consistent auth token for validator apis (#13747)

* wip * fixing tests * adding more tests especially to handle legacy * fixing linting * fixing deepsource issues and flags * fixing some deepsource issues,pathing issues, and logs * some review items * adding additional review feedback * updating to follow updates from https://github.com/ethereum/keymanager-APIs/pull/74 * adjusting functions to match changes in keymanagers PR * Update validator/rpc/auth_token.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * Update validator/rpc/auth_token.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * Update validator/rpc/auth_token.go Co-authored-by: Radosław Kapka <rkapka@wp.pl> * review feedback --------- Co-authored-by: Radosław Kapka <rkapka@wp.pl>
2026-01-09 15:37:56 -05:00 · 2024-04-18 11:26:49 -05:00
parent 219301339c
commit feb16ae4aa
21 changed files with 378 additions and 250 deletions
--- a/validator/rpc/server.go
+++ b/validator/rpc/server.go
@@ -47,6 +47,7 @@ type Config struct {
 	CertFlag                 string
 	KeyFlag                  string
 	ValDB                    db.Database
+	AuthTokenPath            string
 	WalletDir                string
 	ValidatorService         *client.ValidatorService
 	SyncChecker              client.SyncChecker
@@ -87,6 +88,8 @@ type Server struct {
 	validatorService          *client.ValidatorService
 	syncChecker               client.SyncChecker
 	genesisFetcher            client.GenesisFetcher
+	authTokenPath             string
+	authToken                 string
 	walletDir                 string
 	wallet                    *wallet.Wallet
 	walletInitializedFeed     *event.Feed
@@ -123,6 +126,7 @@ func NewServer(ctx context.Context, cfg *Config) *Server {
 		validatorService:         cfg.ValidatorService,
 		syncChecker:              cfg.SyncChecker,
 		genesisFetcher:           cfg.GenesisFetcher,
+		authTokenPath:            cfg.AuthTokenPath,
 		walletDir:                cfg.WalletDir,
 		walletInitializedFeed:    cfg.WalletInitializedFeed,
 		walletInitialized:        cfg.Wallet != nil,
@@ -136,6 +140,19 @@ func NewServer(ctx context.Context, cfg *Config) *Server {
 		beaconApiEndpoint:        cfg.BeaconApiEndpoint,
 		router:                   cfg.Router,
 	}
+
+	if server.authTokenPath == "" && server.walletDir != "" {
+		server.authTokenPath = filepath.Join(server.walletDir, api.AuthTokenFileName)
+	}
+
+	if server.authTokenPath != "" {
+		if err := server.initializeAuthToken(); err != nil {
+			log.WithError(err).Error("Could not initialize web auth token")
+		}
+		validatorWebAddr := fmt.Sprintf("%s:%d", server.validatorGatewayHost, server.validatorGatewayPort)
+		logValidatorWebAuth(validatorWebAddr, server.authToken, server.authTokenPath)
+		go server.refreshAuthTokenFromFileChanges(server.ctx, server.authTokenPath)
+	}
 	// immediately register routes to override any catchalls
 	if err := server.InitializeRoutes(); err != nil {
 		log.WithError(err).Fatal("Could not initialize routes")
@@ -146,7 +163,7 @@ func NewServer(ctx context.Context, cfg *Config) *Server {
 // Start the gRPC server.
 func (s *Server) Start() {
 	// Setup the gRPC server options and TLS configuration.
-	address := fmt.Sprintf("%s:%s", s.host, s.port)
+	address := net.JoinHostPort(s.host, s.port)
 	lis, err := net.Listen("tcp", address)
 	if err != nil {
 		log.WithError(err).Errorf("Could not listen to port in Start() %s", address)
@@ -163,7 +180,7 @@ func (s *Server) Start() {
 			),
 			grpcprometheus.UnaryServerInterceptor,
 			grpcopentracing.UnaryServerInterceptor(),
-			s.JWTInterceptor(),
+			s.AuthTokenInterceptor(),
 		)),
 	}
 	grpcprometheus.EnableHandlingTimeHistogram()
@@ -198,17 +215,6 @@ func (s *Server) Start() {
 	}()

 	log.WithField("address", address).Info("gRPC server listening on address")
-	if s.walletDir != "" {
-		token, err := s.initializeAuthToken(s.walletDir)
-		if err != nil {
-			log.WithError(err).Error("Could not initialize web auth token")
-			return
-		}
-		validatorWebAddr := fmt.Sprintf("%s:%d", s.validatorGatewayHost, s.validatorGatewayPort)
-		authTokenPath := filepath.Join(s.walletDir, AuthTokenFileName)
-		logValidatorWebAuth(validatorWebAddr, token, authTokenPath)
-		go s.refreshAuthTokenFromFileChanges(s.ctx, authTokenPath)
-	}
 }

 // InitializeRoutes initializes pure HTTP REST endpoints for the validator client.
@@ -218,7 +224,7 @@ func (s *Server) InitializeRoutes() error {
 		return errors.New("no router found on server")
 	}
 	// Adding Auth Interceptor for the routes below
-	s.router.Use(s.JwtHttpInterceptor)
+	s.router.Use(s.AuthTokenHandler)
 	// Register all services, HandleFunc calls, etc.
 	// ...
 	s.router.HandleFunc("/eth/v1/keystores", s.ListKeystores).Methods(http.MethodGet)