Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adds rpc:token cli command #2293

Merged
merged 1 commit into from
Oct 25, 2022
Merged

adds rpc:token cli command #2293

merged 1 commit into from
Oct 25, 2022

Conversation

hughy
Copy link
Contributor

@hughy hughy commented Oct 5, 2022

Summary

adds a command to retrieve or set the value of the rpcAuthToken key in internal.json

ironfish rpc:token prints out the token, if any.

ironfish rpc:token --token=<value> sets the token.

Closes https://airtable.com/appIXmGgVqP9QdbCf/pagcUNImP87iLU1r7?FG6K5=recUzR97TjxBboY00

Testing Plan

image

Breaking Change

Is this a breaking change? If yes, add notes below on why this is breaking and
what additional work is required, if any.

[ ] Yes

@hughy
adds rpc:token cli command
93d32d0 
adds a command to retrieve or set the value of the rpcAuthToken key in
internal.json

`ironfish rpc:token` prints out the token, if any.

`ironfish rpc:token --token=<value>` sets the token.
@hughy hughy requested a review from a team as a code owner October 5, 2022 01:16
@ygao76
Copy link
Contributor

ygao76 commented Oct 5, 2022

From the security standpoint, can malicious people get the rpc token and hijack the tls calll? I assume this call needs auth if its via tls so the auth token is not exposed publicly. Can people get the auth token w/t the auth token?

@hughy
Copy link
Contributor Author

hughy commented Oct 5, 2022

From the security standpoint, can malicious people get the rpc token and hijack the tls calll? I assume this call needs auth if its via tls so the auth token is not exposed publicly. Can people get the auth token w/t the auth token?

That's a good question! This will be safe because it doesn't make an RPC connection to a node or any TLS calls. It uses the SDK to read/write the local internal.json file without interacting with the node.

@dguenther dguenther merged commit 85ac121 into staging Oct 25, 2022
@dguenther dguenther deleted the feature/rpc-token-cli branch October 25, 2022 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dguenther dguenther dguenther approved these changes

@ygao76 ygao76 ygao76 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hughy @ygao76 @dguenther