status-im/nimbus-eth2
2
0
Fork 0
mirror of https://github.com/status-im/nimbus-eth2.git synced 2025-01-11 06:46:10 +00:00
Code Issues Projects Releases Wiki Activity

switch engine authentication from Option to Opt (#5624)

Browse Source 
* switch engine authentication from Option to Opt

* el_conf updates

* LC and el_conf tests
This commit is contained in:
tersec 2023-11-27 14:48:29 +00:00 committed by GitHub
parent efb094b521
commit 6dee4d59fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
beacon_chain/conf.nim
View File

@ -1436,8 +1436,8 @@ func defaultFeeRecipient*(conf: AnyConf): Opt[Eth1Address] =
proc loadJwtSecret*( proc loadJwtSecret*(
rng: var HmacDrbgContext, rng: var HmacDrbgContext,
dataDir: string, dataDir: string,
jwtSecret: Option[InputFile], jwtSecret: Opt[InputFile],
allowCreate: bool): Option[seq[byte]] = allowCreate: bool): Opt[seq[byte]] =
# Some Web3 endpoints aren't compatible with JWT, but if explicitly chosen, # Some Web3 endpoints aren't compatible with JWT, but if explicitly chosen,
# use it regardless. # use it regardless.
if jwtSecret.isSome or allowCreate: if jwtSecret.isSome or allowCreate:
@ -1447,15 +1447,22 @@ proc loadJwtSecret*(
err = secret.error err = secret.error
quit 1 quit 1
some secret.get Opt.some secret.get
else: else:
none(seq[byte]) Opt.none seq[byte]
func configJwtSecretOpt*(jwtSecret: Option[InputFile]): Opt[InputFile] =
if jwtSecret.isSome:
Opt.some jwtSecret.get
else:
Opt.none InputFile
proc loadJwtSecret*( proc loadJwtSecret*(
rng: var HmacDrbgContext, rng: var HmacDrbgContext,
config: BeaconNodeConf, config: BeaconNodeConf,
allowCreate: bool): Option[seq[byte]] = allowCreate: bool): Opt[seq[byte]] =
rng.loadJwtSecret(string(config.dataDir), config.jwtSecret, allowCreate) rng.loadJwtSecret(
string(config.dataDir), config.jwtSecret.configJwtSecretOpt, allowCreate)
proc engineApiUrls*(config: BeaconNodeConf): seq[EngineApiUrl] = proc engineApiUrls*(config: BeaconNodeConf): seq[EngineApiUrl] =
let elUrls = if config.noEl: let elUrls = if config.noEl:
@ -1465,7 +1472,8 @@ proc engineApiUrls*(config: BeaconNodeConf): seq[EngineApiUrl] =
else: else:
config.elUrls config.elUrls
(elUrls & config.web3Urls).toFinalEngineApiUrls(config.jwtSecret) (elUrls & config.web3Urls).toFinalEngineApiUrls(
config.jwtSecret.configJwtSecretOpt)
proc loadKzgTrustedSetup*(): Result[void, string] = proc loadKzgTrustedSetup*(): Result[void, string] =
const const

3
beacon_chain/conf_light_client.nim
View File

@ -174,4 +174,5 @@ proc engineApiUrls*(config: LightClientConf): seq[EngineApiUrl] =
else: else:
config.elUrls config.elUrls
(elUrls & config.web3Urls).toFinalEngineApiUrls(config.jwtSecret) (elUrls & config.web3Urls).toFinalEngineApiUrls(
config.jwtSecret.configJwtSecretOpt)

20
beacon_chain/el/el_conf.nim
View File

@ -28,7 +28,7 @@ type
EngineApiUrl* = object EngineApiUrl* = object
url: string url: string
jwtSecret: Option[seq[byte]] jwtSecret: Opt[seq[byte]]
roles: EngineApiRoles roles: EngineApiRoles
EngineApiUrlConfigValue* = object EngineApiUrlConfigValue* = object
@ -52,14 +52,14 @@ chronicles.formatIt EngineApiUrl:
proc init*(T: type EngineApiUrl, proc init*(T: type EngineApiUrl,
url: string, url: string,
jwtSecret = none seq[byte], jwtSecret = Opt.none seq[byte],
roles = defaultEngineApiRoles): T = roles = defaultEngineApiRoles): T =
T(url: url, jwtSecret: jwtSecret, roles: roles) T(url: url, jwtSecret: jwtSecret, roles: roles)
func url*(engineUrl: EngineApiUrl): string = func url*(engineUrl: EngineApiUrl): string =
engineUrl.url engineUrl.url
func jwtSecret*(engineUrl: EngineApiUrl): Option[seq[byte]] = func jwtSecret*(engineUrl: EngineApiUrl): Opt[seq[byte]] =
engineUrl.jwtSecret engineUrl.jwtSecret
func roles*(engineUrl: EngineApiUrl): EngineApiRoles = func roles*(engineUrl: EngineApiUrl): EngineApiRoles =
@ -157,14 +157,14 @@ proc fixupWeb3Urls*(web3Url: var string) =
web3Url = "ws://" & web3Url web3Url = "ws://" & web3Url
proc toFinalUrl*(confValue: EngineApiUrlConfigValue, proc toFinalUrl*(confValue: EngineApiUrlConfigValue,
confJwtSecret: Option[seq[byte]]): Result[EngineApiUrl, cstring] = confJwtSecret: Opt[seq[byte]]): Result[EngineApiUrl, cstring] =
if confValue.jwtSecret.isSome and confValue.jwtSecretFile.isSome: if confValue.jwtSecret.isSome and confValue.jwtSecretFile.isSome:
return err "The options `jwtSecret` and `jwtSecretFile` should not be specified together" return err "The options `jwtSecret` and `jwtSecretFile` should not be specified together"
let jwtSecret = if confValue.jwtSecret.isSome: let jwtSecret = if confValue.jwtSecret.isSome:
some(? parseJwtTokenValue(confValue.jwtSecret.get)) Opt.some(? parseJwtTokenValue(confValue.jwtSecret.get))
elif confValue.jwtSecretFile.isSome: elif confValue.jwtSecretFile.isSome:
some(? loadJwtSecretFile(confValue.jwtSecretFile.get)) Opt.some(? loadJwtSecretFile(confValue.jwtSecretFile.get))
else: else:
confJwtSecret confJwtSecret
@ -176,19 +176,19 @@ proc toFinalUrl*(confValue: EngineApiUrlConfigValue,
jwtSecret = jwtSecret, jwtSecret = jwtSecret,
roles = confValue.roles.get(defaultEngineApiRoles)) roles = confValue.roles.get(defaultEngineApiRoles))
proc loadJwtSecret*(jwtSecret: Option[InputFile]): Option[seq[byte]] = proc loadJwtSecret*(jwtSecret: Opt[InputFile]): Opt[seq[byte]] =
if jwtSecret.isSome: if jwtSecret.isSome:
let res = loadJwtSecretFile(jwtSecret.get) let res = loadJwtSecretFile(jwtSecret.get)
if res.isOk: if res.isOk:
some res.value Opt.some res.value
else: else:
fatal "Failed to load JWT secret file", err = res.error fatal "Failed to load JWT secret file", err = res.error
quit 1 quit 1
else: else:
none seq[byte] Opt.none seq[byte]
proc toFinalEngineApiUrls*(elUrls: seq[EngineApiUrlConfigValue], proc toFinalEngineApiUrls*(elUrls: seq[EngineApiUrlConfigValue],
confJwtSecret: Option[InputFile]): seq[EngineApiUrl] = confJwtSecret: Opt[InputFile]): seq[EngineApiUrl] =
let jwtSecret = loadJwtSecret confJwtSecret let jwtSecret = loadJwtSecret confJwtSecret
for elUrl in elUrls: for elUrl in elUrls:

4
beacon_chain/el/el_manager.nim
View File

@ -688,7 +688,7 @@ func hash*(x: Eth1Data): Hash =
func isConnected(connection: ELConnection): bool = func isConnected(connection: ELConnection): bool =
connection.web3.isSome connection.web3.isSome
func getJsonRpcRequestHeaders(jwtSecret: Option[seq[byte]]): func getJsonRpcRequestHeaders(jwtSecret: Opt[seq[byte]]):
auto = auto =
if jwtSecret.isSome: if jwtSecret.isSome:
let secret = jwtSecret.get let secret = jwtSecret.get
@ -2189,7 +2189,7 @@ func `$`(x: BlockObject): string =
proc testWeb3Provider*(web3Url: Uri, proc testWeb3Provider*(web3Url: Uri,
depositContractAddress: Eth1Address, depositContractAddress: Eth1Address,
jwtSecret: Option[seq[byte]]) {.async.} = jwtSecret: Opt[seq[byte]]) {.async.} =
stdout.write "Establishing web3 connection..." stdout.write "Establishing web3 connection..."
var web3: Web3 var web3: Web3
try: try:

3
beacon_chain/spec/engine_authentication.nim
View File

@ -13,7 +13,6 @@ import
from std/base64 import encode from std/base64 import encode
from std/json import JsonNode, `$`, `%*` from std/json import JsonNode, `$`, `%*`
from std/options import Option, get, isNone
from std/os import `/` from std/os import `/`
from std/strutils import replace from std/strutils import replace
@ -83,7 +82,7 @@ proc loadJwtSecretFile*(jwtSecretFile: InputFile): Result[seq[byte], cstring] =
err("invalid JWT hex string") err("invalid JWT hex string")
proc checkJwtSecret*( proc checkJwtSecret*(
rng: var HmacDrbgContext, dataDir: string, jwtSecret: Option[InputFile]): rng: var HmacDrbgContext, dataDir: string, jwtSecret: Opt[InputFile]):
Result[seq[byte], cstring] = Result[seq[byte], cstring] =
# If such a parameter is given, but the file cannot be read, or does not # If such a parameter is given, but the file cannot be read, or does not
# contain a hex-encoded key of 256 bits, the client should treat this as an # contain a hex-encoded key of 256 bits, the client should treat this as an

8
tests/test_el_conf.nim
View File

@ -40,8 +40,8 @@ suite "EL Configuration":
url1.jwtSecretFile.isNone url1.jwtSecretFile.isNone
let let
url1Final1 = url1.toFinalUrl(some validJwtToken) url1Final1 = url1.toFinalUrl(Opt.some validJwtToken)
url1Final2 = url1.toFinalUrl(none seq[byte]) url1Final2 = url1.toFinalUrl(Opt.none seq[byte])
check: check:
url1Final1.isOk url1Final1.isOk
@ -70,7 +70,7 @@ suite "EL Configuration":
url3.jwtSecret == some("ee95565a2cc95553d4bf2185f58658939ba3074ce5695cbabfab4a1eaf7098ba") url3.jwtSecret == some("ee95565a2cc95553d4bf2185f58658939ba3074ce5695cbabfab4a1eaf7098ba")
url3.jwtSecretFile.isNone url3.jwtSecretFile.isNone
let url3Final = url3.toFinalUrl(some validJwtToken) let url3Final = url3.toFinalUrl(Opt.some validJwtToken)
check: check:
url3Final.isOk url3Final.isOk
url3Final.get.jwtSecret.get.toHex == "ee95565a2cc95553d4bf2185f58658939ba3074ce5695cbabfab4a1eaf7098ba" url3Final.get.jwtSecret.get.toHex == "ee95565a2cc95553d4bf2185f58658939ba3074ce5695cbabfab4a1eaf7098ba"
@ -84,7 +84,7 @@ suite "EL Configuration":
url4.jwtSecret == some("ee95565a2cc95553d4bf2185f58658939ba3074ce5695cbabfab4a1eaf7098ba23") url4.jwtSecret == some("ee95565a2cc95553d4bf2185f58658939ba3074ce5695cbabfab4a1eaf7098ba23")
url4.jwtSecretFile.isNone url4.jwtSecretFile.isNone
let url4Final = url4.toFinalUrl(some validJwtToken) let url4Final = url4.toFinalUrl(Opt.some validJwtToken)
check: check:
not url4Final.isOk # the JWT secret is invalid not url4Final.isOk # the JWT secret is invalid