Expose jwt-secret flag in erigon (#3741)

726557fe · Enrique Jose Avila Asapche · GitHub · 5e4655cd · 726557fe · 726557fe
Unverified Commit 726557fe authored Mar 21, 2022 by Enrique Jose Avila Asapche Committed by GitHub Mar 21, 2022
--- a/cmd/rpcdaemon/cli/config.go
+++ b/cmd/rpcdaemon/cli/config.go
@@ -91,7 +91,7 @@ func RootCommand() (*cobra.Command, *httpcfg.HttpCfg) {
 	rootCmd.PersistentFlags().IntVar(&cfg.GRPCPort, "grpc.port", node.DefaultGRPCPort, "GRPC server listening port")
 	rootCmd.PersistentFlags().BoolVar(&cfg.GRPCHealthCheckEnabled, "grpc.healthcheck", false, "Enable GRPC health check")
 	rootCmd.PersistentFlags().StringVar(&cfg.StarknetGRPCAddress, "starknet.grpc.address", "127.0.0.1:6066", "Starknet GRPC address")
-	rootCmd.PersistentFlags().StringVar(&cfg.JWTSecretPath, "jwt-secret", "", "Token to ensure safe connection between CL and EL")
+	rootCmd.PersistentFlags().StringVar(&cfg.JWTSecretPath, utils.JWTSecretPath.Name, utils.JWTSecretPath.Value, "Token to ensure safe connection between CL and EL")

 	if err := rootCmd.MarkPersistentFlagFilename("rpc.accessList", "json"); err != nil {
 		panic(err)
@@ -563,32 +563,24 @@ func isWebsocket(r *http.Request) bool {
 // or from the default location. If neither of those are present, it generates
 // a new secret and stores to the default location.
 func obtainJWTSecret(cfg httpcfg.HttpCfg) ([]byte, error) {
-	var fileName string
-	if len(cfg.JWTSecretPath) > 0 {
-		// path provided
-		fileName = cfg.JWTSecretPath
-	} else {
-		// no path provided, use default
-		fileName = JwtDefaultFile
-	}
 	// try reading from file
-	log.Info("Reading JWT secret", "path", fileName)
-	if data, err := os.ReadFile(fileName); err == nil {
+	log.Info("Reading JWT secret", "path", cfg.JWTSecretPath)
+	if data, err := os.ReadFile(cfg.JWTSecretPath); err == nil {
 		jwtSecret := common.FromHex(strings.TrimSpace(string(data)))
 		if len(jwtSecret) == 32 {
 			return jwtSecret, nil
 		}
-		log.Error("Invalid JWT secret", "path", fileName, "length", len(jwtSecret))
+		log.Error("Invalid JWT secret", "path", cfg.JWTSecretPath, "length", len(jwtSecret))
 		return nil, errors.New("invalid JWT secret")
 	}
 	// Need to generate one
 	jwtSecret := make([]byte, 32)
 	rand.Read(jwtSecret)

-	if err := os.WriteFile(fileName, []byte(hexutil.Encode(jwtSecret)), 0600); err != nil {
+	if err := os.WriteFile(cfg.JWTSecretPath, []byte(hexutil.Encode(jwtSecret)), 0600); err != nil {
 		return nil, err
 	}
-	log.Info("Generated JWT secret", "path", fileName)
+	log.Info("Generated JWT secret", "path", cfg.JWTSecretPath)
 	return jwtSecret, nil
 }


--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@@ -329,6 +329,12 @@ var (
 		Value: node.DefaultEngineHTTPPort,
 	}

+	JWTSecretPath = cli.StringFlag{
+		Name:  "authrpc.jwtsecret",
+		Usage: "Token to ensure safe connection between CL and EL",
+		Value: "jwt.hex",
+	}
+
 	HttpCompressionFlag = cli.BoolFlag{
 		Name:  "http.compression",
 		Usage: "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.",

--- a/turbo/cli/default_flags.go
+++ b/turbo/cli/default_flags.go
@@ -52,6 +52,7 @@ var DefaultFlags = []cli.Flag{
 	utils.HTTPPortFlag,
 	utils.EngineAddr,
 	utils.EnginePort,
+	utils.JWTSecretPath,
 	utils.HttpCompressionFlag,
 	utils.HTTPCORSDomainFlag,
 	utils.HTTPVirtualHostsFlag,

--- a/turbo/cli/flags.go
+++ b/turbo/cli/flags.go
@@ -298,6 +298,7 @@ func setEmbeddedRpcDaemon(ctx *cli.Context, cfg *node.Config) {
 		HttpPort:                ctx.GlobalInt(utils.HTTPPortFlag.Name),
 		EngineHTTPListenAddress: ctx.GlobalString(utils.EngineAddr.Name),
 		EnginePort:              ctx.GlobalInt(utils.EnginePort.Name),
+		JWTSecretPath:           ctx.GlobalString(utils.JWTSecretPath.Name),
 		HttpCORSDomain:          strings.Split(ctx.GlobalString(utils.HTTPCORSDomainFlag.Name), ","),
 		HttpVirtualHost:         strings.Split(ctx.GlobalString(utils.HTTPVirtualHostsFlag.Name), ","),
 		API:                     strings.Split(ctx.GlobalString(utils.HTTPApiFlag.Name), ","),