cmd/geth, node, rpc: implement jwt tokens (#24364)

* rpc, node: refactor request validation and add jwt validation * node, rpc: fix error message, ignore engine api in RegisterAPIs * node: make authenticated port configurable * eth/catalyst: enable unauthenticated version of engine api * node: rework obtainjwtsecret (backport later) * cmd/geth: added auth port flag * node: happy lint, happy life * node: refactor authenticated api Modifies the authentication mechanism to use default values * node: trim spaces and newline away from secret Co-authored-by: Marius van der Wijden <m.vanderwijden@live.de>
2022-03-07 08:30:27 +01:00
parent 37f9d25ba0
commit 4860e50e05
21 changed files with 422 additions and 62 deletions
--- a/rpc/server.go
+++ b/rpc/server.go
@ -26,6 +26,7 @@ import (
 )

 const MetadataApi = "rpc"
+const EngineApi = "engine"

 // CodecOption specifies which type of messages a codec supports.
 //
--- a/rpc/types.go
+++ b/rpc/types.go
@ -30,10 +30,11 @@ import (

 // API describes the set of methods offered over the RPC interface
 type API struct {
-	Namespace string      // namespace under which the rpc methods of Service are exposed
-	Version   string      // api version for DApp's
-	Service   interface{} // receiver instance which holds the methods
-	Public    bool        // indication if the methods must be considered safe for public use
+	Namespace     string      // namespace under which the rpc methods of Service are exposed
+	Version       string      // api version for DApp's
+	Service       interface{} // receiver instance which holds the methods
+	Public        bool        // indication if the methods must be considered safe for public use
+	Authenticated bool        // whether the api should only be available behind authentication.
 }

 // ServerCodec implements reading, parsing and writing RPC messages for the server side of
--- a/rpc/websocket_test.go
+++ b/rpc/websocket_test.go
@ -76,7 +76,7 @@ func TestWebsocketOriginCheck(t *testing.T) {
 	// Connections without origin header should work.
 	client, err = DialWebsocket(context.Background(), wsURL, "")
 	if err != nil {
-		t.Fatal("error for empty origin")
+		t.Fatalf("error for empty origin: %v", err)
 	}
 	client.Close()
 }