Skip to content
This repository was archived by the owner on May 30, 2025. It is now read-only.

feat: generate JWT token on each call #28

Merged
tzdybal merged 1 commit into from
Feb 18, 2025
Merged

feat: generate JWT token on each call #28

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 12 additions & 9 deletions execution.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,14 +54,18 @@ func NewEngineAPIExecutionClient(
return nil, err
}

authToken, err := getAuthToken(jwtSecret)
secret, err := decodeSecret(jwtSecret)
if err != nil {
ethClient.Close()
return nil, err
}

engineClient, err := rpc.DialOptions(context.Background(), engineURL,
rpc.WithHTTPAuth(func(h http.Header) error {
authToken, err := getAuthToken(secret)
if err != nil {
return err
}

if authToken != "" {
h.Set("Authorization", "Bearer "+authToken)
}
Expand Down Expand Up @@ -278,23 +282,22 @@ func (c *EngineAPIExecutionClient) derivePrevRandao(blockHeight uint64) common.H
return common.BigToHash(big.NewInt(int64(blockHeight))) //nolint:gosec // disable G115
}

// Add this function to execution.go
func getAuthToken(jwtSecret string) (string, error) {
if jwtSecret == "" {
return "", nil
}
func decodeSecret(jwtSecret string) ([]byte, error) {
secret, err := hex.DecodeString(strings.TrimPrefix(jwtSecret, "0x"))
if err != nil {
return "", fmt.Errorf("failed to decode JWT secret: %w", err)
return nil, fmt.Errorf("failed to decode JWT secret: %w", err)
}
return secret, nil
}

func getAuthToken(jwtSecret []byte) (string, error) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"exp": time.Now().Add(time.Hour * 1).Unix(), // Expires in 1 hour
"iat": time.Now().Unix(),
})

// Sign the token with the decoded secret
authToken, err := token.SignedString(secret)
authToken, err := token.SignedString(jwtSecret)
if err != nil {
return "", fmt.Errorf("failed to sign JWT token: %w", err)
}
Expand Down
7 changes: 6 additions & 1 deletion integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,12 @@ func waitForRethContainer(t *testing.T, jwtSecret string) error {
}
req.Header.Set("Content-Type", "application/json")

authToken, err := getAuthToken(jwtSecret)
secret, err := decodeSecret(jwtSecret)
if err != nil {
return err
}

authToken, err := getAuthToken(secret)
if err != nil {
return err
}
Expand Down
3 changes: 1 addition & 2 deletions mocks_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,8 +194,7 @@ func NewMockEthAPI(t *testing.T) *MockEthAPI {

_ = json.NewEncoder(w).Encode(map[string]interface{}{
"jsonrpc": "2.0",
"id": req["id"],
"result": resp,
"id": req["id"], "result": resp,
})
}))

Expand Down