Add authentication #11
Conversation
| let key_value = match api_key.clone() { | ||
| Some(key) => { | ||
| // For security, only use the first 8 chars of the API key in metrics | ||
| if key.len() > 8 { | ||
| format!("{}...", &key[0..8]) | ||
| } else { | ||
| key | ||
| } | ||
| } | ||
| None => "none".to_string(), | ||
| }; | ||
| counter!("websocket_proxy.connections_by_api_key", "key" => key_value).increment(1); |
There was a problem hiding this comment.
Instead of this I wonder if we should take in api keys in the format:
<application>:<key>,<application2>:<key2>
Then we can log out the application info, it'll make it much easier to debug issues that way too (and no need to partially leak the key)
| Router::new() | ||
| .route("/healthz", get(healthz_handler)) | ||
| .route("/ws", any(websocket_handler)) | ||
| .with_state(server_state) |
There was a problem hiding this comment.
nit: You could move three of these four lines outside of conditional, and add the route for ws for the conditional.
|
I tested in sepolia-alpha using the API keys from config service, did you manually apply and update to the keys? It doesn't work for me: |
| #[arg(long, env, value_delimiter = ',', help = "API keys to allow")] | ||
| api_keys: Vec<String>, |
There was a problem hiding this comment.
This configuration will actually parse the empty --api-keys flag or API_KEYS= env var into a Vec containing a single empty string.
You'll probably want to filter out all empty strings after applying the parser/delimiter, like so:
let api_keys = args.api_keys.into_iter().filter(|key| !key.is_empty()).collect()
|
I'll fix this bug and move this PR to the flashbots rollup boost org |
Add authentication feature such that connecting to the proxy requires an API key if authentication is enabled.
Tested on devnet