password is removed. Use ./vault --set-password for nodes with separate STRATO Vault.${NC}"
    exit 25
    ;;
  --get-address)
    getAddress
    exit 0
    ;;
  --get-pubkey)
    getPublicKey
    exit 0
    ;;
  --get-validators)
    getValidators
    exit 0
    ;;
  --get-metadata)
    getMetadata
    exit 0
    ;;
  *)
    echo -e "${Red}Unknown flag ${1} provided, please check --help. Exit.${NC}"
    exit 5
    ;;
  esac
  shift 1
done

outputLogo

if [ ! -f docker-compose.yml ]
then
  getCompose
else
  echo -e "${BYellow}Using the existing docker-compose.yml (to download the most recent stable version - remove the file and restart the script)${NC}"
fi

STRATOGS_REQUIRED_VERSION=$(grep strato-getting-started-min-version docker-compose.yml | awk -F":" '{print $NF}')
if [ ${STRATOGS_REQUIRED_VERSION} ]; then
  STRATOGS_CURRENT_VERSION=$(< VERSION)
  if ! awk -v VER=${STRATOGS_CURRENT_VERSION//.} -v REQ_VER=${STRATOGS_REQUIRED_VERSION//.} 'BEGIN {exit (VER < REQ_VER)}'
  then
      echo -e "${Red}The STRATO version from docker-compose.yml is incompatible with this strato-getting-started. Please update to v${STRATOGS_REQUIRED_VERSION}."
      exit 12
  fi
fi

export NODE_HOST=${NODE_HOST:-localhost}
export HTTP_PORT=${HTTP_PORT:-80}
export HTTPS_PORT=${HTTPS_PORT:-443}
export ssl=${ssl:-false}
if [ "$ssl" = true ] ; then
  http_protocol=https
  main_port=${HTTPS_PORT}
else
  http_protocol=http
  main_port=${HTTP_PORT}
  # To be enabled in future (pending the check finalized in the platform)
  #if [[ ! "$VAULT_URL" == *"172.17.0.1"* ]]; then
  #  echo "Expected VAULT_URL to start with 'https://' or 'http://172.17.0.1'"
  #  exit 14
  #else
  #  echo "Running Vault on http with NODE_HOST IP 172.17.0.1(debug mode)"
  #fi
fi
export sslCertFileType=${sslCertFileType:-pem}
export NODE_NAME=${NODE_NAME:-$NODE_HOST}
export isAdmin=${isAdmin:-true}

if [[ -z ${OAUTH_CLIENT_ID} || -z ${OAUTH_CLIENT_SECRET} ]] ; then
  echo -e "${Red} OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET are required\nFor additional help see './strato --help'${NC}"
  exit 13
fi

# Additional env vars check for version of STRATO with marketplace
if grep "marketplace" docker-compose.yml > /dev/null; then
  if [ "${MP_IS_BOOTNODE}" = "true" ]; then
    if [[ -z ${GLOBAL_ADMIN_NAME} || -z ${GLOBAL_ADMIN_PASSWORD} ]] ; then
      echo -e "${Red}MP_IS_BOOTNODE=true but there were no GLOBAL_ADMIN_NAME or GLOBAL_ADMIN_PASSWORD values provided\nFor additional help see './strato --help${NC}"
      exit 15
    fi
  fi
fi

echo "" && echo "*** Common Config ***"
echo "NODE_HOST: $NODE_HOST"
echo "HTTP_PORT: $HTTP_PORT"
echo "HTTPS_PORT: $HTTPS_PORT"
echo "ssl: $ssl"
echo "sslCertFileType: $sslCertFileType"
echo "NODE_NAME: $NODE_NAME"
echo "OAUTH_DISCOVERY_URL: ${OAUTH_DISCOVERY_URL:-not set}"
echo "OAUTH_CLIENT_ID: $(if [ -z ${OAUTH_CLIENT_ID} ]; then echo "not set"; else echo "is set"; fi)"
echo "OAUTH_CLIENT_SECRET: $(if [ -z ${OAUTH_CLIENT_SECRET} ]; then echo "not set"; else echo "is set"; fi)"
echo "OAUTH_JWT_USER_ID_CLAIM: ${OAUTH_JWT_USER_ID_CLAIM:-not set (using default)}"
echo "OAUTH_SCOPE: ${OAUTH_SCOPE:-not set (using default)}"
echo "VAULT_URL: ${VAULT_URL}"

if [ "${node_type}" == "single" ]
then
  echo "" && echo -e "${BYellow}Running single node with PBFT-blockstanbul${NC}"
  export blockstanbul=true
  export generateKey=${generateKey:-true}
  export isAdmin=true
  export isRootNode=true
  # Generate random networkID if not provided for --single mode
  export networkID=${networkID:-$(($RANDOM * $RANDOM * $RANDOM))}

else
  if [[ ${generateKey} = false ]]; then
    echo -e "\n${BYellow}WARNING: STRATO was started with generateKey=false. The node will not start until you manually insert a key into the vault using the migrate-nodekey script${NC}"
  fi
 
  export blockstanbul=true
  export validators=${validators}
  export blockstanbulAdmins=${blockstanbulAdmins}
  export isAdmin=${isAdmin:-true}
  export isRootNode=${isRootNode:-false}
  export generateKey=${generateKey:-true}
  export numMinPeers=${numMinPeers:-5}
  
  
  BOOT_NODE_IP=${BOOT_NODE_IP:-${BOOT_NODE_HOST}} # Backwards compatibility for old deprecated BOOT_NODE_HOST var name
  if [ -n "$BOOT_NODE_IP" ]
  then
    export bootnode=${BOOT_NODE_IP}
    echo "bootnode: $bootnode"
  fi
fi

echo "blockstanbul: $blockstanbul"
echo "validators: $validators"
echo "blockstanbulAdmins: $blockstanbulAdmins"
echo "isAdmin: $isAdmin"
echo "isRootNode: $isRootNode"
echo "generateKey: $generateKey"
echo "numMinPeers: $numMinPeers"
echo "networkID: ${networkID:-unset - using default}"

if [[ -e "genesis-block.json" && -z ${genesis+x} ]]
then
  export genesisBlock=$(< genesis-block.json)
fi
if [ -z ${genesisBlock+x} ]
then
  echo "Genesis block is not set (using default)"
else
  echo "Using genesis block from genesis-block.json"
fi

# PARAMETERS VALIDATION
if [ ${HTTP_PORT} = ${HTTPS_PORT} ]; then
  echo -e "${Red}Can not bind HTTP and HTTPS listeners to same port (${HTTP_PORT})${NC}"
  exit 7
fi
# Make sure NODE_HOST contains port if custom port is provided
if [ ${main_port} != "80" ] && [ ${main_port} != "443" ] && [[ ${NODE_HOST} != *":${main_port}" ]]; then
  echo -e "${Red}NODE_HOST should contain the port if custom port is set with HTTP_PORT (for non-ssl) or HTTPS_PORT (for ssl). Expected: NODE_HOST=hostname:${main_port}${NC}"
  exit 8
fi
## END OF PARAMETERS VALIDATION

# COMPOSE FILE PRE-PROCESSING
function cleanup {
  rm docker-compose-temp.yml
}
trap cleanup EXIT

if [ "$ssl" != true ]; then
  sed -n '/#TAG_REMOVE_WHEN_NO_SSL/!p' docker-compose.yml > docker-compose-temp.yml
else
  if [ ${HTTPS_PORT} != "443" ]; then
    sed -n '/#TAG_REMOVE_WHEN_SSL_CUSTOM_HTTPS_PORT/!p' docker-compose.yml > docker-compose-temp.yml
  else
    cp docker-compose.yml docker-compose-temp.yml
  fi
fi
# END OF COMPOSE FILE PRE-PROCESSING

${docker_compose} -f docker-compose-temp.yml up -d --remove-orphans

# WAIT FOR STRATO TO RUN
started=$(date +%s)
timeout=180
hc_container=$(${docker_compose} ps | grep '_nginx_' | awk '{print $1}')

printf "Waiting for STRATO to rise and shine"
i=0
while ! [[ -n $(docker ps -q -f name=${hc_container} -f health=healthy) ]];  do
  if [[ $(date +%s) -ge ${started}+${timeout} ]]; then
    echo -e "\n${Red}Node did not start within ${timeout}sec. See 'docker ps' for additional info. Exit.${NC}"
    exit 22
  fi
  i=$((i + 1))
  if [[ $((i % 4)) -eq 0 ]]; then printf '\b\b\b   \b\b\b'; else printf '.'; fi
  sleep 0.3
done
printf "\n"

echo -e "\n${Green}STRATO has awoken. Check ${http_protocol}://${NODE_HOST}${NC}"
# END OF WAIT FOR STRATO TO RUN