Feat/block proposal authorization password for v2/block_proposal endpoint

[jferrant]

Added config option to the signer and to the ConnectionOptions for adding a password. Just passing it around as a plaintext password in the authorization header.

[codecov]

Codecov Report

Attention: Patch coverage is 86.51685% with 12 lines in your changes are missing coverage. Please review.

Project coverage is 83.30%. Comparing base (0910eed) to head (60c9e33).
Report is 5 commits behind head on next.

Additional details and impacted files

@@            Coverage Diff             @@
##             next    #4471      +/-   ##
==========================================
+ Coverage   83.23%   83.30%   +0.07%     
==========================================
  Files         453      453              
  Lines      325584   325630      +46     
  Branches      318      318              
==========================================
+ Hits       270993   271263     +270     
+ Misses      54583    54359     -224     
  Partials        8        8              

Files	Coverage Δ
stacks-signer/src/client/stacks_client.rs	87.25% <100.00%> (+0.10%)	⬆️
stacks-signer/src/config.rs	84.71% <100.00%> (+0.29%)	⬆️
stackslib/src/net/api/mod.rs	91.37% <100.00%> (+0.30%)	⬆️
stackslib/src/net/connection.rs	83.51% <100.00%> (+0.01%)	⬆️
stackslib/src/net/httpcore.rs	82.77% <100.00%> (-0.19%)	⬇️
testnet/stacks-node/src/config.rs	74.26% <100.00%> (+6.28%)	⬆️
testnet/stacks-node/src/tests/signer.rs	93.45% <100.00%> (+0.06%)	⬆️
stacks-signer/src/cli.rs	33.60% <0.00%> (-0.28%)	⬇️
stacks-signer/src/main.rs	32.26% <0.00%> (-0.09%)	⬇️
stackslib/src/net/api/postblock_proposal.rs	80.67% <81.81%> (-0.21%)	⬇️
... and 1 more

... and 29 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0910eed...60c9e33. Read the comment docs.

[hstove]

Thanks for hustling on this!

[obycode]

🙌 lgtm!

[jcnelson]

This isn't the right way to do HMAC. Also, we don't need it here since we're not even supporting HTTPS.

Can you instead just have the block-proposal endpoint check for an authorization header and treat the value as a bare password? Thanks!

[jferrant]

This isn't the right way to do HMAC. Also, we don't need it here since we're not even supporting HTTPS.

Can you instead just have the block-proposal endpoint check for an authorization header and treat the value as a bare password? Thanks!

Yep will do!

[obycode]

lgtm!

[hstove]

👏

[hstove]

@jferrant as a sanity check, can you run the regtest env with this PR's latest commit and make sure it produces at least one Nakamoto block?

[hstove]

Re-requesting reviews. I'm running regtest-env based on the last commit here and it's working as expected! I've added the needed config changes to hirosystems/stacks-regtest-env#32

[hstove]

lgtm and have tested in regtest!

[obycode]

lgtm!