feat: submit zisk endpoint in gateway

Author: MarcosNicolau

aggregation_mode/gateway/src/http.rs

@@ -25,8 +25,8 @@ use crate::{
     db::Db,
     helpers::get_time_left_day_formatted,
     metrics::GatewayMetrics,
-    types::{GetReceiptsResponse, SubmitProofRequestRisc0, SubmitProofRequestSP1},
-    verifiers::{verify_sp1_proof, VerificationError},
+    types::{GetReceiptsResponse, SubmitProofRequestRisc0, SubmitProofRequestSP1, SubmitProofRequestZisk},
+    verifiers::{verify_sp1_proof, verify_zisk_proof, VerificationError},
 };
 
 #[derive(Clone, Debug)]
@@ -78,6 +78,7 @@ impl GatewayServer {
                 .route("/receipts", web::get().to(Self::get_receipts))
                 .route("/proof/sp1", web::post().to(Self::post_proof_sp1))
                 .route("/proof/risc0", web::post().to(Self::post_proof_risc0))
+                .route("/proof/zisk", web::post().to(Self::post_proof_zisk))
                 .route("/quotas/{address}", web::get().to(Self::get_quotas))
         })
         .bind((self.config.ip.as_str(), port))
@@ -285,6 +286,142 @@ impl GatewayServer {
         HttpResponse::Ok().json(AppResponse::new_sucessfull(serde_json::json!({})))
     }
 
+    // Posts a Zisk proof to the gateway, recovering the address from the signature
+    async fn post_proof_zisk(
+        req: HttpRequest,
+        MultipartForm(data): MultipartForm<SubmitProofRequestZisk>,
+    ) -> impl Responder {
+        let Some(state) = req.app_data::<Data<GatewayServer>>() else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        let state = state.get_ref();
+        let Ok(signature) = Signature::from_str(&data.signature_hex.0) else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Invalid signature", 500));
+        };
+
+        let Ok(proof_content) = tokio::fs::read(data.proof.file.path()).await else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        // reconstruct message and recover address
+        let msg = agg_mode_sdk::gateway::types::SubmitZiskProofMessage::new(
+            data.nonce.0,
+            proof_content.clone(),
+        );
+        let Ok(recovered_address) =
+            signature.recover_address_from_prehash(&msg.eip712_hash(&state.network).into())
+        else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+        let recovered_address = recovered_address.to_string().to_lowercase();
+
+        // Checking if this address has submited more proofs than the ones allowed per day
+        let Ok(daily_tasks_by_address) = state
+            .db
+            .get_daily_tasks_by_address(&recovered_address)
+            .await
+        else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        if daily_tasks_by_address >= state.config.max_daily_proofs_per_user {
+            let formatted_time_left = get_time_left_day_formatted();
+
+            return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(
+                format!(
+                    "Request denied: Query limit exceeded. Quotas renew in {formatted_time_left}"
+                )
+                .as_str(),
+                400,
+            ));
+        }
+
+        let Ok(count) = state.db.count_tasks_by_address(&recovered_address).await else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        if data.nonce.0 != (count as u64) {
+            return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(
+                &format!("Invalid nonce, expected nonce = {count}"),
+                400,
+            ));
+        }
+
+        let now_epoch = match SystemTime::now().duration_since(UNIX_EPOCH) {
+            Ok(duration) => duration.as_secs(),
+            Err(_) => {
+                return HttpResponse::InternalServerError()
+                    .json(AppResponse::new_unsucessfull("Internal server error", 500));
+            }
+        };
+
+        let has_payment = match state
+            .db
+            .has_active_payment_event(
+                &recovered_address,
+                BigDecimal::from_str(&now_epoch.to_string()).unwrap(),
+            )
+            .await
+        {
+            Ok(result) => result,
+            Err(_) => {
+                return HttpResponse::InternalServerError()
+                    .json(AppResponse::new_unsucessfull("Internal server error", 500));
+            }
+        };
+
+        if !has_payment {
+            return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(
+                "You have to pay before submitting a proof",
+                400,
+            ));
+        }
+
+        if let Err(e) = verify_zisk_proof(&proof_content) {
+            let message = match e {
+                VerificationError::InvalidProof => "Proof verification failed",
+                VerificationError::UnsupportedProof => "Unsupported proof",
+            };
+
+            return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(message, 400));
+        };
+
+        let query_started_at = Instant::now();
+
+        match state
+            .db
+            .insert_task(
+                &recovered_address,
+                AggregationModeProvingSystem::ZISK.as_u16() as i32,
+                &proof_content,
+                &[],  // Zisk proofs don't have a separate vk file
+                None,
+                data.nonce.0 as i64,
+            )
+            .await
+        {
+            Ok(task_id) => {
+                let time_elapsed_db_call = query_started_at.elapsed();
+                state
+                    .metrics
+                    .register_db_response_time_post("zisk-post", time_elapsed_db_call.as_secs_f64());
+
+                HttpResponse::Ok().json(AppResponse::new_sucessfull(
+                    serde_json::json!({ "task_id": task_id.to_string() }),
+                ))
+            }
+            Err(_) => HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500)),
+        }
+    }
+
     // Returns the last 100 receipt merkle proofs for the address received in the URL.
     // In case of also receiving a nonce on the query param, it returns only the merkle proof for that nonce.
     async fn get_receipts(

aggregation_mode/gateway/src/types.rs

@@ -54,6 +54,13 @@ pub(super) struct SubmitProofRequestRisc0 {
     pub _signature_hex: Text<String>,
 }
 
+#[derive(Debug, MultipartForm)]
+pub(super) struct SubmitProofRequestZisk {
+    pub nonce: Text<u64>,
+    pub proof: TempFile,
+    pub signature_hex: Text<String>,
+}
+
 #[derive(Debug, Clone, sqlx::FromRow, sqlx::Type, serde::Serialize)]
 pub struct GetReceiptsResponse {
     pub status: TaskStatus,

aggregation_mode/gateway/src/verifiers.rs

@@ -25,3 +25,8 @@ pub fn verify_sp1_proof(
 
     Ok(())
 }
+
+/// TODO: implement Zisk proof verification
+pub fn verify_zisk_proof(_proof: &[u8]) -> Result<(), VerificationError> {
+    Ok(())
+}

aggregation_mode/sdk/src/gateway/provider.rs

@@ -6,7 +6,7 @@ use sp1_sdk::{SP1ProofWithPublicValues, SP1VerifyingKey};
 use crate::{
     gateway::types::{
         EmptyDataResponse, GatewayResponse, NonceResponse, ReceiptsQueryParams, ReceiptsResponse,
-        SubmitProofResponse, SubmitSP1ProofMessage,
+        SubmitProofResponse, SubmitSP1ProofMessage, SubmitZiskProofMessage,
     },
     types::Network,
 };
@@ -120,6 +120,36 @@ impl<S: Signer> AggregationModeGatewayProvider<S> {
         self.send_request(request).await
     }
 
+    pub async fn submit_zisk_proof(
+        &self,
+        proof: &[u8],
+    ) -> Result<GatewayResponse<SubmitProofResponse>, GatewayError> {
+        let Some(signer) = &self.signer else {
+            return Err(GatewayError::SignerNotConfigured);
+        };
+        let signer_address = signer.address().to_string();
+        let nonce_response = self.get_nonce_for(signer_address).await?;
+        let message = SubmitZiskProofMessage::new(nonce_response.data.nonce, proof.to_vec())
+            .sign(signer, &self.network)
+            .await
+            .map_err(GatewayError::MessageSignature)?;
+
+        let form = multipart::Form::new()
+            .text("nonce", message.nonce.to_string())
+            .part(
+                "proof",
+                multipart::Part::bytes(message.proof).file_name("proof.bin"),
+            )
+            .text("signature_hex", hex::encode(message.signature));
+
+        let request = self
+            .http_client
+            .post(format!("{}/proof/zisk", self.gateway_url))
+            .multipart(form);
+
+        self.send_request(request).await
+    }
+
     // TODO: verify proof from receipt merkle path
 
     async fn send_request<T: DeserializeOwned>(

aggregation_mode/sdk/src/gateway/types.rs

@@ -110,3 +110,66 @@ impl SubmitSP1ProofMessage {
         Ok(self)
     }
 }
+
+/// Message for submitting a Zisk proof.
+/// The proof bytes contain the rom_vk and public inputs.
+#[derive(Debug, Clone, Deserialize)]
+pub struct SubmitZiskProofMessage {
+    pub nonce: u64,
+    pub proof: Vec<u8>,
+    pub signature: Vec<u8>,
+}
+
+impl SubmitZiskProofMessage {
+    pub fn new(nonce: u64, proof: Vec<u8>) -> Self {
+        Self {
+            nonce,
+            proof,
+            signature: vec![],
+        }
+    }
+
+    fn hash_msg(&self) -> [u8; 32] {
+        let mut hasher = Keccak256::new();
+        let mut output = [0u8; 32];
+
+        let nonce_bytes: [u8; 32] = U256::from_be_slice(&self.nonce.to_be_bytes()).to_be_bytes();
+
+        hasher.update(nonce_bytes);
+        hasher.update(&self.proof);
+        hasher.finalize_into_array(&mut output);
+        output
+    }
+
+    pub fn eip712_hash(&self, network: &Network) -> [u8; 32] {
+        let domain_value = DynSolValue::Tuple(vec![
+            DynSolValue::String("Aligned".to_string()),
+            DynSolValue::String("1".to_string()),
+            DynSolValue::Uint(U256::from(network.chain_id()), 256),
+        ]);
+
+        let message_value = DynSolValue::Tuple(vec![
+            DynSolValue::FixedBytes(self.hash_msg().into(), 32),
+            DynSolValue::Uint(U256::from(self.nonce), 256),
+        ]);
+
+        let encoded_domain = domain_value.abi_encode();
+        let encoded_message = message_value.abi_encode();
+
+        let domain_separator = keccak256(&encoded_domain);
+        let message_hash = keccak256(&encoded_message);
+
+        keccak256([&[0x19, 0x01], &domain_separator[..], &message_hash[..]].concat()).0
+    }
+
+    pub async fn sign<S: Signer>(mut self, signer: &S, network: &Network) -> Result<Self, String> {
+        let signature = signer
+            .sign_hash(&self.eip712_hash(network).into())
+            .await
+            .map_err(|e| e.to_string())?;
+
+        self.signature = signature.as_bytes().to_vec();
+
+        Ok(self)
+    }
+}