From a831e5a249801892059acf2e281e5a14f3bc876c Mon Sep 17 00:00:00 2001 From: Shubham Sonthalia Date: Thu, 12 Dec 2024 23:42:01 +0530 Subject: [PATCH] Fix JWT secret path (#7765) Co-authored-by: Ruben Buniatyan Co-authored-by: Osakpolor Obaseki <12957252+obasekiosa@users.noreply.github.com> --- .../Nethermind.JsonRpc/IJsonRpcConfig.cs | 2 +- .../Nethermind.JsonRpc/JsonRpcConfig.cs | 3 +- .../Ethereum/Steps/StartRpc.cs | 158 ++++++++++-------- 3 files changed, 92 insertions(+), 71 deletions(-) diff --git a/src/Nethermind/Nethermind.JsonRpc/IJsonRpcConfig.cs b/src/Nethermind/Nethermind.JsonRpc/IJsonRpcConfig.cs index a202fcf5986..b9389ec4ccd 100644 --- a/src/Nethermind/Nethermind.JsonRpc/IJsonRpcConfig.cs +++ b/src/Nethermind/Nethermind.JsonRpc/IJsonRpcConfig.cs @@ -128,7 +128,7 @@ public interface IJsonRpcConfig : IConfig """)] int? EthModuleConcurrentInstances { get; set; } - [ConfigItem(Description = "The path to the JWT secret file required for the Engine API authentication.", DefaultValue = "keystore/jwt-secret")] + [ConfigItem(Description = "The path to the JWT secret file required for the Engine API authentication.", DefaultValue = "null")] public string JwtSecretFile { get; set; } [ConfigItem(Description = "Whether to disable authentication of the Engine API. Should not be used in production environments.", DefaultValue = "false", HiddenFromDocs = true)] diff --git a/src/Nethermind/Nethermind.JsonRpc/JsonRpcConfig.cs b/src/Nethermind/Nethermind.JsonRpc/JsonRpcConfig.cs index 8a1f556e69e..ca238b4d411 100644 --- a/src/Nethermind/Nethermind.JsonRpc/JsonRpcConfig.cs +++ b/src/Nethermind/Nethermind.JsonRpc/JsonRpcConfig.cs @@ -47,7 +47,7 @@ public string[] EnabledModules public long? MaxRequestBodySize { get; set; } = 30000000; public int MaxLogsPerResponse { get; set; } = 20_000; public int? EthModuleConcurrentInstances { get; set; } = null; - public string JwtSecretFile { get; set; } = "keystore/jwt-secret"; + public string JwtSecretFile { get; set; } = null; public bool UnsecureDevNoRpcAuthentication { get; set; } public int? MaxLoggedRequestParametersCharacters { get; set; } = null; public string[]? MethodsLoggingFiltering { get; set; } = @@ -67,4 +67,3 @@ public string[] EnabledModules public int EstimateErrorMargin { get; set; } = 150; public string[] CorsOrigins { get; set; } = ["*"]; }; - diff --git a/src/Nethermind/Nethermind.Runner/Ethereum/Steps/StartRpc.cs b/src/Nethermind/Nethermind.Runner/Ethereum/Steps/StartRpc.cs index 14d07ff0743..e3edd8e9528 100644 --- a/src/Nethermind/Nethermind.Runner/Ethereum/Steps/StartRpc.cs +++ b/src/Nethermind/Nethermind.Runner/Ethereum/Steps/StartRpc.cs @@ -2,6 +2,8 @@ // SPDX-License-Identifier: LGPL-3.0-only using System.Linq; +using System; +using System.IO; using System.Threading; using System.Threading.Tasks; using Nethermind.Api; @@ -14,95 +16,115 @@ using Nethermind.Logging; using Nethermind.Runner.JsonRpc; using Nethermind.Serialization.Json; +using Nethermind.KeyStore.Config; -namespace Nethermind.Runner.Ethereum.Steps +namespace Nethermind.Runner.Ethereum.Steps; + +[RunnerStepDependencies(typeof(InitializeNetwork), typeof(RegisterRpcModules), typeof(RegisterPluginRpcModules))] +public class StartRpc(INethermindApi api) : IStep { - [RunnerStepDependencies(typeof(InitializeNetwork), typeof(RegisterRpcModules), typeof(RegisterPluginRpcModules))] - public class StartRpc : IStep + private readonly INethermindApi _api = api; + + public async Task Execute(CancellationToken cancellationToken) { - private readonly INethermindApi _api; + IJsonRpcConfig jsonRpcConfig = _api.Config(); + IKeyStoreConfig keyStoreConfig = _api.Config(); + ILogger logger = _api.LogManager.GetClassLogger(); - public StartRpc(INethermindApi api) - { - _api = api; - } + if (string.IsNullOrEmpty(jsonRpcConfig.JwtSecretFile)) + ConfigureJwtSecret(keyStoreConfig, jsonRpcConfig, logger); - public async Task Execute(CancellationToken cancellationToken) + if (jsonRpcConfig.Enabled) { - IJsonRpcConfig jsonRpcConfig = _api.Config(); - ILogger logger = _api.LogManager.GetClassLogger(); - - if (jsonRpcConfig.Enabled) - { - IInitConfig initConfig = _api.Config(); - IJsonRpcUrlCollection jsonRpcUrlCollection = new JsonRpcUrlCollection(_api.LogManager, jsonRpcConfig, initConfig.WebSocketsEnabled); + IInitConfig initConfig = _api.Config(); + IJsonRpcUrlCollection jsonRpcUrlCollection = new JsonRpcUrlCollection(_api.LogManager, jsonRpcConfig, initConfig.WebSocketsEnabled); - IRpcModuleProvider rpcModuleProvider = _api.RpcModuleProvider!; - JsonRpcService jsonRpcService = new(rpcModuleProvider, _api.LogManager, jsonRpcConfig); + IRpcModuleProvider rpcModuleProvider = _api.RpcModuleProvider!; + JsonRpcService jsonRpcService = new(rpcModuleProvider, _api.LogManager, jsonRpcConfig); - IJsonSerializer jsonSerializer = new EthereumJsonSerializer(); - IRpcAuthentication auth = jsonRpcConfig.UnsecureDevNoRpcAuthentication || !jsonRpcUrlCollection.Values.Any(u => u.IsAuthenticated) - ? NoAuthentication.Instance - : JwtAuthentication.FromFile(jsonRpcConfig.JwtSecretFile, _api.Timestamper, logger); + IJsonSerializer jsonSerializer = new EthereumJsonSerializer(); + IRpcAuthentication auth = jsonRpcConfig.UnsecureDevNoRpcAuthentication || !jsonRpcUrlCollection.Values.Any(u => u.IsAuthenticated) + ? NoAuthentication.Instance + : JwtAuthentication.FromFile(jsonRpcConfig.JwtSecretFile, _api.Timestamper, logger); + JsonRpcProcessor jsonRpcProcessor = new( + jsonRpcService, + jsonRpcConfig, + _api.FileSystem, + _api.LogManager, + _api.ProcessExit); - JsonRpcProcessor jsonRpcProcessor = new( + if (initConfig.WebSocketsEnabled) + { + JsonRpcWebSocketsModule webSocketsModule = new( + jsonRpcProcessor, jsonRpcService, - jsonRpcConfig, - _api.FileSystem, + _api.JsonRpcLocalStats!, _api.LogManager, - _api.ProcessExit); - - - if (initConfig.WebSocketsEnabled) - { - JsonRpcWebSocketsModule webSocketsModule = new( - jsonRpcProcessor, - jsonRpcService, - _api.JsonRpcLocalStats!, - _api.LogManager, - jsonSerializer, - jsonRpcUrlCollection, - auth, - jsonRpcConfig.MaxBatchResponseBodySize); - - _api.WebSocketsManager!.AddModule(webSocketsModule, true); - } - - Bootstrap.Instance.JsonRpcService = jsonRpcService; - Bootstrap.Instance.LogManager = _api.LogManager; - Bootstrap.Instance.JsonSerializer = jsonSerializer; - Bootstrap.Instance.JsonRpcLocalStats = _api.JsonRpcLocalStats!; - Bootstrap.Instance.JsonRpcAuthentication = auth; - - JsonRpcRunner? jsonRpcRunner = new( - jsonRpcProcessor, + jsonSerializer, jsonRpcUrlCollection, - _api.WebSocketsManager!, - _api.ConfigProvider, auth, - _api.LogManager, - _api); + jsonRpcConfig.MaxBatchResponseBodySize); - await jsonRpcRunner.Start(cancellationToken).ContinueWith(x => - { - if (x.IsFaulted && logger.IsError) - logger.Error("Error during jsonRpc runner start", x.Exception); - }, cancellationToken); + _api.WebSocketsManager!.AddModule(webSocketsModule, true); + } - JsonRpcIpcRunner jsonIpcRunner = new(jsonRpcProcessor, _api.ConfigProvider, - _api.LogManager, _api.JsonRpcLocalStats!, jsonSerializer, _api.FileSystem); - jsonIpcRunner.Start(cancellationToken); + Bootstrap.Instance.JsonRpcService = jsonRpcService; + Bootstrap.Instance.LogManager = _api.LogManager; + Bootstrap.Instance.JsonSerializer = jsonSerializer; + Bootstrap.Instance.JsonRpcLocalStats = _api.JsonRpcLocalStats!; + Bootstrap.Instance.JsonRpcAuthentication = auth; + + JsonRpcRunner? jsonRpcRunner = new( + jsonRpcProcessor, + jsonRpcUrlCollection, + _api.WebSocketsManager!, + _api.ConfigProvider, + auth, + _api.LogManager, + _api); + + await jsonRpcRunner.Start(cancellationToken).ContinueWith(x => + { + if (x.IsFaulted && logger.IsError) + logger.Error("Error during jsonRpc runner start", x.Exception); + }, cancellationToken); + + JsonRpcIpcRunner jsonIpcRunner = new(jsonRpcProcessor, _api.ConfigProvider, + _api.LogManager, _api.JsonRpcLocalStats!, jsonSerializer, _api.FileSystem); + jsonIpcRunner.Start(cancellationToken); #pragma warning disable 4014 - _api.DisposeStack.Push( - new Reactive.AnonymousDisposable(() => jsonRpcRunner.StopAsync())); // do not await - _api.DisposeStack.Push(jsonIpcRunner); // do not await + _api.DisposeStack.Push( + new Reactive.AnonymousDisposable(() => jsonRpcRunner.StopAsync())); // do not await + _api.DisposeStack.Push(jsonIpcRunner); // do not await #pragma warning restore 4014 + } + else + { + if (logger.IsInfo) logger.Info("Json RPC is disabled"); + } + } + private static void ConfigureJwtSecret(IKeyStoreConfig keyStoreConfig, IJsonRpcConfig jsonRpcConfig, ILogger logger) + { + string newPath = Path.GetFullPath(Path.Join(keyStoreConfig.KeyStoreDirectory, "jwt-secret")); + string oldPath = Path.GetFullPath("keystore/jwt-secret"); + jsonRpcConfig.JwtSecretFile = newPath; + + // check if jwt-secret file already exists in previous default directory + if (!File.Exists(newPath) && File.Exists(oldPath)) + { + try + { + File.Move(oldPath, newPath); + + if (logger.IsWarn) logger.Warn($"Moved JWT secret from {oldPath} to {newPath}"); } - else + catch (Exception ex) { - if (logger.IsInfo) logger.Info("Json RPC is disabled"); + if (logger.IsError) logger.Error($"Failed moving JWT secret to {newPath}.", ex); + + jsonRpcConfig.JwtSecretFile = oldPath; } } }