Add SensitiveUrl to redact user secrets from endpoints (#2326)

## Issue Addressed #2276 ## Proposed Changes Add the `SensitiveUrl` struct which wraps `Url` and implements custom `Display` and `Debug` traits to redact user secrets from being logged in eth1 endpoints, beacon node endpoints and metrics. ## Additional Info This also includes a small rewrite of the eth1 crate to make requests using `Url` instead of `&str`. Some error messages have also been changed to remove `Url` data.
2026-06-30 19:34:37 +00:00 · 2021-05-04 01:59:51 +00:00
parent 2ccb358d87
commit 4cc613d644
38 changed files with 362 additions and 143 deletions
--- a/common/remote_signer_consumer/src/http_client.rs
+++ b/common/remote_signer_consumer/src/http_client.rs
@@ -4,17 +4,18 @@ use crate::{
 };
 use reqwest::StatusCode;
 pub use reqwest::Url;
+use sensitive_url::SensitiveUrl;
 use types::{Domain, Fork, Hash256};

 /// A wrapper around `reqwest::Client` which provides convenience methods
 /// to interface with a BLS Remote Signer.
 pub struct RemoteSignerHttpConsumer {
    client: reqwest::Client,
-    server: Url,
+    server: SensitiveUrl,
 }

 impl RemoteSignerHttpConsumer {
-    pub fn from_components(server: Url, client: reqwest::Client) -> Self {
+    pub fn from_components(server: SensitiveUrl, client: reqwest::Client) -> Self {
        Self { client, server }
    }

@@ -43,7 +44,7 @@ impl RemoteSignerHttpConsumer {
            ));
        }

-        let mut path = self.server.clone();
+        let mut path = self.server.full.clone();
        path.path_segments_mut()
            .map_err(|()| Error::InvalidUrl(self.server.clone()))?
            .push("sign")
--- a/common/remote_signer_consumer/src/lib.rs
+++ b/common/remote_signer_consumer/src/lib.rs
@@ -20,10 +20,11 @@
 //!
 //! ```
 //! use remote_signer_consumer::RemoteSignerHttpConsumer;
-//! use reqwest::{ClientBuilder, Url};
+//! use reqwest::ClientBuilder;
+//! use sensitive_url::SensitiveUrl;
 //! use tokio::time::Duration;
 //!
-//! let url: Url = "http://127.0.0.1:9000".parse().unwrap();
+//! let url = SensitiveUrl::parse("http://127.0.0.1:9000").unwrap();
 //! let reqwest_client = ClientBuilder::new()
 //!       .timeout(Duration::from_secs(2))
 //!       .build()
@@ -115,6 +116,7 @@ mod http_client;

 pub use http_client::RemoteSignerHttpConsumer;
 pub use reqwest::Url;
+use sensitive_url::SensitiveUrl;
 use serde::{Deserialize, Serialize};
 use types::{AttestationData, BeaconBlock, Domain, Epoch, EthSpec, Fork, Hash256, SignedRoot};

@@ -125,7 +127,7 @@ pub enum Error {
    /// The server returned an error message where the body was able to be parsed.
    ServerMessage(String),
    /// The supplied URL is badly formatted. It should look something like `http://127.0.0.1:5052`.
-    InvalidUrl(Url),
+    InvalidUrl(SensitiveUrl),
    /// The supplied parameter is invalid.
    InvalidParameter(String),
 }