gnosis/lighthouse
1
0
Fork 0
mirror of https://github.com/sigp/lighthouse.git synced 2026-03-10 04:01:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth for engine api (#3046)

Browse Source 
## Issue Addressed

Resolves #3015 

## Proposed Changes

Add JWT token based authentication to engine api requests. The jwt secret key is read from the provided file and is used to sign tokens that are used for authenticated communication with the EL node.

- [x] Interop with geth (synced `merge-devnet-4` with the `merge-kiln-v2` branch on geth)
- [x] Interop with other EL clients (nethermind on `merge-devnet-4`)
- [x] ~Implement `zeroize` for jwt secrets~
- [x] Add auth server tests with `mock_execution_layer`
- [x] Get auth working with the `execution_engine_integration` tests






Co-authored-by: Paul Hauner <paul@paulhauner.com>
This commit is contained in:
Pawan Dhananjay
2022-03-08 06:46:24 +00:00
parent 3b4865c3ae
commit 381d0ece3c
18 changed files with 735 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
beacon_node/execution_layer/src/engine_api.rs
View File

@@ -1,5 +1,6 @@
use async_trait::async_trait;
use eth1::http::RpcError;
use reqwest::StatusCode;
use serde::{Deserialize, Serialize};
pub const LATEST_TAG: &str = "latest";
@@ -8,6 +9,7 @@ use crate::engines::ForkChoiceState;
pub use json_structures::TransitionConfigurationV1;
pub use types::{Address, EthSpec, ExecutionBlockHash, ExecutionPayload, Hash256, Uint256};
pub mod auth;
pub mod http;
pub mod json_structures;
@@ -16,6 +18,7 @@ pub type PayloadId = [u8; 8];
#[derive(Debug)]
pub enum Error {
Reqwest(reqwest::Error),
Auth(auth::Error),
BadResponse(String),
RequestFailed(String),
InvalidExecutePayloadResponse(&'static str),
@@ -33,7 +36,14 @@ pub enum Error {
impl From<reqwest::Error> for Error {
fn from(e: reqwest::Error) -> Self {
Error::Reqwest(e)
if matches!(
e.status(),
Some(StatusCode::UNAUTHORIZED) | Some(StatusCode::FORBIDDEN)
) {
Error::Auth(auth::Error::InvalidToken)
} else {
Error::Reqwest(e)
}
}
}
@@ -43,6 +53,12 @@ impl From<serde_json::Error> for Error {
}
}
impl From<auth::Error> for Error {
fn from(e: auth::Error) -> Self {
Error::Auth(e)
}
}
/// A generic interface for an execution engine API.
#[async_trait]
pub trait EngineApi {