Fix JWT secret path (#7765)

Co-authored-by: Ruben Buniatyan <[email protected]> Co-authored-by: Osakpolor Obaseki <[email protected]>
NethermindEth · Dec 12, 2024 · a831e5a · a831e5a
1 parent c61ee36
commit a831e5a
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 71 deletions.
diff --git a/src/Nethermind/Nethermind.JsonRpc/IJsonRpcConfig.cs b/src/Nethermind/Nethermind.JsonRpc/IJsonRpcConfig.cs
@@ -128,7 +128,7 @@ public interface IJsonRpcConfig : IConfig
             """)]
     int? EthModuleConcurrentInstances { get; set; }
 
-    [ConfigItem(Description = "The path to the JWT secret file required for the Engine API authentication.", DefaultValue = "keystore/jwt-secret")]
+    [ConfigItem(Description = "The path to the JWT secret file required for the Engine API authentication.", DefaultValue = "null")]
     public string JwtSecretFile { get; set; }
 
     [ConfigItem(Description = "Whether to disable authentication of the Engine API. Should not be used in production environments.", DefaultValue = "false", HiddenFromDocs = true)]

diff --git a/src/Nethermind/Nethermind.JsonRpc/JsonRpcConfig.cs b/src/Nethermind/Nethermind.JsonRpc/JsonRpcConfig.cs
@@ -47,7 +47,7 @@ public string[] EnabledModules
     public long? MaxRequestBodySize { get; set; } = 30000000;
     public int MaxLogsPerResponse { get; set; } = 20_000;
     public int? EthModuleConcurrentInstances { get; set; } = null;
-    public string JwtSecretFile { get; set; } = "keystore/jwt-secret";
+    public string JwtSecretFile { get; set; } = null;
     public bool UnsecureDevNoRpcAuthentication { get; set; }
     public int? MaxLoggedRequestParametersCharacters { get; set; } = null;
     public string[]? MethodsLoggingFiltering { get; set; } =
@@ -67,4 +67,3 @@ public string[] EnabledModules
     public int EstimateErrorMargin { get; set; } = 150;
     public string[] CorsOrigins { get; set; } = ["*"];
 };
-
diff --git a/src/Nethermind/Nethermind.Runner/Ethereum/Steps/StartRpc.cs b/src/Nethermind/Nethermind.Runner/Ethereum/Steps/StartRpc.cs
@@ -2,6 +2,8 @@
 // SPDX-License-Identifier: LGPL-3.0-only
 
 using System.Linq;
+using System;
+using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
 using Nethermind.Api;
@@ -14,95 +16,115 @@
 using Nethermind.Logging;
 using Nethermind.Runner.JsonRpc;
 using Nethermind.Serialization.Json;
+using Nethermind.KeyStore.Config;
 
-namespace Nethermind.Runner.Ethereum.Steps
+namespace Nethermind.Runner.Ethereum.Steps;
+
+[RunnerStepDependencies(typeof(InitializeNetwork), typeof(RegisterRpcModules), typeof(RegisterPluginRpcModules))]
+public class StartRpc(INethermindApi api) : IStep
 {
-    [RunnerStepDependencies(typeof(InitializeNetwork), typeof(RegisterRpcModules), typeof(RegisterPluginRpcModules))]
-    public class StartRpc : IStep
+    private readonly INethermindApi _api = api;
+
+    public async Task Execute(CancellationToken cancellationToken)
     {
-        private readonly INethermindApi _api;
+        IJsonRpcConfig jsonRpcConfig = _api.Config<IJsonRpcConfig>();
+        IKeyStoreConfig keyStoreConfig = _api.Config<IKeyStoreConfig>();
+        ILogger logger = _api.LogManager.GetClassLogger();
 
-        public StartRpc(INethermindApi api)
-        {
-            _api = api;
-        }
+        if (string.IsNullOrEmpty(jsonRpcConfig.JwtSecretFile))
+            ConfigureJwtSecret(keyStoreConfig, jsonRpcConfig, logger);
 
-        public async Task Execute(CancellationToken cancellationToken)
+        if (jsonRpcConfig.Enabled)
         {
-            IJsonRpcConfig jsonRpcConfig = _api.Config<IJsonRpcConfig>();
-            ILogger logger = _api.LogManager.GetClassLogger();
-
-            if (jsonRpcConfig.Enabled)
-            {
-                IInitConfig initConfig = _api.Config<IInitConfig>();
-                IJsonRpcUrlCollection jsonRpcUrlCollection = new JsonRpcUrlCollection(_api.LogManager, jsonRpcConfig, initConfig.WebSocketsEnabled);
+            IInitConfig initConfig = _api.Config<IInitConfig>();
+            IJsonRpcUrlCollection jsonRpcUrlCollection = new JsonRpcUrlCollection(_api.LogManager, jsonRpcConfig, initConfig.WebSocketsEnabled);
 
-                IRpcModuleProvider rpcModuleProvider = _api.RpcModuleProvider!;
-                JsonRpcService jsonRpcService = new(rpcModuleProvider, _api.LogManager, jsonRpcConfig);
+            IRpcModuleProvider rpcModuleProvider = _api.RpcModuleProvider!;
+            JsonRpcService jsonRpcService = new(rpcModuleProvider, _api.LogManager, jsonRpcConfig);
 
-                IJsonSerializer jsonSerializer = new EthereumJsonSerializer();
-                IRpcAuthentication auth = jsonRpcConfig.UnsecureDevNoRpcAuthentication || !jsonRpcUrlCollection.Values.Any(u => u.IsAuthenticated)
-                    ? NoAuthentication.Instance
-                    : JwtAuthentication.FromFile(jsonRpcConfig.JwtSecretFile, _api.Timestamper, logger);
+            IJsonSerializer jsonSerializer = new EthereumJsonSerializer();
+            IRpcAuthentication auth = jsonRpcConfig.UnsecureDevNoRpcAuthentication || !jsonRpcUrlCollection.Values.Any(u => u.IsAuthenticated)
+                ? NoAuthentication.Instance
+                : JwtAuthentication.FromFile(jsonRpcConfig.JwtSecretFile, _api.Timestamper, logger);
 
+            JsonRpcProcessor jsonRpcProcessor = new(
+                jsonRpcService,
+                jsonRpcConfig,
+                _api.FileSystem,
+                _api.LogManager,
+                _api.ProcessExit);
 
-                JsonRpcProcessor jsonRpcProcessor = new(
+            if (initConfig.WebSocketsEnabled)
+            {
+                JsonRpcWebSocketsModule webSocketsModule = new(
+                    jsonRpcProcessor,
                     jsonRpcService,
-                    jsonRpcConfig,
-                    _api.FileSystem,
+                    _api.JsonRpcLocalStats!,
                     _api.LogManager,
-                    _api.ProcessExit);
-
-
-                if (initConfig.WebSocketsEnabled)
-                {
-                    JsonRpcWebSocketsModule webSocketsModule = new(
-                        jsonRpcProcessor,
-                        jsonRpcService,
-                        _api.JsonRpcLocalStats!,
-                        _api.LogManager,
-                        jsonSerializer,
-                        jsonRpcUrlCollection,
-                        auth,
-                        jsonRpcConfig.MaxBatchResponseBodySize);
-
-                    _api.WebSocketsManager!.AddModule(webSocketsModule, true);
-                }
-
-                Bootstrap.Instance.JsonRpcService = jsonRpcService;
-                Bootstrap.Instance.LogManager = _api.LogManager;
-                Bootstrap.Instance.JsonSerializer = jsonSerializer;
-                Bootstrap.Instance.JsonRpcLocalStats = _api.JsonRpcLocalStats!;
-                Bootstrap.Instance.JsonRpcAuthentication = auth;
-
-                JsonRpcRunner? jsonRpcRunner = new(
-                    jsonRpcProcessor,
+                    jsonSerializer,
                     jsonRpcUrlCollection,
-                    _api.WebSocketsManager!,
-                    _api.ConfigProvider,
                     auth,
-                    _api.LogManager,
-                    _api);
+                    jsonRpcConfig.MaxBatchResponseBodySize);
 
-                await jsonRpcRunner.Start(cancellationToken).ContinueWith(x =>
-                {
-                    if (x.IsFaulted && logger.IsError)
-                        logger.Error("Error during jsonRpc runner start", x.Exception);
-                }, cancellationToken);
+                _api.WebSocketsManager!.AddModule(webSocketsModule, true);
+            }
 
-                JsonRpcIpcRunner jsonIpcRunner = new(jsonRpcProcessor, _api.ConfigProvider,
-                    _api.LogManager, _api.JsonRpcLocalStats!, jsonSerializer, _api.FileSystem);
-                jsonIpcRunner.Start(cancellationToken);
+            Bootstrap.Instance.JsonRpcService = jsonRpcService;
+            Bootstrap.Instance.LogManager = _api.LogManager;
+            Bootstrap.Instance.JsonSerializer = jsonSerializer;
+            Bootstrap.Instance.JsonRpcLocalStats = _api.JsonRpcLocalStats!;
+            Bootstrap.Instance.JsonRpcAuthentication = auth;
+
+            JsonRpcRunner? jsonRpcRunner = new(
+                jsonRpcProcessor,
+                jsonRpcUrlCollection,
+                _api.WebSocketsManager!,
+                _api.ConfigProvider,
+                auth,
+                _api.LogManager,
+                _api);
+
+            await jsonRpcRunner.Start(cancellationToken).ContinueWith(x =>
+            {
+                if (x.IsFaulted && logger.IsError)
+                    logger.Error("Error during jsonRpc runner start", x.Exception);
+            }, cancellationToken);
+
+            JsonRpcIpcRunner jsonIpcRunner = new(jsonRpcProcessor, _api.ConfigProvider,
+                _api.LogManager, _api.JsonRpcLocalStats!, jsonSerializer, _api.FileSystem);
+            jsonIpcRunner.Start(cancellationToken);
 
 #pragma warning disable 4014
-                _api.DisposeStack.Push(
-                    new Reactive.AnonymousDisposable(() => jsonRpcRunner.StopAsync())); // do not await
-                _api.DisposeStack.Push(jsonIpcRunner); // do not await
+            _api.DisposeStack.Push(
+                new Reactive.AnonymousDisposable(() => jsonRpcRunner.StopAsync())); // do not await
+            _api.DisposeStack.Push(jsonIpcRunner); // do not await
 #pragma warning restore 4014
+        }
+        else
+        {
+            if (logger.IsInfo) logger.Info("Json RPC is disabled");
+        }
+    }
+    private static void ConfigureJwtSecret(IKeyStoreConfig keyStoreConfig, IJsonRpcConfig jsonRpcConfig, ILogger logger)
+    {
+        string newPath = Path.GetFullPath(Path.Join(keyStoreConfig.KeyStoreDirectory, "jwt-secret"));
+        string oldPath = Path.GetFullPath("keystore/jwt-secret");
+        jsonRpcConfig.JwtSecretFile = newPath;
+
+        // check if jwt-secret file already exists in previous default directory
+        if (!File.Exists(newPath) && File.Exists(oldPath))
+        {
+            try
+            {
+                File.Move(oldPath, newPath);
+
+                if (logger.IsWarn) logger.Warn($"Moved JWT secret from {oldPath} to {newPath}");
             }
-            else
+            catch (Exception ex)
             {
-                if (logger.IsInfo) logger.Info("Json RPC is disabled");
+                if (logger.IsError) logger.Error($"Failed moving JWT secret to {newPath}.", ex);
+
+                jsonRpcConfig.JwtSecretFile = oldPath;
             }
         }
     }