mirror/erigon-pulse
1
0
Fork 0
mirror of https://gitlab.com/pulsechaincom/erigon-pulse.git synced 2025-01-03 01:27:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Engine API: remove unauth port (#4111)

Browse Source 
* Engine API: remove unauth port

* Remove reduntant auth from variable names
This commit is contained in:
Andrew Ashikhmin 2022-05-10 13:04:52 +02:00 committed by GitHub
parent 763563ec77
commit 15ddd32e75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 16 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -20,7 +20,7 @@ RUN chown -R erigon:erigon /home/erigon
USER erigon USER erigon
EXPOSE 8545 8550 8551 8546 30303 30303/udp 42069 42069/udp 8080 9090 6060 EXPOSE 8545 8551 8546 30303 30303/udp 42069 42069/udp 8080 9090 6060
# https://github.com/opencontainers/image-spec/blob/main/annotations.md # https://github.com/opencontainers/image-spec/blob/main/annotations.md
ARG BUILD_DATE ARG BUILD_DATE

5
README.md
View File

@ -323,11 +323,10 @@ internally for rpcdaemon or other connections, (e.g. rpcdaemon -> erigon)
| Port | Protocol | Purpose | Expose | | Port | Protocol | Purpose | Expose |
|:-----:|:---------:|:------------------:|:-------:| |:-----:|:---------:|:------------------:|:-------:|
| 8545 | TCP | HTTP & WebSockets | Private | | 8545 | TCP | HTTP & WebSockets | Private |
| 8550 | TCP | HTTP | Private | | 8551 | TCP | HTTP with JWT auth | Private |
| 8551 | TCP | HTTP with JWS auth | Private |
Typically 8545 is exposed only internally for JSON-RPC queries. Both HTTP and WebSocket connections are on the same port. Typically 8545 is exposed only internally for JSON-RPC queries. Both HTTP and WebSocket connections are on the same port.
Typically 8550 (unauthenticated) and 8551 (authenticated) are exposed only internally for the Engine API JSON-RPC queries. Typically 8551 (JWT authenticated) is exposed only internally for the Engine API JSON-RPC queries.
#### `sentry` ports #### `sentry` ports

45
cmd/rpcdaemon/cli/config.go
View File

@ -431,7 +431,6 @@ func RemoteServices(ctx context.Context, cfg httpcfg.HttpCfg, logger log.Logger,
func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API) error { func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API) error {
var engineListener *http.Server var engineListener *http.Server
var engineListenerAuth *http.Server
var engineSrv *rpc.Server var engineSrv *rpc.Server
var engineHttpEndpoint string var engineHttpEndpoint string
@ -496,7 +495,7 @@ func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API)
"ws.compression", cfg.WebsocketCompression, "grpc", cfg.GRPCServerEnabled} "ws.compression", cfg.WebsocketCompression, "grpc", cfg.GRPCServerEnabled}
if len(engineAPI) > 0 { if len(engineAPI) > 0 {
engineListener, engineListenerAuth, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, engineAPI) engineListener, engineSrv, engineHttpEndpoint, err = createEngineListener(cfg, engineAPI)
if err != nil { if err != nil {
return fmt.Errorf("could not start RPC api for engine: %w", err) return fmt.Errorf("could not start RPC api for engine: %w", err)
} }
@ -539,11 +538,6 @@ func StartRpcServer(ctx context.Context, cfg httpcfg.HttpCfg, rpcAPI []rpc.API)
log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint) log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint)
} }
if engineListenerAuth != nil {
_ = engineListenerAuth.Shutdown(shutdownCtx)
log.Info("Engine HTTP endpoint close", "url", engineHttpEndpoint)
}
if cfg.GRPCServerEnabled { if cfg.GRPCServerEnabled {
if cfg.GRPCHealthCheckEnabled { if cfg.GRPCHealthCheckEnabled {
healthServer.Shutdown() healthServer.Shutdown()
@ -614,60 +608,45 @@ func createHandler(cfg httpcfg.HttpCfg, apiList []rpc.API, httpHandler http.Hand
return handler, nil return handler, nil
} }
func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *http.Server, *rpc.Server, string, error) { func createEngineListener(cfg httpcfg.HttpCfg, engineApi []rpc.API) (*http.Server, *rpc.Server, string, error) {
engineHttpEndpoint := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort) engineHttpEndpoint := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort)
engineHttpEndpointAuth := fmt.Sprintf("%s:%d", cfg.EngineHTTPListenAddress, cfg.EnginePort+1)
engineSrv := rpc.NewServer(cfg.RpcBatchConcurrency) engineSrv := rpc.NewServer(cfg.RpcBatchConcurrency)
allowListForRPC, err := parseAllowListForRPC(cfg.RpcAllowListFilePath) allowListForRPC, err := parseAllowListForRPC(cfg.RpcAllowListFilePath)
if err != nil { if err != nil {
return nil, nil, nil, "", err return nil, nil, "", err
} }
engineSrv.SetAllowList(allowListForRPC) engineSrv.SetAllowList(allowListForRPC)
if err := node.RegisterApisFromWhitelist(engineApi, nil, engineSrv, true); err != nil { if err := node.RegisterApisFromWhitelist(engineApi, nil, engineSrv, true); err != nil {
return nil, nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err) return nil, nil, "", fmt.Errorf("could not start register RPC engine api: %w", err)
} }
jwtSecret, err := obtainJWTSecret(cfg) jwtSecret, err := obtainJWTSecret(cfg)
if err != nil { if err != nil {
return nil, nil, nil, "", err return nil, nil, "", err
} }
var wsHandlerNonAuth http.Handler var wsHandler http.Handler
var wsHandlerAuth http.Handler
if cfg.WebsocketEnabled { if cfg.WebsocketEnabled {
wsHandlerNonAuth = engineSrv.WebsocketHandler([]string{"*"}, nil, cfg.WebsocketCompression) wsHandler = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression)
wsHandlerAuth = engineSrv.WebsocketHandler([]string{"*"}, jwtSecret, cfg.WebsocketCompression)
} }
engineHttpHandler := node.NewHTTPHandlerStack(engineSrv, cfg.HttpCORSDomain, cfg.HttpVirtualHost, cfg.HttpCompression) engineHttpHandler := node.NewHTTPHandlerStack(engineSrv, cfg.HttpCORSDomain, cfg.HttpVirtualHost, cfg.HttpCompression)
engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandlerNonAuth, nil)
if err != nil {
return nil, nil, nil, "", err
}
engineApiHandlerAuth, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandlerAuth, jwtSecret) engineApiHandler, err := createHandler(cfg, engineApi, engineHttpHandler, wsHandler, jwtSecret)
if err != nil { if err != nil {
return nil, nil, nil, "", err return nil, nil, "", err
} }
engineListener, _, err := node.StartHTTPEndpoint(engineHttpEndpoint, rpc.DefaultHTTPTimeouts, engineApiHandler) engineListener, _, err := node.StartHTTPEndpoint(engineHttpEndpoint, rpc.DefaultHTTPTimeouts, engineApiHandler)
if err != nil { if err != nil {
return nil, nil, nil, "", fmt.Errorf("could not start RPC api: %w", err) return nil, nil, "", fmt.Errorf("could not start RPC api: %w", err)
}
engineListenerAuth, _, err := node.StartHTTPEndpoint(engineHttpEndpointAuth, rpc.DefaultHTTPTimeouts, engineApiHandlerAuth)
if err != nil {
return nil, nil, nil, "", fmt.Errorf("could not start RPC api: %w", err)
} }
engineInfo := []interface{}{"url", engineHttpEndpoint, "ws", cfg.WebsocketEnabled} engineInfo := []interface{}{"url", engineHttpEndpoint, "ws", cfg.WebsocketEnabled}
log.Info("HTTP endpoint opened for engine", engineInfo...) log.Info("HTTP endpoint opened for Engine API", engineInfo...)
engineInfoAuth := []interface{}{"url", engineHttpEndpointAuth, "ws", cfg.WebsocketEnabled}
log.Info("HTTP endpoint opened for auth engine", engineInfoAuth...)
return engineListener, engineListenerAuth, engineSrv, engineHttpEndpoint, nil return engineListener, engineSrv, engineHttpEndpoint, nil
} }

14
cmd/rpcdaemon/test.http
View File

@ -47,20 +47,6 @@ Content-Type: application/json
### ###
POST localhost:8550
Content-Type: application/json
{
"jsonrpc": "2.0",
"method": "engine_getPayloadV1",
"params": [
"0x1112131415161718"
],
"id": 1
}
###
# curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_getTransactionByHash", "params": ["0x8582cf1230e0b1c191a306e907ee4abe3459607dfa84143ebd496de7e77fa45e", true], "id":1}' localhost:8545 # curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"eth_getTransactionByHash", "params": ["0x8582cf1230e0b1c191a306e907ee4abe3459607dfa84143ebd496de7e77fa45e", true], "id":1}' localhost:8545
POST localhost:8545 POST localhost:8545
Content-Type: application/json Content-Type: application/json

1
docker-compose.yml
View File

@ -50,7 +50,6 @@ services:
- erigon - erigon
ports: ports:
- "8545:8545" - "8545:8545"
- "8550:8550"
- "8551:8551" - "8551:8551"
restart: unless-stopped restart: unless-stopped

2
node/defaults.go
View File

@ -26,7 +26,7 @@ import (
const ( const (
DefaultHTTPHost = "localhost" // Default host interface for the HTTP RPC server DefaultHTTPHost = "localhost" // Default host interface for the HTTP RPC server
DefaultHTTPPort = 8545 // Default TCP port for the HTTP RPC server DefaultHTTPPort = 8545 // Default TCP port for the HTTP RPC server
DefaultEngineHTTPPort = 8550 // Default TCP port for the engineApi HTTP RPC server DefaultEngineHTTPPort = 8551 // Default TCP port for the engineApi HTTP RPC server
DefaultWSHost = "localhost" // Default host interface for the websocket RPC server DefaultWSHost = "localhost" // Default host interface for the websocket RPC server
DefaultWSPort = 8546 // Default TCP port for the websocket RPC server DefaultWSPort = 8546 // Default TCP port for the websocket RPC server
DefaultGRPCHost = "localhost" // Default host interface for the GRPC server DefaultGRPCHost = "localhost" // Default host interface for the GRPC server