From 15ddd32e75e4fda7907d6e8867281955129de190 Mon Sep 17 00:00:00 2001 From: Andrew Ashikhmin <34320705+yperbasis@users.noreply.github.com> Date: Tue, 10 May 2022 13:04:52 +0200 Subject: [PATCH] Engine API: remove unauth port (#4111) * Engine API: remove unauth port * Remove reduntant auth from variable names --- Dockerfile | 2 +- README.md | 5 ++--- cmd/rpcdaemon/cli/config.go | 45 ++++++++++--------------------------- cmd/rpcdaemon/test.http | 14 ------------ docker-compose.yml | 1 - node/defaults.go | 2 +- 6 files changed, 16 insertions(+), 53 deletions(-) diff --git a/Dockerfile b/Dockerfile index a9836e39f..287edaf17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ RUN chown -R erigon:erigon /home/erigon USER erigon -EXPOSE 8545 8550 8551 8546 30303 30303/udp 42069 42069/udp 8080 9090 6060 +EXPOSE 8545 8551 8546 30303 30303/udp 42069 42069/udp 8080 9090 6060 # https://github.com/opencontainers/image-spec/blob/main/annotations.md ARG BUILD_DATE diff --git a/README.md b/README.md index d280cba9d..bda578c3b 100644 --- a/README.md +++ b/README.md @@ -323,11 +323,10 @@ internally for rpcdaemon or other connections, (e.g. rpcdaemon -> erigon) | Port | Protocol | Purpose | Expose | |:-----:|:---------:|:------------------:|:-------:| | 8545 | TCP | HTTP & WebSockets | Private | -| 8550 | TCP | HTTP | Private | -| 8551 | TCP | HTTP with JWS auth | Private | +| 8551 | TCP | HTTP with JWT auth | Private | Typically 8545 is exposed only internally for JSON-RPC queries. Both HTTP and WebSocket connections are on the same port. -Typically 8550 (unauthenticated) and 8551 (authenticated) are exposed only internally for the Engine API JSON-RPC queries. +Typically 8551 (JWT authenticated) is exposed only internally for the Engine API JSON-RPC queries. #### `sentry` ports diff --git a/cmd/rpcdaemon/cli/config.go b/cmd/rpcdaemon/cli/config.go index 71664eddf..e573581b0 100644 --- a/cmd/rpcdaemon/cli/config.go +++ b/cmd/rpcdaemon/cli/config.go @@ -431,7 +431,6 @@ func RemoteServices(ctx context.Context, cfg httpcfg.HttpCfg, logger log.Logger, func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API) error { var engineListener *http.Server - var engineListenerAuth *http.Server var engineSrv *rpc.Server var engineHttpEndpoint string @@ -496,7 +495,7 @@ func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API) "ws.compression", cfg.WebsocketCompression, "grpc", cfg.GRPCServerEnabled} if len(engineAPI) > 0 { - engineListener, engineListenerAuth, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, engineAPI) + engineListener, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, engineAPI) if err != nil { return fmt.Errorf("could not start RPC api for engine: %w", err) } @@ -539,11 +538,6 @@ func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API) log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint) } - if engineListenerAuth != nil { - _ = engineListenerAuth.Shutdown(shutdownCtx) - log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint) - } - if cfg.GRPCServerEnabled { if cfg.GRPCHealthCheckEnabled { healthServer.Shutdown() @@ -614,60 +608,45 @@ func createHandler(cfg httpcfg.HttpCfg, apiList []rpc.API, httpHandler http.Hand return handler, nil } -func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *http.Server, *rpc.Server, string, error) { +func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *rpc.Server, string, error) { engineHttpEndpoint := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort) - engineHttpEndpointAuth := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort+1) engineSrv := rpc.NewServer(cfg.RpcBatchConcurrency) allowListForRPC, err := parseAllowListForRPC(cfg.RpcAllowListFilePath) if err != nil { - return nil, nil, nil, "", err + return nil, nil, "", err } engineSrv.SetAllowList(allowListForRPC) if err := node.RegisterApisFromWhitelist(engineApi, nil, engineSrv, true); err != nil { - return nil, nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err) + return nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err) } jwtSecret, err := obtainJWTSecret(cfg) if err != nil { - return nil, nil, nil, "", err + return nil, nil, "", err } - var wsHandlerNonAuth http.Handler - var wsHandlerAuth http.Handler - + var wsHandler http.Handler if cfg.WebsocketEnabled { - wsHandlerNonAuth = engineSrv.WebsocketHandler([]string{"*"}, nil, cfg.WebsocketCompression) - wsHandlerAuth = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression) + wsHandler = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression) } engineHttpHandler := node.NewHTTPHandlerStack(engineSrv, cfg.HttpCORSDomain, cfg.HttpVirtualHost, cfg.HttpCompression) - engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandlerNonAuth, nil) - if err != nil { - return nil, nil, nil, "", err - } - engineApiHandlerAuth, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandlerAuth, jwtSecret) + engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandler, jwtSecret) if err != nil { - return nil, nil, nil, "", err + return nil, nil, "", err } engineListener, _, err := node.StartHTTPEndpoint(engineHttpEndpoint, rpc.DefaultHTTPTimeouts, engineApiHandler) if err != nil { - return nil, nil, nil, "", fmt.Errorf("could not start RPC api: %w", err) - } - - engineListenerAuth, _, err := node.StartHTTPEndpoint(engineHttpEndpointAuth, rpc.DefaultHTTPTimeouts, engineApiHandlerAuth) - if err != nil { - return nil, nil, nil, "", fmt.Errorf("could not start RPC api: %w", err) + return nil, nil, "", fmt.Errorf("could not start RPC api: %w", err) } engineInfo := []interface{}{"url", engineHttpEndpoint, "ws", cfg.WebsocketEnabled} - log.Info("HTTP endpoint opened for engine", engineInfo...) - engineInfoAuth := []interface{}{"url", engineHttpEndpointAuth, "ws", cfg.WebsocketEnabled} - log.Info("HTTP endpoint opened for auth engine", engineInfoAuth...) + log.Info("HTTP endpoint opened for Engine API", engineInfo...) - return engineListener, engineListenerAuth, engineSrv, engineHttpEndpoint, nil + return engineListener, engineSrv, engineHttpEndpoint, nil } diff --git a/cmd/rpcdaemon/test.http b/cmd/rpcdaemon/test.http index 4ab4c6344..9811a5839 100644 --- a/cmd/rpcdaemon/test.http +++ b/cmd/rpcdaemon/test.http @@ -47,20 +47,6 @@ Content-Type: application/json ### -POST localhost:8550 -Content-Type: application/json - -{ - "jsonrpc": "2.0", - "method": "engine_getPayloadV1", - "params": [ - "0x1112131415161718" - ], - "id": 1 -} - -### - # curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_getTransactionByHash", "params": ["0x8582cf1230e0b1c191a306e907ee4abe3459607dfa84143ebd496de7e77fa45e", true], "id":1}' localhost:8545 POST localhost:8545 Content-Type: application/json diff --git a/docker-compose.yml b/docker-compose.yml index 3a1868027..ceb4e58ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,6 @@ services: - erigon ports: - "8545:8545" - - "8550:8550" - "8551:8551" restart: unless-stopped diff --git a/node/defaults.go b/node/defaults.go index 4210c7a22..3b7ab03a5 100644 --- a/node/defaults.go +++ b/node/defaults.go @@ -26,7 +26,7 @@ import ( const ( DefaultHTTPHost = "localhost" // Default host interface for the HTTP RPC server DefaultHTTPPort = 8545 // Default TCP port for the HTTP RPC server - DefaultEngineHTTPPort = 8550 // Default TCP port for the engineApi HTTP RPC server + DefaultEngineHTTPPort = 8551 // Default TCP port for the engineApi HTTP RPC server DefaultWSHost = "localhost" // Default host interface for the websocket RPC server DefaultWSPort = 8546 // Default TCP port for the websocket RPC server DefaultGRPCHost = "localhost" // Default host interface for the GRPC server