auth for engine api (#3046)

## Issue Addressed Resolves #3015 ## Proposed Changes Add JWT token based authentication to engine api requests. The jwt secret key is read from the provided file and is used to sign tokens that are used for authenticated communication with the EL node. - [x] Interop with geth (synced `merge-devnet-4` with the `merge-kiln-v2` branch on geth) - [x] Interop with other EL clients (nethermind on `merge-devnet-4`) - [x] ~Implement `zeroize` for jwt secrets~ - [x] Add auth server tests with `mock_execution_layer` - [x] Get auth working with the `execution_engine_integration` tests Co-authored-by: Paul Hauner <paul@paulhauner.com>
2026-03-20 21:34:46 +00:00 · 2022-03-08 06:46:24 +00:00
parent 3b4865c3ae
commit 381d0ece3c
18 changed files with 735 additions and 79 deletions
--- a/beacon_node/client/src/builder.rs
+++ b/beacon_node/client/src/builder.rs
@@ -149,11 +149,10 @@ where
            None
        };

-        let execution_layer = if let Some(execution_endpoints) = config.execution_endpoints {
+        let execution_layer = if let Some(config) = config.execution_layer {
            let context = runtime_context.service_context("exec".into());
-            let execution_layer = ExecutionLayer::from_urls(
-                execution_endpoints,
-                config.suggested_fee_recipient,
+            let execution_layer = ExecutionLayer::from_config(
+                config,
                context.executor.clone(),
                context.log().clone(),
            )
--- a/beacon_node/client/src/config.rs
+++ b/beacon_node/client/src/config.rs
@@ -4,7 +4,7 @@ use sensitive_url::SensitiveUrl;
 use serde_derive::{Deserialize, Serialize};
 use std::fs;
 use std::path::PathBuf;
-use types::{Address, Graffiti, PublicKeyBytes};
+use types::{Graffiti, PublicKeyBytes};

 /// Default directory name for the freezer database under the top-level data dir.
 const DEFAULT_FREEZER_DB_DIR: &str = "freezer_db";
@@ -72,8 +72,7 @@ pub struct Config {
    pub network: network::NetworkConfig,
    pub chain: beacon_chain::ChainConfig,
    pub eth1: eth1::Config,
-    pub execution_endpoints: Option<Vec<SensitiveUrl>>,
-    pub suggested_fee_recipient: Option<Address>,
+    pub execution_layer: Option<execution_layer::Config>,
    pub http_api: http_api::Config,
    pub http_metrics: http_metrics::Config,
    pub monitoring_api: Option<monitoring_api::Config>,
@@ -94,8 +93,7 @@ impl Default for Config {
            dummy_eth1_backend: false,
            sync_eth1_chain: false,
            eth1: <_>::default(),
-            execution_endpoints: None,
-            suggested_fee_recipient: None,
+            execution_layer: None,
            graffiti: Graffiti::default(),
            http_api: <_>::default(),
            http_metrics: <_>::default(),