Use payjoin-service in test utils

This replaces the direct dependencies on ohttp-relay and
payjoin-directory with a dependency on payjoin-service. The test
services still spin up two instances of the payjoin-service to simulate
a relay and directory running on isolated infrastructure.

Author: spacebear21

Cargo.toml

@@ -6,6 +6,7 @@ members = [
   "payjoin-directory",
   "payjoin-test-utils",
   "payjoin-ffi",
+  "payjoin-service",
 ]
 resolver = "2"
 
@@ -14,3 +15,4 @@ ohttp-relay = { path = "ohttp-relay" }
 payjoin = { path = "payjoin" }
 payjoin-directory = { path = "payjoin-directory" }
 payjoin-test-utils = { path = "payjoin-test-utils" }
+payjoin-service = { path = "payjoin-service" }

payjoin-ffi/dart/native/Cargo.toml

@@ -24,6 +24,8 @@ payjoin-ffi = { git = "https://github.com/payjoin/rust-payjoin.git", branch = "m
 payjoin-ffi = { path = "../.." }
 
 [patch.crates-io]
+ohttp-relay = { path = "../../../ohttp-relay" }
 payjoin = { path = "../../../payjoin" }
 payjoin-directory = { path = "../../../payjoin-directory" }
+payjoin-service = { path = "../../../payjoin-service" }
 payjoin-test-utils = { path = "../../../payjoin-test-utils" }

payjoin-ffi/javascript/test-utils/Cargo.toml

@@ -18,12 +18,18 @@ path = "../../../payjoin-test-utils"
 [build-dependencies]
 napi-build = "=2.2.4"
 
+[patch.crates-io.ohttp-relay]
+path = "../../../ohttp-relay"
+
 [patch.crates-io.payjoin]
 path = "../../../payjoin"
 
 [patch.crates-io.payjoin-directory]
 path = "../../../payjoin-directory"
 
+[patch.crates-io.payjoin-service]
+path = "../../../payjoin-service"
+
 [patch.crates-io.payjoin-test-utils]
 path = "../../../payjoin-test-utils"
 

payjoin-service/Cargo.toml

@@ -1,5 +1,3 @@
-[workspace]
-
 [package]
 name = "payjoin-service"
 version = "0.0.1"
@@ -17,14 +15,17 @@ rust-version = "1.85.0"
 
 [features]
 default = []
+_manual-tls = ["dep:axum-server", "dep:rustls", "ohttp-relay/_test-util"]
 
 [dependencies]
 anyhow = "1.0"
 axum = "0.8"
+axum-server = { version = "0.7", features = ["tls-rustls-no-provider"], optional = true }
 clap = { version = "4.5", features = ["derive", "env"] }
 config = "0.15"
 ohttp-relay = { path = "../ohttp-relay", features = ["bootstrap"] }
 payjoin-directory = { path = "../payjoin-directory" }
+rustls = { version = "0.23", default-features = false, features = ["ring"], optional = true }
 serde = { version = "1.0", features = ["derive"] }
 tokio = { version = "1.47", features = ["full"] }
 tower = "0.5"

payjoin-service/src/lib.rs

@@ -17,30 +17,87 @@ struct Services {
 }
 
 pub async fn serve(config: Config) -> anyhow::Result<()> {
+    let services = Services {
+        directory: init_directory(&config).await?,
+        relay: init_ohttp_relay(&config, None).await?,
+    };
+    let app = Router::new().fallback(route_request).with_state(services);
+
+    let addr = SocketAddr::from((Ipv6Addr::UNSPECIFIED, config.port));
+    let listener = tokio::net::TcpListener::bind(addr).await?;
+    info!("Payjoin service listening on {}", addr);
+    axum::serve(listener, app).await?;
+
+    Ok(())
+}
+
+/// Serves payjoin-service with manual TLS configuration.
+///
+/// Binds to `config.port` (use 0 to let the OS assign a free port) and returns
+/// the actual bound port along with a task handle.
+///
+/// If `tls_config` is provided, the server will use TLS for incoming connections.
+/// The `root_store` is used for outgoing relay connections to the gateway.
+#[cfg(feature = "_manual-tls")]
+pub async fn serve_manual_tls(
+    config: Config,
+    tls_config: Option<axum_server::tls_rustls::RustlsConfig>,
+    root_store: rustls::RootCertStore,
+) -> anyhow::Result<(u16, tokio::task::JoinHandle<anyhow::Result<()>>)> {
+    let services = Services {
+        directory: init_directory(&config).await?,
+        relay: init_ohttp_relay(&config, Some(root_store)).await?,
+    };
+    let app = Router::new().fallback(route_request).with_state(services);
+
+    let addr = SocketAddr::from((Ipv6Addr::UNSPECIFIED, config.port));
+    let listener = tokio::net::TcpListener::bind(addr).await?;
+    let port = listener.local_addr()?.port();
+
+    let handle = match tls_config {
+        Some(tls) => {
+            info!("Payjoin service listening on port {} with TLS", port);
+            tokio::spawn(async move {
+                axum_server::from_tcp_rustls(listener.into_std()?, tls)
+                    .serve(app.into_make_service())
+                    .await
+                    .map_err(Into::into)
+            })
+        }
+        None => {
+            info!("Payjoin service listening on port {} (HTTP)", port);
+            tokio::spawn(async move { axum::serve(listener, app).await.map_err(Into::into) })
+        }
+    };
+
+    Ok((port, handle))
+}
+
+async fn init_directory(
+    config: &Config,
+) -> anyhow::Result<payjoin_directory::Service<payjoin_directory::FilesDb>> {
     let db = payjoin_directory::FilesDb::init(config.timeout, config.storage_dir.clone()).await?;
     db.spawn_background_prune().await;
 
     let ohttp_keys_dir = config.storage_dir.join("ohttp-keys");
     let ohttp_config = init_ohttp_config(&ohttp_keys_dir)?;
     let metrics = payjoin_directory::metrics::Metrics::new();
 
-    let directory = payjoin_directory::Service::new(db, ohttp_config.into(), metrics);
+    Ok(payjoin_directory::Service::new(db, ohttp_config.into(), metrics))
+}
 
+async fn init_ohttp_relay(
+    config: &Config,
+    root_store: Option<rustls::RootCertStore>,
+) -> anyhow::Result<ohttp_relay::Service> {
     // TODO: A gateway should no longer need to be specified, but ohttp-relay currently requires it.
     // See https://github.com/payjoin/ohttp-relay/issues/73
     let gateway =
         config.gateway_origin.parse::<ohttp_relay::GatewayUri>().map_err(|e| anyhow::anyhow!(e))?;
-    let relay = ohttp_relay::Service::new_with_gateway(gateway).await;
-
-    let services = Services { directory, relay };
-    let app = Router::new().fallback(route_request).with_state(services);
-
-    let addr = SocketAddr::from((Ipv6Addr::UNSPECIFIED, config.port));
-    let listener = tokio::net::TcpListener::bind(addr).await?;
-    info!("Payjoin service listening on {}", addr);
-    axum::serve(listener, app).await?;
-
-    Ok(())
+    Ok(match root_store {
+        Some(roots) => ohttp_relay::Service::new_with_gateway_and_roots(gateway, roots).await,
+        None => ohttp_relay::Service::new_with_gateway(gateway).await,
+    })
 }
 
 fn init_ohttp_config(

payjoin-test-utils/Cargo.toml

@@ -9,18 +9,18 @@ rust-version = "1.85"
 license = "MIT"
 
 [dependencies]
+axum-server = { version = "0.7", features = ["tls-rustls-no-provider"] }
 bitcoin = { version = "0.32.7", features = ["base64"] }
 corepc-node = { version = "0.10.0", features = ["download", "29_0"] }
 http = "1.3.1"
 ohttp = { package = "bitcoin-ohttp", version = "0.6.0" }
-ohttp-relay = { version = "0.0.11", features = ["_test-util"] }
 once_cell = "1.21.3"
 payjoin = { version = "1.0.0-rc.1", features = [
   "io",
   "_manual-tls",
   "_test-utils",
 ] }
-payjoin-directory = { version = "0.0.3", features = ["_manual-tls"] }
+payjoin-service = { path = "../payjoin-service", features = ["_manual-tls"] }
 rcgen = "0.14.3"
 reqwest = { version = "0.12.23", default-features = false, features = [
   "rustls-tls",

payjoin-test-utils/src/lib.rs

@@ -1,9 +1,9 @@
-use std::net::{IpAddr, Ipv6Addr, SocketAddr};
 use std::result::Result;
 use std::str::FromStr;
 use std::sync::Arc;
 use std::time::Duration;
 
+use axum_server::tls_rustls::RustlsConfig;
 use bitcoin::{Amount, Psbt};
 pub use corepc_node; // re-export for convenience
 use corepc_node::AddressType;
@@ -18,7 +18,6 @@ use reqwest::{Client, ClientBuilder};
 use rustls::pki_types::CertificateDer;
 use rustls::RootCertStore;
 use tempfile::tempdir;
-use tokio::net::TcpListener;
 use tokio::task::JoinHandle;
 use tracing::Level;
 use tracing_subscriber::{EnvFilter, FmtSubscriber};
@@ -61,11 +60,9 @@ impl TestServices {
         let mut root_store = RootCertStore::empty();
         root_store.add(CertificateDer::from(cert.cert.der().to_vec())).unwrap();
 
-        let directory = init_directory(cert_key).await?;
+        let directory = init_directory(cert_key, root_store.clone()).await?;
+        let ohttp_relay = init_ohttp_relay(directory.0, root_store).await?;
 
-        let gateway_origin =
-            ohttp_relay::GatewayUri::from_str(&format!("https://localhost:{}", directory.0))?;
-        let ohttp_relay = ohttp_relay::listen_tcp_on_free_port(gateway_origin, root_store).await?;
         let http_agent: Arc<Client> = Arc::new(http_agent(cert_der)?);
 
         Ok(Self {
@@ -114,33 +111,58 @@ impl TestServices {
 
 pub async fn init_directory(
     local_cert_key: (Vec<u8>, Vec<u8>),
+    root_store: RootCertStore,
 ) -> std::result::Result<
     (u16, tokio::task::JoinHandle<std::result::Result<(), BoxSendSyncError>>),
     BoxSendSyncError,
 > {
-    let timeout = Duration::from_secs(2);
-    let ohttp_server = payjoin_directory::gen_ohttp_server_config()?;
-
-    let metrics = payjoin_directory::metrics::Metrics::new();
     let tempdir = tempdir()?;
-    let db = payjoin_directory::FilesDb::init(timeout, tempdir.path().to_path_buf()).await?;
+    let config = payjoin_service::config::Config {
+        port: 0, // let OS assign a free port
+        storage_dir: tempdir.path().to_path_buf(),
+        timeout: Duration::from_secs(2),
+        gateway_origin: String::from("https://localhost"),
+    };
 
-    let service = payjoin_directory::Service::new(db, ohttp_server.into(), metrics);
+    let tls_config = RustlsConfig::from_der(vec![local_cert_key.0], local_cert_key.1).await?;
 
-    let listener = bind_free_port().await?;
-    let port = listener.local_addr()?.port();
+    let (port, handle) = payjoin_service::serve_manual_tls(config, Some(tls_config), root_store)
+        .await
+        .map_err(|e| e.to_string())?;
 
     let handle = tokio::spawn(async move {
         let _tempdir = tempdir; // keep the tempdir until the directory shuts down
-        service.serve_tls(listener, local_cert_key).await
+        handle.await.map_err(|e| e.to_string())?.map_err(|e| e.to_string().into())
     });
 
     Ok((port, handle))
 }
 
-async fn bind_free_port() -> Result<tokio::net::TcpListener, std::io::Error> {
-    let bind_addr = SocketAddr::new(IpAddr::V6(Ipv6Addr::UNSPECIFIED), 0);
-    TcpListener::bind(bind_addr).await
+async fn init_ohttp_relay(
+    directory_port: u16,
+    root_store: RootCertStore,
+) -> std::result::Result<
+    (u16, tokio::task::JoinHandle<std::result::Result<(), BoxSendSyncError>>),
+    BoxSendSyncError,
+> {
+    let tempdir = tempdir()?;
+    let config = payjoin_service::config::Config {
+        port: 0, // let OS assign a free port
+        storage_dir: tempdir.path().to_path_buf(),
+        timeout: Duration::from_secs(2),
+        gateway_origin: format!("https://localhost:{}", directory_port),
+    };
+
+    let (port, handle) = payjoin_service::serve_manual_tls(config, None, root_store)
+        .await
+        .map_err(|e| e.to_string())?;
+
+    let handle = tokio::spawn(async move {
+        let _tempdir = tempdir; // keep the tempdir until the relay shuts down
+        handle.await.map_err(|e| e.to_string())?.map_err(|e| e.to_string().into())
+    });
+
+    Ok((port, handle))
 }
 
 /// generate or get a DER encoded localhost cert and key.