allow dynamic plugin loading; no more exceptions

fix npm run scripts

fix plugin loading

fix custom route installation

fix inconsistent log messages

Author: chfanghr

package-lock.json

@@ -35,6 +35,7 @@
     "passport": "^0.6.0",
     "passport-jwt": "^4.0.1",
     "passport-strategy": "^1.0.0",
+    "path": "^0.12.7",
     "yaml": "^2.3.2",
     "zod": "^3.22.2"
   },

package.json

@@ -0,0 +1,140 @@
+import * as path from 'path';
+import { IMinAuthPlugin, IMinAuthPluginFactory } from './pluginType';
+import * as R from 'fp-ts/Record';
+import { pipe } from 'fp-ts/function';
+import { TaskEither } from 'fp-ts/TaskEither';
+import * as T from 'fp-ts/Task';
+import * as TE from 'fp-ts/TaskEither';
+import * as E from 'fp-ts/Either';
+import * as Str from 'fp-ts/string';
+import * as S from 'fp-ts/Semigroup';
+import { z } from 'zod';
+import env from 'env-var';
+import { existsSync } from 'fs';
+import fs from 'fs/promises';
+import {
+  fromFailablePromise,
+  liftZodParseResult
+} from '../../utils/TaskEither';
+
+export const configurationSchema = z.object({
+  pluginDir: z.string().optional(),
+  plugins: z.record(
+    z.object({
+      path: z.string().optional(),
+      config: z.unknown()
+    })
+  )
+});
+
+export type Configuration = z.infer<typeof configurationSchema>;
+
+export const _readConfiguration =
+  <T>(parseConfiguration: (s: string) => z.SafeParseReturnType<T, T>) =>
+  (cfgPath?: string): TaskEither<string, T> =>
+    pipe(
+      TE.Do,
+      TE.bind('finalCfgPath', () =>
+        TE.fromIOEither(() => {
+          const finalCfgPath = path.resolve(
+            cfgPath ??
+              env.get('MINAUTH_CONFIG').default('config.yaml').asString()
+          );
+
+          console.log(`reading configuration from ${finalCfgPath}`);
+
+          return existsSync(finalCfgPath)
+            ? E.right(finalCfgPath)
+            : E.left('configuration file does not exists');
+        })
+      ),
+      TE.bind('cfgFileContent', ({ finalCfgPath }) =>
+        fromFailablePromise<string>(() => fs.readFile(finalCfgPath, 'utf-8'))
+      ),
+      TE.chain(({ cfgFileContent }) =>
+        liftZodParseResult(parseConfiguration(cfgFileContent))
+      )
+    );
+
+export const readConfiguration = _readConfiguration(
+  configurationSchema.safeParse
+);
+
+//
+
+export type UntypedPlugin = IMinAuthPlugin<unknown, unknown>;
+
+export type UntypedPluginFactory = IMinAuthPluginFactory<
+  UntypedPlugin,
+  unknown,
+  unknown,
+  unknown
+>;
+
+export type UntypedPluginModule = { default: UntypedPluginFactory };
+
+const importPluginModule = (
+  pluginModulePath: string
+): TaskEither<string, UntypedPluginModule> =>
+  fromFailablePromise(() => import(pluginModulePath));
+
+const validatePluginCfg = (
+  cfg: unknown,
+  factory: UntypedPluginFactory
+): TaskEither<string, unknown> =>
+  liftZodParseResult(factory.configurationSchema.safeParse(cfg));
+
+const initializePlugin = (
+  pluginModulePath: string,
+  pluginCfg: unknown
+): TaskEither<string, UntypedPlugin> =>
+  pipe(
+    TE.Do,
+    TE.bind('pluginModule', () => importPluginModule(pluginModulePath)),
+    TE.let('pluginFactory', ({ pluginModule }) => pluginModule.default),
+    TE.bind('typedPluginCfg', ({ pluginFactory }) =>
+      validatePluginCfg(pluginCfg, pluginFactory)
+    ),
+    TE.chain(({ pluginFactory, typedPluginCfg }) =>
+      pluginFactory.initialize(typedPluginCfg)
+    )
+  );
+
+export const initializePlugins = (
+  cfg: Configuration
+): TaskEither<string, Record<string, UntypedPlugin>> => {
+  const resolvePluginModulePath =
+    (name: string, optionalPath?: string) => () => {
+      const dir =
+        cfg.pluginDir === undefined
+          ? process.cwd()
+          : path.resolve(cfg.pluginDir);
+
+      return optionalPath === undefined
+        ? path.join(dir, name)
+        : path.resolve(optionalPath);
+    };
+
+  const resolveModulePathAndInitializePlugin = (
+    pluginName: string,
+    pluginCfg: {
+      path?: string | undefined;
+      config?: unknown;
+    }
+  ): TaskEither<string, UntypedPlugin> =>
+    pipe(
+      TE.fromIO(resolvePluginModulePath(pluginName, pluginCfg.path)),
+      TE.chain((modulePath: string) =>
+        initializePlugin(modulePath, pluginCfg.config ?? {})
+      )
+    );
+
+  const Applicative = TE.getApplicativeTaskValidation(
+    T.ApplyPar,
+    pipe(Str.Semigroup, S.intercalate(', '))
+  );
+
+  return R.traverseWithIndex(Applicative)(resolveModulePathAndInitializePlugin)(
+    cfg.plugins
+  );
+};

src/library/plugin/pluginLoader.ts

@@ -1,4 +1,5 @@
 import { RequestHandler } from 'express';
+import { TaskEither } from 'fp-ts/lib/TaskEither';
 import { JsonProof } from 'o1js';
 import z from 'zod';
 
@@ -10,7 +11,7 @@ export interface IMinAuthPlugin<PublicInputArgs, Output> {
   verifyAndGetOutput(
     publicInputArgs: PublicInputArgs,
     serializedProof: JsonProof
-  ): Promise<Output>;
+  ): TaskEither<string, Output>;
 
   // The schema of the arguments for fetching public inputs.
   readonly publicInputArgsSchema: z.ZodType<PublicInputArgs>;
@@ -38,7 +39,7 @@ export interface IMinAuthPluginFactory<
 > {
   // Initialize the plugin given the configuration. The underlying zk program is
   // typically compiled here.
-  initialize(cfg: Configuration): Promise<T>;
+  initialize(cfg: Configuration): TaskEither<string, T>;
 
   readonly configurationSchema: z.ZodType<Configuration>;
 }
@@ -49,9 +50,9 @@ export interface IMinAuthProver<PublicInputArgs, PublicInput, PrivateInput> {
   prove(
     publicInput: PublicInput,
     secretInput: PrivateInput
-  ): Promise<JsonProof>;
+  ): TaskEither<string, JsonProof>;
 
-  fetchPublicInputs(args: PublicInputArgs): Promise<PublicInput>;
+  fetchPublicInputs(args: PublicInputArgs): TaskEither<string, PublicInput>;
 }
 
 export interface IMinAuthProverFactory<
@@ -61,5 +62,5 @@ export interface IMinAuthProverFactory<
   PublicInput,
   PrivateInput
 > {
-  initialize(cfg: Configuration): Promise<T>;
+  initialize(cfg: Configuration): TaskEither<string, T>;
 }

src/library/plugin/pluginType.ts

@@ -0,0 +1,75 @@
+import { TaskEither } from 'fp-ts/lib/TaskEither';
+import { UntypedPlugin } from './pluginLoader';
+import * as expressCore from 'express-serve-static-core';
+import {
+  fromFailableIO,
+  fromFailablePromise,
+  liftZodParseResult
+} from '../../utils/TaskEither';
+import * as R from 'fp-ts/Record';
+import * as TE from 'fp-ts/TaskEither';
+import { RequestHandler } from 'express';
+import { pipe } from 'fp-ts/lib/function';
+import { JsonProof, verify } from 'o1js';
+
+type ActivePlugins = Record<string, UntypedPlugin>;
+
+export const installCustomRoutes =
+  (activePlugins: ActivePlugins) =>
+  (app: expressCore.Express): TaskEither<string, void> =>
+    pipe(
+      R.traverseWithIndex(TE.ApplicativeSeq)(
+        (pluginName, pluginInstance: UntypedPlugin) =>
+          R.traverseWithIndex(TE.ApplicativeSeq)(
+            (path, handler: RequestHandler) =>
+              fromFailableIO(
+                () => app.use(`/plugins/${pluginName}/${path}`, handler),
+                `failed to install custom route ${path} for plugin ${pluginName}`
+              )
+          )(pluginInstance.customRoutes)
+      )(activePlugins),
+      TE.map(() => {})
+    );
+
+export const verifyProof =
+  (activePlugins: ActivePlugins) =>
+  (
+    proof: JsonProof,
+    publicInputArgs: unknown,
+    pluginName: string
+  ): TaskEither<string, unknown> =>
+    pipe(
+      TE.Do,
+      TE.tap(() =>
+        TE.fromIO(() =>
+          console.info(`verifying proof using plugin ${pluginName}`)
+        )
+      ),
+      TE.bind('pluginInstance', () =>
+        TE.fromOption(() => `plugin ${pluginName} not found`)(
+          R.lookup(pluginName)(activePlugins)
+        )
+      ),
+      // Step 1: check that the proof was generated using a certain verification key.
+      TE.tap(({ pluginInstance }) =>
+        pipe(
+          fromFailablePromise(
+            () => verify(proof, pluginInstance.verificationKey),
+            'unable to verify proof'
+          ),
+          TE.tap((valid) =>
+            valid ? TE.right(undefined) : TE.left('invalid proof')
+          )
+        )
+      ),
+      // Step 2: use the plugin to extract the output. The plugin is also responsible
+      // for checking the legitimacy of the public inputs.
+      TE.bind('typedPublicInputArgs', ({ pluginInstance }) =>
+        liftZodParseResult(
+          pluginInstance.publicInputArgsSchema.safeParse(publicInputArgs)
+        )
+      ),
+      TE.chain(({ typedPublicInputArgs, pluginInstance }) =>
+        pluginInstance.verifyAndGetOutput(typedPublicInputArgs, proof)
+      )
+    );