On wtiring...

Between Web3 and Web2: SoulWallet's Backend Tech Stack--AWS Lambda

• Web3需要依赖Web2，这个是一个现状，未来也会很长期的现状，Web3不是真空，是Web的一个新形态应用而已。

• 许多Web3应用都会用到和Email、Twitter等等传统的Web2应用打交道，那如何设计一个随着应用复杂度增长而可伸缩，初期开发难度不高，后期可扩展的技术架构，来支撑这个桥接场景呢？我们以Email为例，其他Twitter也类似了，抛下一些思考和实践过程。

• 本文也是SoulWallet产品的Email验证服务作为后端服务，使用AWS Lambda快速搭建的过程，记录下来，分享给各位Web3 builder。

Mail技术选型

应用背景

• Web3的钱包，需要拥有者设置自己或者他人可信的Email，作为Guardian，整个业务过程包括:

• 验证邮件可信（发验证码+收到验证码verify）、验证安全签名DKIM（可选，后期加）、作为Guardian参与Recvery。

可能的函数

get4RandomNumber

sendMail2Address

verify4RandomNumber

sendRecoveryHashMail

verifyDKMIHash2Recovery

get6RandomNumber

sendMail2BatchAddress

verify6RandomNumber

使用API Gateway调用，先用OAuth2？

评估

• 1>AWS Lambda+ AWS SES

• 好处：按需付费，开发技术栈稳定简单（相对），未来可扩展，坏处：不是去中心，长期可能有一些隐患

• 2>Docker化使用Hanko

• 坏处：技术难度略高，需要自己修改定制，好处：标准Docker+配置，可以部署和扩展在任何地方，去中心

分析

• 1.中心化服务，例如AWS S3、Google Firebase会长期存在，并且服务也较为稳定。

• 2.一些非核心的应用场景，例如邮件服务、验证服务等的，可以放在中心化服务器。

• 3.用Serverless快速搭建服务，并且沉淀出模型，形成快速可迁移的能力，也是某种层次的去中心。

• 4.对于非核心服务的部分中心化，最坏情况下需要不能影响客户的核心体验（这个要评估和实验）。

• 5.所有代码如果开放开源，则可以用类似Stake方式，让更多节点把安全中心去中心化，则更稳定和去中心。

设计

交互泳道图

开发

准备

1. 进入AWS，搜索Lambda服务，进入，创建一个Lambda function。

几个图片参考下，很简单

1. Mac 下安装SAM:

brew tap aws/tap
brew install aws-sam-cli

注意，我遇到了404问题，解决办法

 brew install aws-sam-cli
==> Downloading https://mirrors.ustc.edu.cn/homebrew-bottles/bottles/python%403.8-3.8.12_1.monterey.bottle.tar.gz
curl: (22) The requested URL returned error: 404                              

Warning: Bottle missing, falling back to the default domain...
==> Downloading https://ghcr.io/v2/homebrew/core/python/3.8/manifests/3.8.12_1
Already downloaded: /Users/jason/Library/Caches/Homebrew/downloads/61f42b7874c869da77ca6a2c68ce8fba17392d585f49a57c4f98b846e4255d4f--python@3.8-3.8.12_1.bottle_manifest.json
==> Downloading https://ghcr.io/v2/homebrew/core/python/3.8/blobs/sha256:9003ba90da12f509084675de2ac639356aa929f99483115250b7cfb154ade246
Already downloaded: /Users/jason/Library/Caches/Homebrew/downloads/1277a706a480613882eed92d3a3d8d64b8685f2ebc814c888765c4044ce32cd9--python@3.8--3.8.12_1.monterey.bottle.tar.gz
==> Downloading https://github.com/aws/aws-sam-cli/releases/download/v1.56.0//aws-sam-cli-1.56.0.sierra.bottle.tar.gz
==> Downloading from https://objects.githubusercontent.com/github-production-release-asset-2e65be/92205085/29934f42-b9b2-46f8-8901-4cc832ca4988?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYA
######################################################################## 100.0%
==> Installing aws-sam-cli from aws/tap
==> Installing dependencies for aws/tap/aws-sam-cli: python@3.8
==> Installing aws/tap/aws-sam-cli dependency: python@3.8
==> Pouring python@3.8-3.8.12_1.monterey.bottle.tar.gz
Error: No such file or directory @ rb_sysopen - /Users/jason/Library/Caches/Homebrew/downloads/43fd497f6cd5d3be88e46f093783bcfb87796f443dbf38b2060d8b336e25d8ba--python@3.8-3.8.12_1.monterey.bottle.tar.gz

复制一份即可

cp -a /Users/jason/Library/Caches/Homebrew/downloads/1277a706a480613882eed92d3a3d8d64b8685f2ebc814c888765c4044ce32cd9--python@3.8--3.8.12_1.monterey.bottle.tar.gz /Users/jason/Library/Caches/Homebrew/downloads/43fd497f6cd5d3be88e46f093783bcfb87796f443dbf38b2060d8b336e25d8ba--python@3.8-3.8.12_1.monterey.bottle.tar.gz

1. ``` #Step 1 - Download a sample application sam init

#Step 2 - Build your application cd sam-app sam build

#Step 3 - Deploy your application sam deploy --guided

初始化过程，可参考

cd ~/Dev/Projects/soulwallet-backend jason@HuifengjiaodeMacBook-Pro

~/Dev/Projects/soulwallet-backend (main) » ls jason@HuifengjiaodeMacBook-Pro README.md

~/Dev/Projects/soulwallet-backend (main) » sam init jason@HuifengjiaodeMacBook-Pro

SAM CLI now collects telemetry to better understand customer needs.

You can OPT OUT and disable telemetry collection by setting the
environment variable SAM_CLI_TELEMETRY=0 in your shell.
Thanks for your help!

Learn More: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-telemetry.html

More：

You can preselect a particular runtime or package type when using the sam init experience. Call sam init --help to learn more.

Which template source would you like to use? 1 - AWS Quick Start Templates 2 - Custom Template Location Choice: 1

Choose an AWS Quick Start application template 1 - Hello World Example 2 - Multi-step workflow 3 - Serverless API 4 - Scheduled task 5 - Standalone function 6 - Data processing 7 - Infrastructure event management 8 - Lambda EFS example 9 - Machine Learning Template: 1

Use the most popular runtime and package type? (Python and zip) [y/N]: n

Which runtime would you like to use? 1 - dotnet6 2 - dotnet5.0 3 - dotnetcore3.1 4 - go1.x 5 - graalvm.java11 (provided.al2) 6 - graalvm.java17 (provided.al2) 7 - java11 8 - java8.al2 9 - java8 10 - nodejs16.x 11 - nodejs14.x 12 - nodejs12.x 13 - python3.9 14 - python3.8 15 - python3.7 16 - python3.6 17 - ruby2.7 18 - rust (provided.al2) Runtime: 10

What package type would you like to use? 1 - Zip 2 - Image Package type: 1

Based on your selections, the only dependency manager available is npm. We will proceed copying the template using npm.

Select your starter template 1 - Hello World Example 2 - Hello World Example TypeScript Template: 1

Would you like to enable X-Ray tracing on the function(s) in your application? [y/N]: y X-Ray will incur an additional cost. View aws.amazon.com/xray/pricing for more details

Project name [sam-app]: testSAM

Cloning from github.com/aws/aws-sam-cli-app-templates (process may take a moment)

    Generating application:
    -----------------------
    Name: testSAM
    Runtime: nodejs16.x
    Architectures: x86_64
    Dependency Manager: npm
    Application Template: hello-world
    Output Directory: .

    Next steps can be found in the README file at ./testSAM/README.md


    Commands you can use next
    =========================
    [*] Create pipeline: cd testSAM && sam pipeline init --bootstrap
    [*] Validate SAM template: sam validate
    [*] Test Function in the Cloud: sam sync --stack-name {stack-name} --watch

进入目录，build：

cd testSAM jason@HuifengjiaodeMacBook-Pro

~/Dev/Projects/soulwallet-backend/testSAM (main*) » ls jason@HuifengjiaodeMacBook-Pro README.md events hello-world template.yaml

~/Dev/Projects/soulwallet-backend/testSAM (main*) » vim build.sh jason@HuifengjiaodeMacBook-Pro

~/Dev/Projects/soulwallet-backend/testSAM (main) » chmod +x .sh jason@HuifengjiaodeMacBook-Pro

~/Dev/Projects/soulwallet-backend/testSAM (main*) » ./build.sh jason@HuifengjiaodeMacBook-Pro Your template contains a resource with logical ID "ServerlessRestApi", which is a reserved logical ID in AWS SAM. It could result in unexpected behaviors and is not recommended. Building codeuri: /Users/jason/Dev/Projects/soulwallet-backend/testSAM/hello-world runtime: nodejs16.x metadata: {} architecture: x86_64 functions: HelloWorldFunction Running NodejsNpmBuilder:NpmPack Running NodejsNpmBuilder:CopyNpmrcAndLockfile Running NodejsNpmBuilder:CopySource Running NodejsNpmBuilder:NpmInstall Running NodejsNpmBuilder:CleanUpNpmrc Running NodejsNpmBuilder:LockfileCleanUp

Build Succeeded

Built Artifacts : .aws-sam/build Built Template : .aws-sam/build/template.yaml

Commands you can use next

========================= [] Validate SAM template: sam validate [] Invoke Function: sam local invoke [] Test Function in the Cloud: sam sync --stack-name {stack-name} --watch [] Deploy: sam deploy --guided

```

部署

Invoke

其他

参考

AWS SES ：aws.amazon.com/cn/ses

Lambda Dev Progress：docs.aws.amazon.com/toolkit-for-vscode/late..

补充

后续因为Security Center定义发生变化，承载了更多的业务功能，所以上述设计工作架构变化不大，但是开发工作量更多了。

技术栈

Web2的设计思维，是中心化大集群的业务场景，因此会把复杂场景拆解为微服务，而后来发现，微服务还不够（大厂的业务流程太复杂了），因此进化出了FAAS，进一步拆解服务，可以理解为微服务的下一层。研发团队不需要关注任何和业务无关的（组件、环境、扩容、分流等等），只需要写自己的业务函数，其他交给FAAS服务来搞定。

而Web3的Decentralized，从某种程度上来看，抽象出业务行为，然后在任何可以提供FAAS的云服务运行自己的服务，也是一种阶段选择，因为不变的业务和具体业务实现代码，是非常容易迁移的。

当然，如果Web3不被法律认可，所有中心化服务拒绝Web3，那也是一种可能，但从发展和技术角度看，可能性不高。