refactor: streamline public key retrieval by consolidating procedures into ServerService

[sampaiodiego]

… into ServerService

Summary by CodeRabbit

• New Features

  • Added an endpoint to fetch the server’s public signing key in Base64.
  • Centralized public-key retrieval via a server service that handles local/remote keys and caching.

• Refactor

  • Removed legacy wrapper and file-based key loading; switched to in-memory key caching and runtime generation.
  • Updated authorization and event processing to use the centralized server service for signature verification.

• Chores

  • Cleaned up deprecated exports and related dependencies.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Public key retrieval was refactored: the cached/local procedure was removed from core, leaving only direct remote fetching. The SDK introduces ServerService.getPublicKey with local/cached/remote resolution, updates EventService and EventAuthorizationService to use it, and modifies ConfigService to cache in-memory signing keys and expose a base64 public key accessor.

Changes

Cohort / File(s)	Summary
Core: Public key retrieval exports packages/core/src/index.ts, packages/core/src/procedures/getPublicKeyFromServer.ts	Removed export and implementation of makeGetPublicKeyFromServerProcedure; retained getPublicKeyFromRemoteServer for direct remote fetch, validation, and signature verification.
SDK: Server service introduction packages/federation-sdk/src/services/server.service.ts	Added ServerService.getPublicKey(origin, key) to return local key for same-origin, consult local cache, or fetch via getPublicKeyFromRemoteServer, cache the result, and return it.
SDK: Event services integration packages/federation-sdk/src/services/event.service.ts, packages/federation-sdk/src/services/event-authorization.service.ts	Replaced direct federation-core public-key retrieval and removed makeGetPublicKeyFromServerProcedure usage; injected ServerService into constructors and updated signature verification call sites to use serverService.getPublicKey.
SDK: Config service key caching packages/federation-sdk/src/services/config.service.ts	Removed file-based loadSigningKey; added in-memory serverKeys: SigningKey[] caching, adjusted getSigningKey to generate/cache at runtime, and added getPublicSigningKeyBase64(): Promise<string>.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Client
  participant ES as EventService
  participant SS as ServerService
  participant Cache as Local Key Cache
  participant Core as federation-core
  participant Remote as Remote Server

  Client->>ES: deliver event (origin, signatures)
  ES->>SS: getPublicKey(origin, keyId)
  alt origin == local server
    SS-->>ES: return local public key (base64)
  else
    SS->>Cache: lookup(origin, keyId)
    alt cache hit & valid
      Cache-->>SS: cached public key
      SS-->>ES: return cached key
    else cache miss/expired
      SS->>Core: getPublicKeyFromRemoteServer(origin, serverName, keyId)
      Core->>Remote: fetch signed key & metadata
      Remote-->>Core: signed key + validUntil
      Core-->>SS: public key + validUntil
      SS->>Cache: store(key, validUntil)
      SS-->>ES: return fetched key
    end
  end
  ES-->>Client: continue verification with obtained key

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~55 minutes

Possibly related PRs

• fix: missing events not being processed properly #212 — Modifies event signature validation/public-key retrieval flow in EventService, touching the same verification/public-key resolution logic.

Suggested reviewers

• rodrigok
• ggazzo

Poem

I thump my paws on keys so bright,
Cached carrots stashed for every flight.
No extra burrow—fetch, verify, store,
Hop, sign, and bounce to the next door.
Tiny rabbit, keys secure, forevermore. 🐇🔑

Pre-merge checks and finishing touches and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely states the primary change: a refactor that consolidates public key retrieval logic into a ServerService and streamlines its usage. It accurately reflects the removal of legacy procedures and the introduction of a unified ServerService across core and SDK packages, making the scope and intent clear to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e83af5b and 5d9e401.

📒 Files selected for processing (6)

• packages/core/src/index.ts (1 hunks)
• packages/core/src/procedures/getPublicKeyFromServer.ts (0 hunks)
• packages/federation-sdk/src/services/config.service.ts (4 hunks)
• packages/federation-sdk/src/services/event-authorization.service.ts (3 hunks)
• packages/federation-sdk/src/services/event.service.ts (4 hunks)
• packages/federation-sdk/src/services/server.service.ts (2 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 16.66667% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.67%. Comparing base (e83af5b) to head (5d9e401).

Files with missing lines	Patch %	Lines
...ages/federation-sdk/src/services/config.service.ts	16.66%	10 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #226      +/-   ##
==========================================
+ Coverage   81.07%   81.67%   +0.59%     
==========================================
  Files          63       63              
  Lines        4719     4682      -37     
==========================================
- Hits         3826     3824       -2     
+ Misses        893      858      -35     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.