Unify execution layer endpoints (#3214)

## Issue Addressed Resolves #3069 ## Proposed Changes Unify the `eth1-endpoints` and `execution-endpoints` flags in a backwards compatible way as described in https://github.com/sigp/lighthouse/issues/3069#issuecomment-1134219221 Users have 2 options: 1. Use multiple non auth execution endpoints for deposit processing pre-merge 2. Use a single jwt authenticated execution endpoint for both execution layer and deposit processing post merge Related https://github.com/sigp/lighthouse/issues/3118 To enable jwt authenticated deposit processing, this PR removes the calls to `net_version` as the `net` namespace is not exposed in the auth server in execution clients. Moving away from using `networkId` is a good step in my opinion as it doesn't provide us with any added guarantees over `chainId`. See https://github.com/ethereum/consensus-specs/issues/2163 and https://github.com/sigp/lighthouse/issues/2115 Co-authored-by: Paul Hauner <paul@paulhauner.com>
2026-03-15 10:52:43 +00:00 · 2022-06-29 09:07:09 +00:00
parent 53b2b500db
commit 5de00b7ee8
31 changed files with 1113 additions and 992 deletions
--- a/beacon_node/execution_layer/src/engine_api/auth.rs
+++ b/beacon_node/execution_layer/src/engine_api/auth.rs
@@ -1,3 +1,5 @@
+use std::path::PathBuf;
+
 use jsonwebtoken::{encode, get_current_timestamp, Algorithm, EncodingKey, Header};
 use rand::Rng;
 use serde::{Deserialize, Serialize};
@@ -13,6 +15,7 @@ pub const JWT_SECRET_LENGTH: usize = 32;
 pub enum Error {
    JWT(jsonwebtoken::errors::Error),
    InvalidToken,
+    InvalidKey(String),
 }

 impl From<jsonwebtoken::errors::Error> for Error {
@@ -57,6 +60,14 @@ impl JwtKey {
    }
 }

+pub fn strip_prefix(s: &str) -> &str {
+    if let Some(stripped) = s.strip_prefix("0x") {
+        stripped
+    } else {
+        s
+    }
+}
+
 /// Contains the JWT secret and claims parameters.
 pub struct Auth {
    key: EncodingKey,
@@ -73,6 +84,28 @@ impl Auth {
        }
    }

+    /// Create a new `Auth` struct given the path to the file containing the hex
+    /// encoded jwt key.
+    pub fn new_with_path(
+        jwt_path: PathBuf,
+        id: Option<String>,
+        clv: Option<String>,
+    ) -> Result<Self, Error> {
+        std::fs::read_to_string(&jwt_path)
+            .map_err(|e| {
+                Error::InvalidKey(format!(
+                    "Failed to read JWT secret file {:?}, error: {:?}",
+                    jwt_path, e
+                ))
+            })
+            .and_then(|ref s| {
+                let secret_bytes = hex::decode(strip_prefix(s.trim_end()))
+                    .map_err(|e| Error::InvalidKey(format!("Invalid hex string: {:?}", e)))?;
+                let secret = JwtKey::from_slice(&secret_bytes).map_err(Error::InvalidKey)?;
+                Ok(Self::new(secret, id, clv))
+            })
+    }
+
    /// Generate a JWT token with `claims.iat` set to current time.
    pub fn generate_token(&self) -> Result<String, Error> {
        let claims = self.generate_claims_at_timestamp();