Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

re-enabling jwt on keymanager API #13492

Merged
merged 8 commits into from Jan 22, 2024
Merged

re-enabling jwt on keymanager API #13492

merged 8 commits into from Jan 22, 2024

Conversation

james-prysm
Copy link
Contributor

@james-prysm james-prysm commented Jan 19, 2024
edited

What type of PR is this?

Other

What does this PR do? Why is it needed?

https://ethereum.github.io/keymanager-APIs

I noticed that the keymanager APIs do have the appropriate codes if using a jwt token, so I am re-enabling the middleware to handle it in the following pr

Tests

curl -X GET "http://localhost:7500/eth/v1/keystores" -H "accept: application/json"
unauthorized: no Authorization header passed. Please use an Authorization header with the jwt created in the prysm wallet

curl -X GET "http://localhost:7500/eth/v1/keystores" -H "accept: application/json"   -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.vgs336GzjwJZaYV7lrmUS1swwVXQqsA1_TB42-7ewIE"
{"data":[{"validating_pubkey":"0x855ae9c6184d6edd46351b375f16f541b2d33b0ed0da9be4571b13938588aee840ba606a946f0e8023ae3a4b2a43b4d4","derivation_path":""},{"validating_pubkey":"0xaa0ef7404c3a164741856c78cc844072448886291e3c5b29514001d1bd8c5ccc9c342a1caa58c3b45734195ef4b4122c","derivation_path":""}]}

Also tested on web UI

@james-prysm james-prysm requested a review from a team as a code owner January 19, 2024 19:09
saolyn
saolyn reviewed Jan 19, 2024
View reviewed changes
validator/rpc/intercepter.go Outdated Show resolved Hide resolved
validator/rpc/intercepter.go Show resolved Hide resolved
james-prysm and others added 2 commits January 19, 2024 14:16
@james-prysm @saolyn
Update validator/rpc/intercepter.go
1b4f7fd 
Co-authored-by: Sammy Rosso <15244892+saolyn@users.noreply.github.com>
@james-prysm
handling error in test
a958c85
saolyn
saolyn reviewed Jan 20, 2024
View reviewed changes
validator/rpc/intercepter.go Outdated
@@ -50,7 +49,8 @@ func (s *Server) JwtHttpInterceptor(next http.Handler) http.Handler {
token := strings.Split(reqToken, "Bearer ")[1]
_, err := jwt.Parse(token, s.validateJWT)
if err != nil {
http.Error(w, fmt.Errorf("unauthorized:could not parse JWT token: %v", err).Error(), http.StatusUnauthorized)
fmt.Println(err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debug log?

saolyn
saolyn reviewed Jan 20, 2024
View reviewed changes
validator/rpc/intercepter.go Outdated
@@ -84,5 +84,6 @@ func (s *Server) validateJWT(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected JWT signing method: %v", token.Header["alg"])
}
fmt.Println(s.jwtSecret)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debug log?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops yes will remove

@james-prysm james-prysm added this pull request to the merge queue Jan 22, 2024
@james-prysm james-prysm added API Api related tasks Security Security Related Issues labels Jan 22, 2024
Merged via the queue into develop with commit 8dd5e96 Jan 22, 2024
17 checks passed
@james-prysm james-prysm deleted the jwt-keymanager-api branch January 22, 2024 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saolyn saolyn saolyn approved these changes

@kasey kasey Awaiting requested review from kasey kasey is a code owner automatically assigned from prysmaticlabs/core-team

@nalepae nalepae Awaiting requested review from nalepae nalepae is a code owner automatically assigned from prysmaticlabs/core-team

@terencechain terencechain Awaiting requested review from terencechain terencechain is a code owner automatically assigned from prysmaticlabs/core-team

@rkapka rkapka Awaiting requested review from rkapka

Assignees
No one assigned
Labels
API Api related tasks Security Security Related Issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@james-prysm @saolyn