├── .github
├── pull_request_template.md
└── workflows
│ ├── checks.yml
│ └── releaser.yaml
├── .gitignore
├── .golangci.yaml
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── cmd
└── jwt-tokens-service
│ ├── .gitignore
│ ├── README.md
│ └── main.go
├── docs
└── nginx-setup.png
├── go.mod
├── go.sum
├── main.go
├── mock_builder.go
├── mock_builder_test.go
├── mock_data.go
├── proxy.go
├── proxy_test.go
├── staticcheck.conf
├── types.go
└── utils.go
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
1 | ## 📝 Summary
2 |
3 |
4 |
5 | ## ⛱ Motivation and Context
6 |
7 |
8 |
9 | ## 📚 References
10 |
11 |
12 |
13 | ---
14 |
15 | ## ✅ I have run these commands
16 |
17 | * [ ] `make lint`
18 | * [ ] `make test-race`
19 | * [ ] `go mod tidy`
20 | * [ ] I have seen and agree to `CONTRIBUTING.md`
21 |
--------------------------------------------------------------------------------
/.github/workflows/checks.yml:
--------------------------------------------------------------------------------
1 | name: Checks
2 |
3 | on: [pull_request]
4 |
5 | jobs:
6 | test:
7 | name: Test
8 | runs-on: ubuntu-latest
9 | env:
10 | CGO_CFLAGS_ALLOW: "-O -D__BLST_PORTABLE__"
11 | CGO_CFLAGS: "-O -D__BLST_PORTABLE__"
12 | steps:
13 | - name: Set up Go 1.x
14 | uses: actions/setup-go@v2
15 | with:
16 | go-version: ^1.22
17 | id: go
18 |
19 | - name: Check out code into the Go module directory
20 | uses: actions/checkout@v2
21 |
22 | - name: Run unit tests and generate the coverage report
23 | run: make test-coverage
24 |
25 | - name: Upload coverage to Codecov
26 | uses: codecov/codecov-action@v2
27 | with:
28 | files: ./coverage.out
29 | verbose: true
30 | flags: unittests
31 |
32 | lint:
33 | name: Lint
34 | runs-on: ubuntu-latest
35 | env:
36 | CGO_CFLAGS_ALLOW: "-O -D__BLST_PORTABLE__"
37 | CGO_CFLAGS: "-O -D__BLST_PORTABLE__"
38 | steps:
39 | - name: Set up Go 1.x
40 | uses: actions/setup-go@v2
41 | with:
42 | go-version: ^1.22
43 | id: go
44 |
45 | - name: Check out code into the Go module directory
46 | uses: actions/checkout@v2
47 |
48 | - name: Install gofumpt
49 | run: go install mvdan.cc/gofumpt@latest
50 |
51 | - name: Install staticcheck
52 | run: go install honnef.co/go/tools/cmd/staticcheck@2024.1.1
53 |
54 | - name: Install golangci-lint
55 | run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
56 |
57 | - name: Lint
58 | run: make lint
59 |
60 | - name: Ensure go mod tidy runs without changes
61 | run: |
62 | go mod tidy
63 | git diff-index HEAD
64 | git diff-index --quiet HEAD
65 |
--------------------------------------------------------------------------------
/.github/workflows/releaser.yaml:
--------------------------------------------------------------------------------
1 | name: Release
2 |
3 | on:
4 | workflow_dispatch:
5 | push:
6 | tags:
7 | - 'v*'
8 |
9 | jobs:
10 | docker-image:
11 | name: Publish Docker Image
12 | runs-on: ubuntu-latest
13 |
14 | steps:
15 | - name: Checkout sources
16 | uses: actions/checkout@v4
17 |
18 | - name: Get tag version
19 | id: vars
20 | run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
21 |
22 | - name: Set up QEMU
23 | uses: docker/setup-qemu-action@v3
24 |
25 | - name: Set up Docker Buildx
26 | uses: docker/setup-buildx-action@v3
27 |
28 | - name: Extract metadata (tags, labels) for Docker
29 | id: meta
30 | uses: docker/metadata-action@v5
31 | with:
32 | images: flashbots/sync-proxy
33 | tags: |
34 | type=semver,pattern={{version}}
35 | type=semver,pattern={{major}}.{{minor}}
36 |
37 | - name: Login to DockerHub
38 | uses: docker/login-action@v3
39 | with:
40 | username: ${{ secrets.FLASHBOTS_DOCKERHUB_USERNAME }}
41 | password: ${{ secrets.FLASHBOTS_DOCKERHUB_TOKEN }}
42 |
43 | - name: Build and push
44 | uses: docker/build-push-action@v5
45 | with:
46 | cache-from: type=gha
47 | cache-to: type=gha,mode=max
48 | context: .
49 | push: true
50 | build-args: |
51 | VERSION=${{ steps.vars.outputs.tag }}
52 | platforms: linux/amd64,linux/arm64
53 | tags: ${{ steps.meta.outputs.tags }}
54 | labels: ${{ steps.meta.outputs.labels }}
55 |
56 | github-release:
57 | runs-on: ubuntu-latest
58 | steps:
59 | - name: Checkout sources
60 | uses: actions/checkout@v4
61 |
62 | - name: Create release
63 | id: create_release
64 | uses: actions/create-release@v1
65 | env:
66 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
67 | with:
68 | tag_name: ${{ github.ref }}
69 | release_name: ${{ github.ref }}
70 | draft: true
71 | prerelease: false
72 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Binaries for programs and plugins
2 | *.exe
3 | *.exe~
4 | *.dll
5 | *.so
6 | *.dylib
7 |
8 | # Test binary, built with `go test -c`
9 | *.test
10 |
11 | # Output of the go coverage tool, specifically when used with LiteIDE
12 | *.out
13 |
14 | # Dependency directories (remove the comment below to include it)
15 | # vendor/
16 | /sync-proxy
17 |
18 | /.vscode
19 |
--------------------------------------------------------------------------------
/.golangci.yaml:
--------------------------------------------------------------------------------
1 | # https://golangci-lint.run/usage/linters
2 | linters:
3 | enable-all: true
4 | disable:
5 | - cyclop
6 | - forbidigo
7 | - funlen
8 | - gochecknoglobals
9 | - gochecknoinits
10 | - gocritic
11 | - godot
12 | - godox
13 | - gomnd
14 | - lll
15 | - nestif
16 | - nilnil
17 | - nlreturn
18 | - noctx
19 | - nonamedreturns
20 | - nosnakecase
21 | - paralleltest
22 | - revive
23 | - testpackage
24 | - unparam
25 | - varnamelen
26 | - wrapcheck
27 | - wsl
28 | - deadcode
29 | - varcheck
30 | - interfacebloat
31 |
32 | #
33 | # Disabled because of generics:
34 | #
35 | - contextcheck
36 | - rowserrcheck
37 | - sqlclosecheck
38 | - structcheck
39 | - wastedassign
40 |
41 | #
42 | # Disabled because deprecated:
43 | #
44 | - exhaustivestruct
45 | - golint
46 | - ifshort
47 | - interfacer
48 | - maligned
49 | - scopelint
50 |
51 | linters-settings:
52 | #
53 | # The G108 rule throws a false positive. We're not actually vulnerable. If
54 | # you're not careful the profiling endpoint is automatically exposed on
55 | # /debug/pprof if you import net/http/pprof. See this link:
56 | #
57 | # https://mmcloughlin.com/posts/your-pprof-is-showing
58 | #
59 | gosec:
60 | excludes:
61 | - G108
62 |
63 | gocognit:
64 | min-complexity: 34 # default: 30
65 |
66 | tagliatelle:
67 | case:
68 | rules:
69 | json: snake
70 |
71 | gofumpt:
72 | extra-rules: true
73 |
74 | exhaustruct:
75 | exclude:
76 | #
77 | # Because it's easier to read without the other fields.
78 | #
79 | - 'GetPayloadsFilters'
80 |
81 | #
82 | # Structures outside our control that have a ton of settings. It doesn't
83 | # make sense to specify all of the fields.
84 | #
85 | - 'cobra.Command'
86 | - 'database.*Entry'
87 | - 'http.Server'
88 | - 'logrus.*Formatter'
89 | - 'Options' # redis
90 |
91 | #
92 | # Excluded because there are private fields (not capitalized) that are
93 | # not initialized. If possible, I think these should be altered.
94 | #
95 | - 'Datastore'
96 | - 'Housekeeper'
97 | - 'MockBeaconClient'
98 | - 'RelayAPI'
99 | - 'Webserver'
100 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Contributor Covenant Code of Conduct
2 |
3 | ## Our Pledge
4 |
5 | We as members, contributors, and leaders pledge to make participation in our
6 | community a harassment-free experience for everyone, regardless of age, body
7 | size, visible or invisible disability, ethnicity, sex characteristics, gender
8 | identity and expression, level of experience, education, socio-economic status,
9 | nationality, personal appearance, race, caste, color, religion, or sexual
10 | identity and orientation.
11 |
12 | We pledge to act and interact in ways that contribute to an open, welcoming,
13 | diverse, inclusive, and healthy community.
14 |
15 | ## Our Standards
16 |
17 | Examples of behavior that contributes to a positive environment for our
18 | community include:
19 |
20 | * Demonstrating empathy and kindness toward other people
21 | * Being respectful of differing opinions, viewpoints, and experiences
22 | * Giving and gracefully accepting constructive feedback
23 | * Accepting responsibility and apologizing to those affected by our mistakes,
24 | and learning from the experience
25 | * Focusing on what is best not just for us as individuals, but for the overall
26 | community
27 |
28 | Examples of unacceptable behavior include:
29 |
30 | * The use of sexualized language or imagery, and sexual attention or advances of
31 | any kind
32 | * Trolling, insulting or derogatory comments, and personal or political attacks
33 | * Public or private harassment
34 | * Publishing others' private information, such as a physical or email address,
35 | without their explicit permission
36 | * Other conduct which could reasonably be considered inappropriate in a
37 | professional setting
38 |
39 | ## Enforcement Responsibilities
40 |
41 | Community leaders are responsible for clarifying and enforcing our standards of
42 | acceptable behavior and will take appropriate and fair corrective action in
43 | response to any behavior that they deem inappropriate, threatening, offensive,
44 | or harmful.
45 |
46 | Community leaders have the right and responsibility to remove, edit, or reject
47 | comments, commits, code, wiki edits, issues, and other contributions that are
48 | not aligned to this Code of Conduct, and will communicate reasons for moderation
49 | decisions when appropriate.
50 |
51 | ## Scope
52 |
53 | This Code of Conduct applies within all community spaces, and also applies when
54 | an individual is officially representing the community in public spaces.
55 | Examples of representing our community include using an official e-mail address,
56 | posting via an official social media account, or acting as an appointed
57 | representative at an online or offline event.
58 |
59 | ## Enforcement
60 |
61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
62 | reported to the community leaders responsible for enforcement writing an
63 | email to leo@flashbots.net or contacting elopio#8526 in
64 | [Discord](https://discord.com/invite/7hvTycdNcK).
65 | All complaints will be reviewed and investigated promptly and fairly.
66 |
67 | All community leaders are obligated to respect the privacy and security of the
68 | reporter of any incident.
69 |
70 | ## Enforcement Guidelines
71 |
72 | Community leaders will follow these Community Impact Guidelines in determining
73 | the consequences for any action they deem in violation of this Code of Conduct:
74 |
75 | ### 1. Correction
76 |
77 | **Community Impact**: Use of inappropriate language or other behavior deemed
78 | unprofessional or unwelcome in the community.
79 |
80 | **Consequence**: A private, written warning from community leaders, providing
81 | clarity around the nature of the violation and an explanation of why the
82 | behavior was inappropriate. A public apology may be requested.
83 |
84 | ### 2. Warning
85 |
86 | **Community Impact**: A violation through a single incident or series of
87 | actions.
88 |
89 | **Consequence**: A warning with consequences for continued behavior. No
90 | interaction with the people involved, including unsolicited interaction with
91 | those enforcing the Code of Conduct, for a specified period of time. This
92 | includes avoiding interactions in community spaces as well as external channels
93 | like social media. Violating these terms may lead to a temporary or permanent
94 | ban.
95 |
96 | ### 3. Temporary Ban
97 |
98 | **Community Impact**: A serious violation of community standards, including
99 | sustained inappropriate behavior.
100 |
101 | **Consequence**: A temporary ban from any sort of interaction or public
102 | communication with the community for a specified period of time. No public or
103 | private interaction with the people involved, including unsolicited interaction
104 | with those enforcing the Code of Conduct, is allowed during this period.
105 | Violating these terms may lead to a permanent ban.
106 |
107 | ### 4. Permanent Ban
108 |
109 | **Community Impact**: Demonstrating a pattern of violation of community
110 | standards, including sustained inappropriate behavior, harassment of an
111 | individual, or aggression toward or disparagement of classes of individuals.
112 |
113 | **Consequence**: A permanent ban from any sort of public interaction within the
114 | community.
115 |
116 | ## Attribution
117 |
118 | This Code of Conduct is adapted from the [Contributor Covenant][homepage],
119 | version 2.1, available at
120 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
121 |
122 | Community Impact Guidelines were inspired by
123 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
124 |
125 | For answers to common questions about this code of conduct, see the FAQ at
126 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
127 | [https://www.contributor-covenant.org/translations][translations].
128 |
129 | [homepage]: https://www.contributor-covenant.org
130 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
131 | [Mozilla CoC]: https://github.com/mozilla/diversity
132 | [FAQ]: https://www.contributor-covenant.org/faq
133 | [translations]: https://www.contributor-covenant.org/translations
134 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing guide
2 |
3 | Welcome to the Flashbots collective!
4 |
5 | Thanks for your help improving the project! We are so happy to have you! We just ask you to be nice when you play with us.
6 |
7 | Please start by reading our [license agreement](#individual-contributor-license-agreement) below, and our [code of conduct](CODE_OF_CONDUCT.md).
8 |
9 | ## Install dependencies
10 |
11 | ```bash
12 | go install mvdan.cc/gofumpt@latest
13 | go install honnef.co/go/tools/cmd/staticcheck@v0.3.1
14 | go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.49.0
15 | ```
16 |
17 | ## Test
18 |
19 | ```bash
20 | make test
21 | make test-race
22 | make lint
23 | ```
24 |
25 | ## Code style
26 |
27 | Start by making sure that your code is readable, consistent, and pretty.
28 | Follow the [Clean Code](https://flashbots.notion.site/Clean-Code-13016c5c7ca649fba31ae19d797d7304) recommendations.
29 |
30 | ## Send a pull request
31 |
32 | - Your proposed changes should be first described and discussed in an issue.
33 | - Open the branch in a personal fork, not in the team repository.
34 | - Every pull request should be small and represent a single change. If the problem is complicated, split it in multiple issues and pull requests.
35 | - Every pull request should be covered by unit tests.
36 |
37 | We appreciate you, friend <3.
38 |
39 | ---
40 |
41 | # Individual Contributor License Agreement
42 |
43 | This text is adapted from Google's contributors license agreement: https://cla.developers.google.com/about/google-individual
44 |
45 | You accept and agree to the following terms and conditions for Your present and future Contributions submitted to Flashbots. Except for the license granted herein to Flashbots and recipients of software distributed by Flashbots, You reserve all right, title, and interest in and to Your Contributions.
46 |
47 | 1. Definitions.
48 |
49 | "You" (or "Your") shall mean the copyright owner or legal entity authorized by the copyright owner that is making this Agreement with Flashbots. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
50 |
51 | "Contribution" shall mean any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to Flashbots for inclusion in, or documentation of, any of the products owned or managed by Flashbots (the "Work"). For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to Flashbots or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, Flashbots for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution."
52 |
53 | 2. Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to Flashbots and to recipients of software distributed by Flashbots a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works, under the terms of the license which the project is using on the Submission Date or any licenses which are approved by the Open Source Initiative.
54 |
55 | 3. Grant of Patent License. Subject to the terms and conditions of this Agreement, You hereby grant to Flashbots and to recipients of software distributed by Flashbots a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
56 |
57 | 4. You represent that you are legally entitled to grant the above license. If your employer(s) has rights to intellectual property that you create that includes your Contributions, you represent that you have received permission to make Contributions on behalf of that employer, that your employer has waived such rights for your Contributions to Flashbots, or that your employer has executed a separate Corporate CLA with Flashbots.
58 |
59 | 5. You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of others). You represent that Your Contribution submissions include complete details of any third-party license or other restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which are associated with any part of Your Contributions.
60 |
61 | 6. You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
62 |
63 | 7. Should You wish to submit work that is not Your original creation, You may submit it to Flashbots separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as "Submitted on behalf of a third-party: [named here]".
64 |
65 | 8. You agree to notify Flashbots of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | # syntax=docker/dockerfile:1
2 | FROM golang:1.22 as builder
3 | WORKDIR /build
4 | ADD . /build/
5 | RUN --mount=type=cache,target=/root/.cache/go-build make build-for-docker
6 |
7 | FROM alpine
8 |
9 | RUN apk add --no-cache libgcc libstdc++ libc6-compat
10 | WORKDIR /app
11 | COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
12 | COPY --from=builder /build/sync-proxy /app/sync-proxy
13 | ENTRYPOINT ["/app/sync-proxy"]
14 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2021-2022 Flashbots
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining
4 | a copy of this software and associated documentation files (the
5 | "Software"), to deal in the Software without restriction, including
6 | without limitation the rights to use, copy, modify, merge, publish,
7 | distribute, sublicense, and/or sell copies of the Software, and to
8 | permit persons to whom the Software is furnished to do so, subject to
9 | the following conditions:
10 |
11 | The above copyright notice and this permission notice shall be
12 | included in all copies or substantial portions of the Software.
13 |
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | GIT_VER := $(shell git describe --tags --always --dirty="-dev")
2 |
3 | all: clean build
4 |
5 | v:
6 | @echo "Version: ${GIT_VER}"
7 |
8 | clean:
9 | rm -rf sync-proxy build/
10 |
11 | build:
12 | go build -ldflags "-X main.version=${GIT_VER}" -v -o sync-proxy .
13 |
14 | test:
15 | go test ./...
16 |
17 | test-race:
18 | go test -race ./...
19 |
20 | lint:
21 | gofmt -d ./
22 | go vet ./...
23 | staticcheck ./...
24 |
25 | cover:
26 | go test -coverprofile=/tmp/go-sim-lb.cover.tmp ./...
27 | go tool cover -func /tmp/go-sim-lb.cover.tmp
28 | unlink /tmp/go-sim-lb.cover.tmp
29 |
30 | cover-html:
31 | go test -coverprofile=/tmp/go-sim-lb.cover.tmp ./...
32 | go tool cover -html=/tmp/go-sim-lb.cover.tmp
33 | unlink /tmp/go-sim-lb.cover.tmp
34 |
35 | build-for-docker:
36 | GOOS=linux go build -ldflags "-X main.version=${GIT_VER}" -v -o sync-proxy .
37 |
38 | test-coverage:
39 | go test -race -v -covermode=atomic -coverprofile=coverage.out ./...
40 | go tool cover -func coverage.out
41 |
42 | docker-image:
43 | DOCKER_BUILDKIT=1 docker build . -t sync-proxy
44 | docker tag sync-proxy:latest ${ECR_URI}:${GIT_VER}
45 | docker tag sync-proxy:latest ${ECR_URI}:latest
46 |
47 | docker-push:
48 | docker push ${ECR_URI}:${GIT_VER}
49 | docker push ${ECR_URI}:latest
50 |
51 | k8s-deploy:
52 | @echo "Checking if Docker image ${ECR_URI}:${GIT_VER} exists..."
53 | @docker manifest inspect ${ECR_URI}:${GIT_VER} > /dev/null || (echo "Docker image not found" && exit 1)
54 | kubectl set image deploy/deployment-sync-proxy app-sync-proxy=${ECR_URI}:${GIT_VER}
55 | kubectl rollout status deploy/deployment-sync-proxy
56 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | #
2 |
3 | [](https://goreportcard.com/report/github.com/flashbots/sync-proxy)
4 | [](https://github.com/flashbots/sync-proxy/actions?query=workflow%3A%22Checks%22)
5 |
6 | Flashbots proxy to allow redundant execution client (EL) state sync post merge.
7 |
8 | - Runs a proxy server that proxies requests from a beacon node (BN) to multiple other execution clients
9 | - Can drive EL sync from multiple BNs for redundancy
10 |
11 | ## Getting Started
12 |
13 | - Run a BN with the execution endpoint pointing to the proxy (default is `localhost:25590`).
14 | - Start the proxy with a flag specifying one or multiple EL endpoints (make sure to point to the authenticated port).
15 |
16 | ```bash
17 | git clone https://github.com/flashbots/sync-proxy.git
18 | cd sync-proxy
19 | make build
20 |
21 | # Show the help
22 | ./sync-proxy -help
23 | ```
24 |
25 | To run with multiple EL endpoins:
26 |
27 | ```
28 | ./sync-proxy -builders="localhost:8551,localhost:8552"
29 | ```
30 |
31 | ### Nginx
32 |
33 | The sync proxy can also be used with nginx, with requests proxied from the beacon node to a local execution client and mirrored to multiple sync proxies.
34 |
35 | 
36 |
37 | An example nginx config like this can be run with the sync proxy:
38 |
39 |
40 | /etc/nginx/conf.d/sync_proxy.conf
41 |
42 | ```ini
43 | server {
44 | listen 8552;
45 | listen [::]:8552;
46 |
47 | server_name _;
48 |
49 | location / {
50 | mirror /sync_proxy_1;
51 | mirror /sync_proxy_2;
52 |
53 | proxy_pass http://localhost:8551;
54 | proxy_set_header X-Real-IP $remote_addr;
55 | proxy_set_header Host $host;
56 | proxy_set_header Referer $http_referer;
57 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
58 | }
59 |
60 | #
61 | # execution nodes
62 | #
63 | location = /sync_proxy_1 {
64 | internal;
65 | proxy_pass http://sync-proxy-1.local:8552$request_uri;
66 | proxy_connect_timeout 100ms;
67 | proxy_read_timeout 100ms;
68 | }
69 |
70 | location = /sync_proxy_2 {
71 | internal;
72 | proxy_pass http://sync-proxy-2.local:8552$request_uri;
73 | proxy_connect_timeout 100ms;
74 | proxy_read_timeout 100ms;
75 | }
76 | }
77 | ```
78 |
79 |
80 |
81 | And if you'd like to use different JWT secrets for different ELs:
82 |
83 |
84 | Example
85 | First, install jwt-tokens-service: `go install github.com/flashbots/sync-proxy/cmd/jwt-tokens-service@latest`
86 |
87 | Set up the service, e.g. for systemd:
88 |
89 | ```
90 | [Unit]
91 | Description=JWT tokens service
92 | After=network.target
93 | Wants=network.target
94 |
95 | [Service]
96 | Type=simple
97 |
98 | ExecStart=/.../jwt-tokens-service \
99 | -config /.../jwt-secrets.json \
100 | -client-id some-cl-name
101 |
102 | [Install]
103 | WantedBy=default.target
104 | ```
105 |
106 | Generate a secret for each EL with `openssl rand -hex 32` and put them in a JSON file:
107 |
108 | ```json
109 | {
110 | "sync-proxy-1": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdee",
111 | "sync-proxy-2": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
112 | }
113 | ```
114 |
115 | Then, set up nginx:
116 |
117 | ```
118 | # /etc/nginx/conf.d/sync_proxy.conf
119 | server {
120 | listen 8552;
121 | listen [::]:8552;
122 |
123 | server_name _;
124 |
125 | location / {
126 | mirror /sync_proxy_1;
127 | mirror /sync_proxy_2;
128 |
129 | auth_request /_tokens;
130 | # make sure to lowercase and replace dashes with underscores from names in json config
131 | auth_request_set $auth_header_sync_proxy_1 $upstream_http_authorization_sync_proxy_1;
132 | auth_request_set $auth_header_sync_proxy_2 $upstream_http_authorization_sync_proxy_2;
133 |
134 | proxy_pass http://localhost:8551;
135 | proxy_set_header X-Real-IP $remote_addr;
136 | proxy_set_header Host $host;
137 | proxy_set_header Referer $http_referer;
138 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
139 | }
140 |
141 | location = /_tokens {
142 | internal;
143 | proxy_pass http://127.0.0.1:1337/tokens/;
144 | proxy_pass_request_body off;
145 | proxy_set_header Content-Length "";
146 | }
147 |
148 | #
149 | # execution nodes
150 | #
151 | location = /sync_proxy_1 {
152 | internal;
153 | proxy_pass http://sync-proxy-1.local:8552$request_uri;
154 | proxy_connect_timeout 100ms;
155 | proxy_read_timeout 100ms;
156 |
157 | proxy_hide_header Authorization;
158 | proxy_set_header Authorization $auth_header_sync_proxy_1;
159 | }
160 |
161 | location = /sync_proxy_2 {
162 | internal;
163 | proxy_pass http://sync-proxy-2.local:8552$request_uri;
164 | proxy_connect_timeout 100ms;
165 | proxy_read_timeout 100ms;
166 |
167 | proxy_hide_header Authorization;
168 | proxy_set_header Authorization $auth_header_sync_proxy_2;
169 | }
170 | }
171 | ```
172 |
173 |
174 |
175 | ## Caveats
176 |
177 | The sync proxy attempts to sync to the beacon node with the highest timestamp in the `engine_forkchoiceUpdated` and `engine_newPayload` calls and forwards to the execution clients.
178 |
179 | The sync proxy also attempts to identify the best beacon node based on the originating host of the request. If you are using the same host for multiple beacon nodes to sync the EL, the sync proxy won't be able to distinguish between the beacon nodes and will proxy all requests from the same host to the configured ELs.
180 |
--------------------------------------------------------------------------------
/cmd/jwt-tokens-service/.gitignore:
--------------------------------------------------------------------------------
1 | config.json
2 |
--------------------------------------------------------------------------------
/cmd/jwt-tokens-service/README.md:
--------------------------------------------------------------------------------
1 | # jwt-tokens-service
2 |
3 | Small service to generate JWT tokens for multiple EL hosts. Intended to be used with nginx auth_request module, see root readme for example.
4 |
--------------------------------------------------------------------------------
/cmd/jwt-tokens-service/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "encoding/hex"
5 | "encoding/json"
6 | "flag"
7 | "fmt"
8 | "log"
9 | "net/http"
10 | "os"
11 |
12 | "github.com/golang-jwt/jwt"
13 | )
14 |
15 | var (
16 | listenAddr = flag.String("addr", "localhost:1337", "listen address")
17 | configFile = flag.String("config", "config.json", "path to the config file")
18 | clientID = flag.String("client-id", "", "CL client id, optional")
19 | )
20 |
21 | func main() {
22 | flag.Parse()
23 |
24 | f, err := os.Open(*configFile)
25 | if err != nil {
26 | log.Fatalf("failed to open config file: %v", err)
27 | }
28 | defer f.Close()
29 |
30 | // host name => hex jwt secret
31 | var secrets map[string]string
32 | if err := json.NewDecoder(f).Decode(&secrets); err != nil {
33 | log.Fatalf("failed to read config file: %v", err)
34 | }
35 |
36 | http.HandleFunc("/tokens/", func(w http.ResponseWriter, r *http.Request) {
37 | log.Printf("requested tokens from %s", r.RemoteAddr)
38 |
39 | for host, secret := range secrets {
40 | token, err := generateJWT(secret)
41 | if err != nil {
42 | http.Error(w, fmt.Sprintf("Failed to generate token for %s: %v", host, err), http.StatusInternalServerError)
43 | return
44 | }
45 |
46 | w.Header().Set("Authorization-"+host, "Bearer "+token)
47 | }
48 |
49 | w.WriteHeader(http.StatusOK)
50 | })
51 |
52 | log.Printf("Starting server on %s", *listenAddr)
53 | if err := http.ListenAndServe(*listenAddr, nil); err != nil {
54 | log.Fatalf("Server failed: %v", err)
55 | }
56 | }
57 |
58 | func generateJWT(secretHex string) (string, error) {
59 | secret, err := hex.DecodeString(secretHex)
60 | if err != nil {
61 | return "", fmt.Errorf("invalid hex secret: %v", err)
62 | }
63 |
64 | token := jwt.New(jwt.SigningMethodHS256)
65 | claims := token.Claims.(jwt.MapClaims)
66 |
67 | claims["iat"] = jwt.TimeFunc().Unix()
68 | if *clientID != "" {
69 | claims["id"] = *clientID
70 | }
71 |
72 | return token.SignedString(secret)
73 | }
74 |
--------------------------------------------------------------------------------
/docs/nginx-setup.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/flashbots/sync-proxy/5c0ab8f6d67fac32ab1f2a01799aa0b4e9b56044/docs/nginx-setup.png
--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/flashbots/sync-proxy
2 |
3 | go 1.22.0
4 |
5 | toolchain go1.23.6
6 |
7 | require (
8 | github.com/Microsoft/go-winio v0.6.2 // indirect
9 | github.com/bits-and-blooms/bitset v1.17.0 // indirect
10 | github.com/consensys/bavard v0.1.22 // indirect
11 | github.com/consensys/gnark-crypto v0.14.0 // indirect
12 | github.com/crate-crypto/go-ipa v0.0.0-20240724233137-53bbb0ceb27a // indirect
13 | github.com/crate-crypto/go-kzg-4844 v1.1.0 // indirect
14 | github.com/davecgh/go-spew v1.1.1 // indirect
15 | github.com/deckarep/golang-set/v2 v2.6.0 // indirect
16 | github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
17 | github.com/ethereum/c-kzg-4844 v1.0.0 // indirect
18 | github.com/ethereum/go-verkle v0.2.2 // indirect
19 | github.com/go-ole/go-ole v1.3.0 // indirect
20 | github.com/gofrs/flock v0.8.1 // indirect
21 | github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
22 | github.com/gorilla/websocket v1.5.0 // indirect
23 | github.com/holiman/uint256 v1.3.2 // indirect
24 | github.com/mattn/go-runewidth v0.0.14 // indirect
25 | github.com/mmcloughlin/addchain v0.4.0 // indirect
26 | github.com/olekukonko/tablewriter v0.0.5 // indirect
27 | github.com/pmezard/go-difflib v1.0.0 // indirect
28 | github.com/rivo/uniseg v0.4.4 // indirect
29 | github.com/shirou/gopsutil v3.21.11+incompatible // indirect
30 | github.com/supranational/blst v0.3.14 // indirect
31 | github.com/tklauser/go-sysconf v0.3.12 // indirect
32 | github.com/tklauser/numcpus v0.6.1 // indirect
33 | github.com/yusufpapurcu/wmi v1.2.2 // indirect
34 | golang.org/x/crypto v0.32.0 // indirect
35 | golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
36 | golang.org/x/sync v0.10.0 // indirect
37 | golang.org/x/sys v0.29.0 // indirect
38 | gopkg.in/yaml.v3 v3.0.1 // indirect
39 | rsc.io/tmplfunc v0.0.3 // indirect
40 | )
41 |
42 | require (
43 | github.com/ethereum/go-ethereum v1.15.2
44 | github.com/golang-jwt/jwt v3.2.2+incompatible
45 | github.com/gorilla/mux v1.8.0
46 | github.com/sirupsen/logrus v1.9.3
47 | github.com/stretchr/testify v1.9.0
48 | )
49 |
--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
1 | github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
2 | github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
3 | github.com/VictoriaMetrics/fastcache v1.12.2 h1:N0y9ASrJ0F6h0QaC3o6uJb3NIZ9VKLjCM7NQbSmF7WI=
4 | github.com/VictoriaMetrics/fastcache v1.12.2/go.mod h1:AmC+Nzz1+3G2eCPapF6UcsnkThDcMsQicp4xDukwJYI=
5 | github.com/bits-and-blooms/bitset v1.17.0 h1:1X2TS7aHz1ELcC0yU1y2stUs/0ig5oMU6STFZGrhvHI=
6 | github.com/bits-and-blooms/bitset v1.17.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
7 | github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
8 | github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
9 | github.com/consensys/bavard v0.1.22 h1:Uw2CGvbXSZWhqK59X0VG/zOjpTFuOMcPLStrp1ihI0A=
10 | github.com/consensys/bavard v0.1.22/go.mod h1:k/zVjHHC4B+PQy1Pg7fgvG3ALicQw540Crag8qx+dZs=
11 | github.com/consensys/gnark-crypto v0.14.0 h1:DDBdl4HaBtdQsq/wfMwJvZNE80sHidrK3Nfrefatm0E=
12 | github.com/consensys/gnark-crypto v0.14.0/go.mod h1:CU4UijNPsHawiVGNxe9co07FkzCeWHHrb1li/n1XoU0=
13 | github.com/crate-crypto/go-ipa v0.0.0-20240724233137-53bbb0ceb27a h1:W8mUrRp6NOVl3J+MYp5kPMoUZPp7aOYHtaua31lwRHg=
14 | github.com/crate-crypto/go-ipa v0.0.0-20240724233137-53bbb0ceb27a/go.mod h1:sTwzHBvIzm2RfVCGNEBZgRyjwK40bVoun3ZnGOCafNM=
15 | github.com/crate-crypto/go-kzg-4844 v1.1.0 h1:EN/u9k2TF6OWSHrCCDBBU6GLNMq88OspHHlMnHfoyU4=
16 | github.com/crate-crypto/go-kzg-4844 v1.1.0/go.mod h1:JolLjpSff1tCCJKaJx4psrlEdlXuJEC996PL3tTAFks=
17 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
18 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
19 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
20 | github.com/deckarep/golang-set/v2 v2.6.0 h1:XfcQbWM1LlMB8BsJ8N9vW5ehnnPVIw0je80NsVHagjM=
21 | github.com/deckarep/golang-set/v2 v2.6.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
22 | github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK09Y2A4Xv7EE0=
23 | github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
24 | github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 h1:HbphB4TFFXpv7MNrT52FGrrgVXF1owhMVTHFZIlnvd4=
25 | github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0/go.mod h1:DZGJHZMqrU4JJqFAWUS2UO1+lbSKsdiOoYi9Zzey7Fc=
26 | github.com/ethereum/c-kzg-4844 v1.0.0 h1:0X1LBXxaEtYD9xsyj9B9ctQEZIpnvVDeoBx8aHEwTNA=
27 | github.com/ethereum/c-kzg-4844 v1.0.0/go.mod h1:VewdlzQmpT5QSrVhbBuGoCdFJkpaJlO1aQputP83wc0=
28 | github.com/ethereum/go-ethereum v1.15.2 h1:CcU13w1IXOo6FvS60JGCTVcAJ5Ik6RkWoVIvziiHdTU=
29 | github.com/ethereum/go-ethereum v1.15.2/go.mod h1:wGQINJKEVUunCeoaA9C9qKMQ9GEOsEIunzzqTUO2F6Y=
30 | github.com/ethereum/go-verkle v0.2.2 h1:I2W0WjnrFUIzzVPwm8ykY+7pL2d4VhlsePn4j7cnFk8=
31 | github.com/ethereum/go-verkle v0.2.2/go.mod h1:M3b90YRnzqKyyzBEWJGqj8Qff4IDeXnzFw0P9bFw3uk=
32 | github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
33 | github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
34 | github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
35 | github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
36 | github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
37 | github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
38 | github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
39 | github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk=
40 | github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
41 | github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
42 | github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
43 | github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
44 | github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
45 | github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
46 | github.com/holiman/uint256 v1.3.2 h1:a9EgMPSC1AAaj1SZL5zIQD3WbwTuHrMGOerLjGmM/TA=
47 | github.com/holiman/uint256 v1.3.2/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E=
48 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
49 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
50 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
51 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
52 | github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
53 | github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
54 | github.com/leanovate/gopter v0.2.11 h1:vRjThO1EKPb/1NsDXuDrzldR28RLkBflWYcU9CvzWu4=
55 | github.com/leanovate/gopter v0.2.11/go.mod h1:aK3tzZP/C+p1m3SPRE4SYZFGP7jjkuSI4f7Xvpt0S9c=
56 | github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
57 | github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
58 | github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
59 | github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY=
60 | github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU=
61 | github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU=
62 | github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
63 | github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
64 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
65 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
66 | github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
67 | github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
68 | github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
69 | github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
70 | github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
71 | github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
72 | github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
73 | github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
74 | github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
75 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
76 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
77 | github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
78 | github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
79 | github.com/supranational/blst v0.3.14 h1:xNMoHRJOTwMn63ip6qoWJ2Ymgvj7E2b9jY2FAwY+qRo=
80 | github.com/supranational/blst v0.3.14/go.mod h1:jZJtfjgudtNl4en1tzwPIV3KjUnQUvG3/j+w+fVonLw=
81 | github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
82 | github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
83 | github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
84 | github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
85 | github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
86 | github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
87 | golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
88 | golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
89 | golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
90 | golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
91 | golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
92 | golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
93 | golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
94 | golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
95 | golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
96 | golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
97 | golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
98 | golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
99 | golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
100 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
101 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
102 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
103 | gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
104 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
105 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
106 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
107 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
108 | rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=
109 | rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA=
110 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "flag"
5 | "net/url"
6 | "os"
7 | "strconv"
8 | "strings"
9 | "time"
10 |
11 | "github.com/sirupsen/logrus"
12 | )
13 |
14 | var (
15 | version = "dev" // is set during build process
16 |
17 | // Default values
18 | defaultLogLevel = getEnv("LOG_LEVEL", "info")
19 | defaultLogJSON = os.Getenv("LOG_JSON") != ""
20 | defaultListenAddr = getEnv("PROXY_LISTEN_ADDR", "localhost:25590")
21 | defaultTimeoutMs = getEnvInt("BUILDER_TIMEOUT_MS", 2000) // timeout for all the requests to the builders
22 |
23 | // Flags
24 | logJSON = flag.Bool("json", defaultLogJSON, "log in JSON format instead of text")
25 | logLevel = flag.String("loglevel", defaultLogLevel, "log-level: trace, debug, info, warn/warning, error, fatal, panic")
26 | listenAddr = flag.String("addr", defaultListenAddr, "listen-address for builder proxy server")
27 | builderURLs = flag.String("builders", "", "builder urls - single entry or comma-separated list (scheme://host)")
28 | builderTimeoutMs = flag.Int("request-timeout", defaultTimeoutMs, "timeout for requests to a builder [ms]")
29 | proxyURLs = flag.String("proxies", "", "proxy urls - other proxies to forward BN requests to (scheme://host)")
30 | proxyTimeoutMs = flag.Int("proxy-request-timeout", defaultTimeoutMs, "timeout for redundant beacon node requests to another proxy [ms]")
31 | )
32 |
33 | var log = logrus.WithField("module", "sync-proxy")
34 |
35 | func main() {
36 | flag.Parse()
37 | logrus.SetOutput(os.Stdout)
38 |
39 | if *logJSON {
40 | log.Logger.SetFormatter(&logrus.JSONFormatter{})
41 | } else {
42 | log.Logger.SetFormatter(&logrus.TextFormatter{
43 | FullTimestamp: true,
44 | })
45 |
46 | }
47 |
48 | if *logLevel != "" {
49 | lvl, err := logrus.ParseLevel(*logLevel)
50 | if err != nil {
51 | log.Fatalf("Invalid loglevel: %s", *logLevel)
52 | }
53 | logrus.SetLevel(lvl)
54 | }
55 |
56 | log.Infof("sync-proxy %s", version)
57 |
58 | builders := parseURLs(*builderURLs)
59 | if len(builders) == 0 {
60 | log.Fatal("No builder urls specified")
61 | }
62 | log.WithField("builders", builders).Infof("using %d builders", len(builders))
63 |
64 | builderTimeout := time.Duration(*builderTimeoutMs) * time.Millisecond
65 |
66 | proxies := parseURLs(*proxyURLs)
67 | log.WithField("proxies", proxies).Infof("using %d proxies", len(proxies))
68 |
69 | proxyTimeout := time.Duration(*proxyTimeoutMs) * time.Millisecond
70 |
71 | // Create a new proxy service.
72 | opts := ProxyServiceOpts{
73 | ListenAddr: *listenAddr,
74 | Builders: builders,
75 | BuilderTimeout: builderTimeout,
76 | Proxies: proxies,
77 | ProxyTimeout: proxyTimeout,
78 | Log: log,
79 | }
80 |
81 | proxyService, err := NewProxyService(opts)
82 | if err != nil {
83 | log.WithError(err).Fatal("failed creating the server")
84 | }
85 |
86 | log.Println("listening on", *listenAddr)
87 | log.Fatal(proxyService.StartHTTPServer())
88 | }
89 |
90 | func getEnv(key string, defaultValue string) string {
91 | if value, ok := os.LookupEnv(key); ok {
92 | return value
93 | }
94 | return defaultValue
95 | }
96 |
97 | func getEnvInt(key string, defaultValue int) int {
98 | if value, ok := os.LookupEnv(key); ok {
99 | val, err := strconv.Atoi(value)
100 | if err == nil {
101 | return val
102 | }
103 | }
104 | return defaultValue
105 | }
106 |
107 | func parseURLs(urls string) []*url.URL {
108 | ret := []*url.URL{}
109 | for _, entry := range strings.Split(urls, ",") {
110 | rawURL := strings.TrimSpace(entry)
111 | if rawURL == "" {
112 | continue
113 | }
114 |
115 | // Add protocol scheme prefix if it does not exist.
116 | if !strings.HasPrefix(rawURL, "http") {
117 | rawURL = "http://" + rawURL
118 | }
119 |
120 | // Parse the provided URL.
121 | url, err := url.ParseRequestURI(rawURL)
122 | if err != nil {
123 | log.WithError(err).WithField("url", entry).Fatal("Invalid URL")
124 | }
125 |
126 | ret = append(ret, url)
127 | }
128 | return ret
129 | }
130 |
--------------------------------------------------------------------------------
/mock_builder.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bytes"
5 | "encoding/json"
6 | "io"
7 | "net/http"
8 | "net/http/httptest"
9 | "net/http/httputil"
10 | "net/url"
11 | "sync"
12 | "testing"
13 | "time"
14 |
15 | "github.com/gorilla/mux"
16 | "github.com/stretchr/testify/require"
17 | )
18 |
19 | // mockServer is used to fake a builder's / proxy's behavior.
20 | type mockServer struct {
21 | // Used to panic if impossible error happens
22 | t *testing.T
23 |
24 | ProxyEntry ProxyEntry
25 |
26 | // Used to count each engine made to the service, either if it fails or not, for each method
27 | mu sync.Mutex
28 | requestCount map[string]int
29 |
30 | // Responses placeholders that can be overridden
31 | Response []byte
32 |
33 | // Server section
34 | Server *httptest.Server
35 | ResponseDelay time.Duration
36 | }
37 |
38 | // newMockServer creates a mocked service like builder / proxy
39 | func newMockServer(t *testing.T) *mockServer {
40 | service := &mockServer{t: t, requestCount: make(map[string]int)}
41 |
42 | // Initialize server
43 | service.Server = httptest.NewServer(service.getRouter())
44 |
45 | url, err := url.Parse(service.Server.URL)
46 | require.NoError(t, err)
47 | service.ProxyEntry = ProxyEntry{URL: url, Proxy: httputil.NewSingleHostReverseProxy(url)}
48 | require.NoError(t, err)
49 |
50 | return service
51 | }
52 |
53 | // getRouter registers the backend, apply the test middleware and returns the router
54 | func (m *mockServer) getRouter() http.Handler {
55 | // Create router.
56 | r := mux.NewRouter()
57 |
58 | // Register handlers
59 | r.HandleFunc("/", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
60 | w.WriteHeader(200)
61 | w.Write(m.Response)
62 | })).Methods(http.MethodPost)
63 |
64 | return m.newTestMiddleware(r)
65 | }
66 |
67 | // newTestMiddleware creates a middleware which increases the Request counter and creates a fake delay for the response
68 | func (m *mockServer) newTestMiddleware(next http.Handler) http.Handler {
69 | return http.HandlerFunc(
70 | func(w http.ResponseWriter, r *http.Request) {
71 | // Request counter
72 | m.mu.Lock()
73 |
74 | bodyBytes, err := io.ReadAll(r.Body)
75 | require.NoError(m.t, err)
76 |
77 | var req JSONRPCRequest
78 | err = json.Unmarshal(bodyBytes, &req)
79 | require.NoError(m.t, err)
80 | m.requestCount[req.Method]++
81 |
82 | r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
83 |
84 | m.mu.Unlock()
85 |
86 | // Artificial Delay
87 | if m.ResponseDelay > 0 {
88 | time.Sleep(m.ResponseDelay)
89 | }
90 |
91 | next.ServeHTTP(w, r)
92 | },
93 | )
94 | }
95 |
96 | // GetRequestCount returns the number of requests made to an api method
97 | func (m *mockServer) GetRequestCount(method string) int {
98 | m.mu.Lock()
99 | defer m.mu.Unlock()
100 | return m.requestCount[method]
101 | }
102 |
--------------------------------------------------------------------------------
/mock_builder_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bytes"
5 | "net/http"
6 | "net/http/httptest"
7 | "testing"
8 |
9 | "github.com/stretchr/testify/require"
10 | )
11 |
12 | func Test_mockBuilder(t *testing.T) {
13 | t.Run("test payload", func(t *testing.T) {
14 | builder := newMockServer(t)
15 |
16 | builder.Response = []byte(mockNewPayloadResponseValid)
17 |
18 | req, err := http.NewRequest("POST", "/", bytes.NewReader([]byte(mockNewPayloadRequest)))
19 | require.NoError(t, err)
20 | rr := httptest.NewRecorder()
21 | builder.getRouter().ServeHTTP(rr, req)
22 | require.Equal(t, http.StatusOK, rr.Code)
23 | require.Equal(t, 1, builder.requestCount["engine_newPayloadV1"])
24 | })
25 | }
26 |
--------------------------------------------------------------------------------
/mock_data.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | var (
4 | mockNewPayloadRequest = `{
5 | "jsonrpc": "2.0",
6 | "method": "engine_newPayloadV1",
7 | "params": [
8 | {
9 | "parentHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
10 | "feeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
11 | "stateRoot": "0xca3149fa9e37db08d1cd49c9061db1002ef1cd58db2210f2115c8c989b2bdf45",
12 | "receiptsRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
13 | "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
14 | "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
15 | "blockNumber": "0x1",
16 | "gasLimit": "0x1c9c380",
17 | "gasUsed": "0x0",
18 | "timestamp": "0x5",
19 | "extraData": "0x",
20 | "baseFeePerGas": "0x7",
21 | "blockHash": "0x3559e851470f6e7bbed1db474980683e8c315bfce99b2a6ef47c057c04de7858",
22 | "transactions": []
23 | }
24 | ],
25 | "id": 67
26 | }`
27 | mockNewPayloadResponseValid = `{
28 | "jsonrpc": "2.0",
29 | "id": 67,
30 | "result": {
31 | "status": "VALID",
32 | "latestValidHash": "0x3559e851470f6e7bbed1db474980683e8c315bfce99b2a6ef47c057c04de7858",
33 | "validationError": ""
34 | }
35 | }`
36 | mockNewPayloadResponseSyncing = `{
37 | "jsonrpc": "2.0",
38 | "id": 67,
39 | "result": {
40 | "status": "SYNCING",
41 | "latestValidHash": "0x3559e851470f6e7bbed1db474980683e8c315bfce99b2a6ef47c057c04de7858",
42 | "validationError": ""
43 | }
44 | }`
45 | mockForkchoiceRequestWithPayloadAttributesV1 = `{
46 | "jsonrpc": "2.0",
47 | "method": "engine_forkchoiceUpdatedV1",
48 | "params": [
49 | {
50 | "headBlockHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
51 | "safeBlockHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
52 | "finalizedBlockHash": "0x0000000000000000000000000000000000000000000000000000000000000000"
53 | },
54 | {
55 | "timestamp": "0x5",
56 | "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
57 | "suggestedFeeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b"
58 | }
59 | ],
60 | "id": 67
61 | }`
62 | mockForkchoiceRequestWithPayloadAttributesV2 = `{
63 | "jsonrpc": "2.0",
64 | "method": "engine_forkchoiceUpdatedV1",
65 | "params": [
66 | {
67 | "headBlockHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
68 | "safeBlockHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
69 | "finalizedBlockHash": "0x0000000000000000000000000000000000000000000000000000000000000000"
70 | },
71 | {
72 | "timestamp": "0x5",
73 | "prevRandao": "0x0000000000000000000000000000000000000000000000000000000000000000",
74 | "suggestedFeeRecipient": "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b",
75 | "withdrawals": [
76 | {
77 | "index": "0x237dde",
78 | "validatorIndex": "0x38b37",
79 | "address": "0x8f0844fd51e31ff6bf5babe21dccf7328e19fd9f",
80 | "amount": "0x1a6d92"
81 | }
82 | ]
83 | }
84 | ],
85 | "id": 67
86 | }`
87 | mockForkchoiceRequest = `{
88 | "jsonrpc": "2.0",
89 | "method": "engine_forkchoiceUpdatedV1",
90 | "params": [
91 | {
92 | "headBlockHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
93 | "safeBlockHash": "0x3b8fb240d288781d4aac94d3fd16809ee413bc99294a085798a589dae51ddd4a",
94 | "finalizedBlockHash": "0x0000000000000000000000000000000000000000000000000000000000000000"
95 | },
96 | null
97 | ],
98 | "id": 67
99 | }`
100 | mockForkchoiceResponse = `{
101 | "jsonrpc": "2.0",
102 | "id": 67,
103 | "result": {
104 | "payloadStatus": {
105 | "status": "VALID",
106 | "latestValidHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
107 | "validationError": ""
108 | },
109 | "payloadId": null
110 | }
111 | }`
112 | mockTransitionRequest = `{
113 | "jsonrpc": "2.0",
114 | "method": "engine_exchangeTransitionConfigurationV1",
115 | "params": ["0x12309ce54000", "0x0000000000000000000000000000000000000000000000000000000000000000", "0x0"],
116 | "id": 1
117 | }`
118 | mockTransitionResponse = `{
119 | "jsonrpc": "2.0",
120 | "id": 1,
121 | "result": {
122 | "terminalTotalDifficulty": "0x12309ce54000",
123 | "terminalBlockHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
124 | "terminalBlockNumber": "0x0"
125 | }
126 | }`
127 | mockEthChainIDRequest = `{"jsonrpc":"2.0","method":"eth_chainId","id":1}`
128 | )
129 |
--------------------------------------------------------------------------------
/proxy.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bytes"
5 | "compress/gzip"
6 | "context"
7 | "encoding/json"
8 | "errors"
9 | "fmt"
10 | "io"
11 | "net"
12 | "net/http"
13 | "net/http/httputil"
14 | "net/url"
15 | "strings"
16 | "sync"
17 | "time"
18 |
19 | "github.com/sirupsen/logrus"
20 | )
21 |
22 | var (
23 | errServerAlreadyRunning = errors.New("server already running")
24 | errNoBuilders = errors.New("no builders specified")
25 | errNoSuccessfulBuilderResponse = errors.New("no successful builder response")
26 |
27 | newPayload = "engine_newPayload"
28 | fcU = "engine_forkchoiceUpdated"
29 | )
30 |
31 | type BuilderResponse struct {
32 | Header http.Header
33 | Body []byte
34 | UncompressedBody []byte
35 | URL *url.URL
36 | StatusCode int
37 | }
38 |
39 | // ProxyEntry is an entry consisting of a URL and a proxy
40 | type ProxyEntry struct {
41 | URL *url.URL
42 | Proxy *httputil.ReverseProxy
43 | }
44 |
45 | // BeaconEntry consists of a URL from a beacon client and latest timestamp recorded
46 | type BeaconEntry struct {
47 | Addr string
48 | Timestamp uint64
49 | }
50 |
51 | // ProxyServiceOpts contains options for the ProxyService
52 | type ProxyServiceOpts struct {
53 | ListenAddr string
54 | Builders []*url.URL
55 | BuilderTimeout time.Duration
56 | Proxies []*url.URL
57 | ProxyTimeout time.Duration
58 | Log *logrus.Entry
59 | }
60 |
61 | // ProxyService is a service that proxies requests from beacon node to builders
62 | type ProxyService struct {
63 | listenAddr string
64 | srv *http.Server
65 | builderEntries []*ProxyEntry
66 | proxyEntries []*ProxyEntry
67 | bestBeaconEntry *BeaconEntry
68 |
69 | log *logrus.Entry
70 | mu sync.Mutex
71 | }
72 |
73 | // NewProxyService creates a new ProxyService
74 | func NewProxyService(opts ProxyServiceOpts) (*ProxyService, error) {
75 | if len(opts.Builders) == 0 {
76 | return nil, errNoBuilders
77 | }
78 |
79 | var builderEntries []*ProxyEntry
80 | for _, builder := range opts.Builders {
81 | entry := buildProxyEntry(builder, opts.BuilderTimeout)
82 | builderEntries = append(builderEntries, &entry)
83 | }
84 |
85 | var proxyEntries []*ProxyEntry
86 | for _, proxy := range opts.Proxies {
87 | entry := buildProxyEntry(proxy, opts.ProxyTimeout)
88 | proxyEntries = append(proxyEntries, &entry)
89 | }
90 |
91 | return &ProxyService{
92 | listenAddr: opts.ListenAddr,
93 | builderEntries: builderEntries,
94 | proxyEntries: proxyEntries,
95 | log: opts.Log,
96 | }, nil
97 | }
98 |
99 | // StartHTTPServer starts the HTTP server for the proxy service
100 | func (p *ProxyService) StartHTTPServer() error {
101 | if p.srv != nil {
102 | return errServerAlreadyRunning
103 | }
104 |
105 | p.srv = &http.Server{
106 | Addr: p.listenAddr,
107 | Handler: http.HandlerFunc(p.ServeHTTP),
108 | }
109 |
110 | err := p.srv.ListenAndServe()
111 | if err == http.ErrServerClosed {
112 | return nil
113 | }
114 | return err
115 | }
116 |
117 | func (p *ProxyService) ServeHTTP(w http.ResponseWriter, req *http.Request) {
118 | // return OK for all GET requests, used for debug
119 | if req.Method == http.MethodGet {
120 | w.WriteHeader(http.StatusOK)
121 | return
122 | }
123 |
124 | bodyBytes, err := io.ReadAll(req.Body)
125 | defer req.Body.Close()
126 | if err != nil {
127 | p.log.WithError(err).Error("failed to read request body")
128 | w.WriteHeader(http.StatusInternalServerError)
129 | return
130 | }
131 |
132 | remoteHost := getRemoteHost(req)
133 | requestJSON, err := p.checkBeaconRequest(bodyBytes, remoteHost)
134 | if err != nil {
135 | w.WriteHeader(http.StatusInternalServerError)
136 | return
137 | }
138 |
139 | if p.shouldFilterRequest(remoteHost, requestJSON.Method) {
140 | p.log.WithField("remoteHost", remoteHost).Debug("request filtered from beacon node proxy is not synced to")
141 | w.WriteHeader(http.StatusOK)
142 | return
143 | }
144 |
145 | // return if request is cancelled or timed out
146 | err = req.Context().Err()
147 | if errors.Is(err, context.DeadlineExceeded) || errors.Is(err, context.Canceled) {
148 | w.WriteHeader(http.StatusBadRequest)
149 | return
150 | }
151 |
152 | builderResponse, err := p.callBuilders(req, requestJSON, bodyBytes)
153 | p.callProxies(req, bodyBytes)
154 |
155 | if err != nil {
156 | http.Error(w, err.Error(), http.StatusBadGateway)
157 | return
158 | }
159 |
160 | copyHeader(w.Header(), builderResponse.Header)
161 | w.WriteHeader(builderResponse.StatusCode)
162 | io.Copy(w, io.NopCloser(bytes.NewBuffer(builderResponse.Body)))
163 | }
164 |
165 | func (p *ProxyService) callBuilders(req *http.Request, requestJSON JSONRPCRequest, bodyBytes []byte) (BuilderResponse, error) {
166 | numSuccessRequestsToBuilder := 0
167 | var mu sync.Mutex
168 |
169 | var responses []BuilderResponse
170 | var primaryReponse BuilderResponse
171 |
172 | // Call the builders
173 | var wg sync.WaitGroup
174 | for _, entry := range p.builderEntries {
175 | wg.Add(1)
176 | go func(entry *ProxyEntry) {
177 | defer wg.Done()
178 | url := entry.URL
179 | proxy := entry.Proxy
180 | resp, err := SendProxyRequest(req, proxy, bodyBytes)
181 | if err != nil {
182 | log.WithError(err).WithField("url", url.String()).Error("error sending request to builder")
183 | return
184 | }
185 |
186 | reader := resp.Body
187 | responseBytes, err := io.ReadAll(reader)
188 | if err != nil {
189 | p.log.WithError(err).Error("failed to read response body")
190 | return
191 | }
192 | defer resp.Body.Close()
193 |
194 | var uncompressedResponseBytes []byte
195 | if !resp.Uncompressed && resp.Header.Get("Content-Encoding") == "gzip" {
196 | reader, err = gzip.NewReader(io.NopCloser(bytes.NewBuffer(responseBytes)))
197 | if err != nil {
198 | p.log.WithError(err).Error("failed to decompress response body")
199 | return
200 | }
201 | uncompressedResponseBytes, err = io.ReadAll(reader)
202 | if err != nil {
203 | p.log.WithError(err).Error("failed to read decompressed response body")
204 | return
205 | }
206 | }
207 |
208 | mu.Lock()
209 | defer mu.Unlock()
210 |
211 | builderResponse := BuilderResponse{Header: resp.Header, Body: responseBytes, UncompressedBody: uncompressedResponseBytes, URL: url, StatusCode: resp.StatusCode}
212 | responses = append(responses, builderResponse)
213 |
214 | p.log.WithFields(logrus.Fields{
215 | "method": requestJSON.Method,
216 | "id": requestJSON.ID,
217 | "response": string(getResponseBody(builderResponse)),
218 | "url": url.String(),
219 | }).Debug("response received from builder")
220 |
221 | // Use response from first EL endpoint specificed and fallback if response not found
222 | if numSuccessRequestsToBuilder == 0 {
223 | primaryReponse = builderResponse
224 | }
225 | if url.String() == p.builderEntries[0].URL.String() {
226 | primaryReponse = builderResponse
227 | }
228 |
229 | numSuccessRequestsToBuilder++
230 | }(entry)
231 | }
232 |
233 | // Wait for all requests to complete...
234 | wg.Wait()
235 |
236 | if numSuccessRequestsToBuilder == 0 {
237 | return primaryReponse, errNoSuccessfulBuilderResponse
238 | }
239 |
240 | if isEngineRequest(requestJSON.Method) {
241 | p.maybeLogReponseDifferences(requestJSON.Method, primaryReponse, responses)
242 | }
243 |
244 | return primaryReponse, nil
245 | }
246 |
247 | func (p *ProxyService) callProxies(req *http.Request, bodyBytes []byte) {
248 | // call other proxies to forward requests from other beacon nodes
249 | for _, entry := range p.proxyEntries {
250 | go func(entry *ProxyEntry) {
251 | _, err := SendProxyRequest(req, entry.Proxy, bodyBytes)
252 | if err != nil {
253 | log.WithError(err).WithField("url", entry.URL.String()).Error("error sending request to proxy")
254 | return
255 | }
256 | }(entry)
257 | }
258 | }
259 |
260 | func (p *ProxyService) checkBeaconRequest(bodyBytes []byte, remoteHost string) (JSONRPCRequest, error) {
261 | var requestJSON JSONRPCRequest
262 | var batchRequestJSON []JSONRPCRequest
263 | err := json.Unmarshal(bodyBytes, &requestJSON)
264 |
265 | if err != nil {
266 | p.log.WithError(err).Warn("failed to decode request body json, trying to decode as batch request")
267 | // may be batch request
268 | if err := json.Unmarshal(bodyBytes, &batchRequestJSON); err != nil {
269 | p.log.WithError(err).Error("failed to decode request body json as batch request")
270 | return requestJSON, err
271 | }
272 | // not interested in batch requests
273 | return requestJSON, nil
274 | }
275 |
276 | p.log.WithFields(logrus.Fields{
277 | "method": requestJSON.Method,
278 | "id": requestJSON.ID,
279 | }).Debug("request received from beacon node")
280 |
281 | p.updateBestBeaconEntry(requestJSON, remoteHost)
282 |
283 | return requestJSON, nil
284 | }
285 |
286 | func (p *ProxyService) shouldFilterRequest(remoteHost, method string) bool {
287 | if !isEngineRequest(method) {
288 | return true
289 | }
290 |
291 | if !strings.HasPrefix(method, newPayload) && !p.isFromBestBeaconEntry(remoteHost) {
292 | return true
293 | }
294 |
295 | return false
296 | }
297 |
298 | func (p *ProxyService) isFromBestBeaconEntry(remoteHost string) bool {
299 | p.mu.Lock()
300 | defer p.mu.Unlock()
301 | return p.bestBeaconEntry != nil && p.bestBeaconEntry.Addr == remoteHost
302 | }
303 |
304 | // updates for which the proxy / beacon should sync to
305 | func (p *ProxyService) updateBestBeaconEntry(request JSONRPCRequest, requestAddr string) {
306 | p.mu.Lock()
307 | defer p.mu.Unlock()
308 |
309 | if p.bestBeaconEntry == nil {
310 | log.WithFields(logrus.Fields{
311 | "newAddr": requestAddr,
312 | }).Info("request received from beacon node")
313 | p.bestBeaconEntry = &BeaconEntry{Addr: requestAddr, Timestamp: 0}
314 | }
315 |
316 | // update to compare differences in timestamp
317 | var timestamp uint64
318 | if strings.HasPrefix(request.Method, fcU) {
319 | switch v := request.Params[1].(type) {
320 | case *PayloadAttributes:
321 | timestamp = v.Timestamp
322 | }
323 | } else if strings.HasPrefix(request.Method, newPayload) {
324 | switch v := request.Params[0].(type) {
325 | case *ExecutionPayload:
326 | timestamp = v.Timestamp
327 | }
328 | }
329 |
330 | if p.bestBeaconEntry.Timestamp < timestamp {
331 | log.WithFields(logrus.Fields{
332 | "oldTimestamp": p.bestBeaconEntry.Timestamp,
333 | "oldAddr": p.bestBeaconEntry.Addr,
334 | "newTimestamp": timestamp,
335 | "newAddr": requestAddr,
336 | }).Info(fmt.Sprintf("new timestamp from %s request received from beacon node", request.Method))
337 | p.bestBeaconEntry = &BeaconEntry{Timestamp: timestamp, Addr: requestAddr}
338 | }
339 | }
340 |
341 | func (p *ProxyService) maybeLogReponseDifferences(method string, primaryResponse BuilderResponse, responses []BuilderResponse) {
342 | expectedStatus, err := extractStatus(method, getResponseBody(primaryResponse))
343 | if err != nil {
344 | p.log.WithError(err).WithFields(logrus.Fields{
345 | "method": method,
346 | "url": primaryResponse.URL.String(),
347 | "resp": string(getResponseBody(primaryResponse)),
348 | }).Error("error reading status from primary EL response")
349 | }
350 |
351 | if expectedStatus == "" {
352 | return
353 | }
354 |
355 | for _, response := range responses {
356 | if response.URL.String() == primaryResponse.URL.String() {
357 | continue
358 | }
359 |
360 | status, err := extractStatus(method, getResponseBody(response))
361 | if err != nil {
362 | p.log.WithError(err).WithFields(logrus.Fields{
363 | "method": method,
364 | "url": primaryResponse.URL.String(),
365 | "resp": string(getResponseBody(response)),
366 | }).Error("error reading status from EL response")
367 | }
368 |
369 | if status != expectedStatus {
370 | p.log.WithFields(logrus.Fields{
371 | "primaryStatus": expectedStatus,
372 | "secondaryStatus": status,
373 | "primaryUrl": primaryResponse.URL.String(),
374 | "secondaryUrl": response.URL.String(),
375 | }).Info("found difference in EL responses")
376 | }
377 | }
378 | }
379 |
380 | func buildProxyEntry(proxyURL *url.URL, timeout time.Duration) ProxyEntry {
381 | proxy := httputil.NewSingleHostReverseProxy(proxyURL)
382 | proxy.Transport = &http.Transport{
383 | Proxy: http.ProxyFromEnvironment,
384 | DialContext: (&net.Dialer{
385 | Timeout: timeout,
386 | KeepAlive: timeout,
387 | }).DialContext,
388 | ForceAttemptHTTP2: true,
389 | MaxIdleConns: 100,
390 | IdleConnTimeout: 90 * time.Second,
391 | TLSHandshakeTimeout: 10 * time.Second,
392 | ExpectContinueTimeout: 1 * time.Second,
393 | }
394 | return ProxyEntry{Proxy: proxy, URL: proxyURL}
395 | }
396 |
--------------------------------------------------------------------------------
/proxy_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bytes"
5 | "encoding/json"
6 | "net/http"
7 | "net/http/httptest"
8 | "net/url"
9 | "testing"
10 | "time"
11 |
12 | "github.com/sirupsen/logrus"
13 | "github.com/stretchr/testify/require"
14 | )
15 |
16 | var (
17 | newPayloadPath = "engine_newPayloadV1"
18 | forkchoicePath = "engine_forkchoiceUpdatedV1"
19 | transitionConfigPath = "engine_exchangeTransitionConfigurationV1"
20 |
21 | // testLog is used to log information in the test methods
22 | testLog = logrus.WithField("testing", true)
23 |
24 | from = "10.0.0.0:1234"
25 | )
26 |
27 | type testBackend struct {
28 | proxyService *ProxyService
29 | builders []*mockServer
30 | proxies []*mockServer
31 | }
32 |
33 | // newTestBackend creates a new backend, initializes mock builders and return the instance
34 | func newTestBackend(t *testing.T, numBuilders, numProxies int, builderTimeout, proxyTimeout time.Duration) *testBackend {
35 | backend := testBackend{
36 | builders: createMockServers(t, numBuilders),
37 | proxies: createMockServers(t, numProxies),
38 | }
39 |
40 | builderUrls := getURLs(t, backend.builders)
41 |
42 | proxyUrls := getURLs(t, backend.proxies)
43 |
44 | opts := ProxyServiceOpts{
45 | Log: testLog,
46 | ListenAddr: "localhost:12345",
47 | Builders: builderUrls,
48 | BuilderTimeout: builderTimeout,
49 | Proxies: proxyUrls,
50 | ProxyTimeout: proxyTimeout,
51 | }
52 | service, err := NewProxyService(opts)
53 | require.NoError(t, err)
54 |
55 | backend.proxyService = service
56 | return &backend
57 | }
58 |
59 | func createMockServers(t *testing.T, num int) []*mockServer {
60 | servers := make([]*mockServer, num)
61 | for i := 0; i < num; i++ {
62 | servers[i] = newMockServer(t)
63 | servers[i].Response = []byte(mockNewPayloadResponseValid)
64 | }
65 | return servers
66 | }
67 |
68 | // get urls from the mock servers
69 | func getURLs(t *testing.T, servers []*mockServer) []*url.URL {
70 | urls := make([]*url.URL, len(servers))
71 | for i := 0; i < len(servers); i++ {
72 | url, err := url.Parse(servers[i].Server.URL)
73 | require.NoError(t, err)
74 | urls[i] = url
75 | }
76 | return urls
77 | }
78 |
79 | func (be *testBackend) request(t *testing.T, payload []byte, from string) *httptest.ResponseRecorder {
80 | var req *http.Request
81 | var err error
82 |
83 | if payload == nil {
84 | req, err = http.NewRequest(http.MethodGet, "/", nil)
85 | } else {
86 | req, err = http.NewRequest(http.MethodPost, "/", bytes.NewReader(payload))
87 | }
88 |
89 | require.NoError(t, err)
90 | req.RemoteAddr = from
91 | rr := httptest.NewRecorder()
92 | be.proxyService.ServeHTTP(rr, req)
93 | return rr
94 | }
95 |
96 | func TestRequests(t *testing.T) {
97 | t.Run("test new payload request", func(t *testing.T) {
98 | backend := newTestBackend(t, 2, 0, time.Second, time.Second)
99 |
100 | backend.builders[0].Response = []byte(mockNewPayloadResponseValid)
101 | backend.builders[1].Response = []byte(mockNewPayloadResponseValid)
102 |
103 | rr := backend.request(t, []byte(mockNewPayloadRequest), from)
104 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
105 | require.Equal(t, 1, backend.builders[0].GetRequestCount(newPayloadPath))
106 | require.Equal(t, 1, backend.builders[1].GetRequestCount(newPayloadPath))
107 |
108 | var resp JSONRPCResponse
109 | resp.Result = new(PayloadStatusV1)
110 | err := json.Unmarshal(rr.Body.Bytes(), &resp)
111 | require.NoError(t, err)
112 | require.Equal(t, rr.Body.String(), mockNewPayloadResponseValid)
113 | })
114 |
115 | t.Run("test forkchoice updated request", func(t *testing.T) {
116 | backend := newTestBackend(t, 2, 0, time.Second, time.Second)
117 |
118 | backend.builders[0].Response = []byte(mockForkchoiceResponse)
119 | backend.builders[1].Response = []byte(mockForkchoiceResponse)
120 |
121 | rr := backend.request(t, []byte(mockForkchoiceRequest), from)
122 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
123 | require.Equal(t, 1, backend.builders[0].GetRequestCount(forkchoicePath))
124 | require.Equal(t, 1, backend.builders[1].GetRequestCount(forkchoicePath))
125 |
126 | var resp JSONRPCResponse
127 | resp.Result = new(ForkChoiceResponse)
128 | err := json.Unmarshal(rr.Body.Bytes(), &resp)
129 | require.NoError(t, err)
130 | require.Equal(t, rr.Body.String(), mockForkchoiceResponse)
131 | })
132 |
133 | t.Run("test engine request", func(t *testing.T) {
134 | backend := newTestBackend(t, 2, 0, time.Second, time.Second)
135 |
136 | backend.builders[0].Response = []byte(mockTransitionResponse)
137 | backend.builders[1].Response = []byte(mockTransitionResponse)
138 |
139 | rr := backend.request(t, []byte(mockTransitionRequest), from)
140 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
141 | require.Equal(t, 1, backend.builders[0].GetRequestCount(transitionConfigPath))
142 | require.Equal(t, 1, backend.builders[1].GetRequestCount(transitionConfigPath))
143 |
144 | var resp JSONRPCResponse
145 | err := json.Unmarshal(rr.Body.Bytes(), &resp)
146 | require.NoError(t, err)
147 | require.Equal(t, rr.Body.String(), mockTransitionResponse)
148 | })
149 |
150 | t.Run("service should send request to builders as well as other proxies", func(t *testing.T) {
151 | backend := newTestBackend(t, 2, 2, time.Second, time.Second)
152 |
153 | rr := backend.request(t, []byte(mockNewPayloadRequest), from)
154 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
155 | require.Equal(t, 1, backend.builders[0].GetRequestCount(newPayloadPath))
156 | require.Equal(t, 1, backend.builders[1].GetRequestCount(newPayloadPath))
157 | })
158 |
159 | t.Run("should filter requests not from engine or builder namespace", func(t *testing.T) {
160 | backend := newTestBackend(t, 1, 0, time.Second, time.Second)
161 |
162 | rr := backend.request(t, []byte(mockEthChainIDRequest), from)
163 | require.Equal(t, http.StatusOK, rr.Code)
164 |
165 | require.Equal(t, rr.Body.String(), "")
166 | })
167 |
168 | t.Run("should filter requests not from the best synced", func(t *testing.T) {
169 | backend := newTestBackend(t, 2, 2, time.Second, time.Second)
170 |
171 | rr := backend.request(t, []byte(mockForkchoiceRequest), "localhost:8080")
172 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
173 | rr = backend.request(t, []byte(mockForkchoiceRequest), from)
174 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
175 |
176 | require.Equal(t, 1, backend.builders[0].GetRequestCount(forkchoicePath))
177 | require.Equal(t, 1, backend.builders[1].GetRequestCount(forkchoicePath))
178 | })
179 |
180 | t.Run("service should not filter new payload requests from any beacon node", func(t *testing.T) {
181 | backend := newTestBackend(t, 2, 2, time.Second, time.Second)
182 |
183 | rr := backend.request(t, []byte(mockNewPayloadRequest), "localhost:8080")
184 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
185 | rr = backend.request(t, []byte(mockNewPayloadRequest), from)
186 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
187 |
188 | require.Equal(t, 2, backend.builders[0].GetRequestCount(newPayloadPath))
189 | require.Equal(t, 2, backend.builders[1].GetRequestCount(newPayloadPath))
190 | })
191 |
192 | t.Run("should return status ok for GET requests", func(t *testing.T) {
193 | backend := newTestBackend(t, 1, 0, time.Second, time.Second)
194 |
195 | rr := backend.request(t, nil, from)
196 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
197 | })
198 | }
199 |
200 | func TestBuilders(t *testing.T) {
201 | t.Run("builders have different responses should return response of first builder", func(t *testing.T) {
202 | backend := newTestBackend(t, 2, 0, time.Second, time.Second)
203 |
204 | backend.builders[0].Response = []byte(mockNewPayloadResponseSyncing)
205 | backend.builders[1].Response = []byte(mockNewPayloadResponseValid)
206 |
207 | rr := backend.request(t, []byte(mockNewPayloadRequest), from)
208 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
209 | require.Equal(t, 1, backend.builders[0].GetRequestCount(newPayloadPath))
210 | require.Equal(t, 1, backend.builders[1].GetRequestCount(newPayloadPath))
211 |
212 | var resp JSONRPCResponse
213 | resp.Result = new(PayloadStatusV1)
214 | err := json.Unmarshal(rr.Body.Bytes(), &resp)
215 | require.NoError(t, err)
216 | require.Equal(t, rr.Body.String(), mockNewPayloadResponseSyncing)
217 | })
218 |
219 | t.Run("only first builder online should return response of first builder", func(t *testing.T) {
220 | backend := newTestBackend(t, 2, 0, time.Second, time.Second)
221 |
222 | backend.builders[0].Response = []byte(mockForkchoiceResponse)
223 | backend.builders[1].Server.Close()
224 |
225 | rr := backend.request(t, []byte(mockForkchoiceRequest), from)
226 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
227 | require.Equal(t, 1, backend.builders[0].GetRequestCount(forkchoicePath))
228 | require.Equal(t, 0, backend.builders[1].GetRequestCount(forkchoicePath))
229 |
230 | var resp JSONRPCResponse
231 | resp.Result = new(ForkChoiceResponse)
232 | err := json.Unmarshal(rr.Body.Bytes(), &resp)
233 | require.NoError(t, err)
234 | require.Equal(t, rr.Body.String(), mockForkchoiceResponse)
235 | })
236 |
237 | t.Run("if first builder is offline proxy should fallback to another builder", func(t *testing.T) {
238 | backend := newTestBackend(t, 2, 0, time.Second, time.Second)
239 |
240 | backend.builders[1].Response = []byte(mockNewPayloadResponseSyncing)
241 | backend.builders[0].Server.Close()
242 |
243 | rr := backend.request(t, []byte(mockNewPayloadRequest), from)
244 | require.Equal(t, http.StatusOK, rr.Code, rr.Body.String())
245 | require.Equal(t, 0, backend.builders[0].GetRequestCount(newPayloadPath))
246 | require.Equal(t, 1, backend.builders[1].GetRequestCount(newPayloadPath))
247 |
248 | var resp JSONRPCResponse
249 | resp.Result = new(PayloadStatusV1)
250 | err := json.Unmarshal(rr.Body.Bytes(), &resp)
251 | require.NoError(t, err)
252 | require.Equal(t, rr.Body.String(), mockNewPayloadResponseSyncing)
253 | })
254 |
255 | t.Run("all builders are down", func(t *testing.T) {
256 | backend := newTestBackend(t, 1, 0, time.Second, time.Second)
257 |
258 | backend.builders[0].Server.Close()
259 |
260 | rr := backend.request(t, []byte(mockNewPayloadRequest), from)
261 | require.Equal(t, http.StatusBadGateway, rr.Code, rr.Body.String())
262 | require.Equal(t, 0, backend.builders[0].GetRequestCount(newPayloadPath))
263 | })
264 | }
265 |
266 | func TestUpdateBestBeaconNode(t *testing.T) {
267 | var data JSONRPCRequest
268 | json.Unmarshal([]byte(mockForkchoiceRequestWithPayloadAttributesV1), &data)
269 |
270 | data.Params[1].(*PayloadAttributes).Timestamp = 10
271 | higherTimestampFcu, err := json.Marshal(data)
272 | require.NoError(t, err)
273 |
274 | json.Unmarshal([]byte(mockForkchoiceRequestWithPayloadAttributesV2), &data)
275 |
276 | data.Params[1].(*PayloadAttributes).Timestamp = 1
277 | lowerTimestampFcu, err := json.Marshal(data)
278 | require.NoError(t, err)
279 |
280 | json.Unmarshal([]byte(mockForkchoiceRequest), &data)
281 |
282 | t.Run("should update address to sync if sync target address is not set", func(t *testing.T) {
283 | backend := newTestBackend(t, 1, 0, time.Second, time.Second)
284 |
285 | backend.request(t, []byte(mockNewPayloadRequest), from)
286 | require.NotNil(t, backend.proxyService.bestBeaconEntry)
287 | })
288 |
289 | t.Run("should update address to sync if higher current timestamp is received", func(t *testing.T) {
290 | backend := newTestBackend(t, 1, 0, time.Second, time.Second)
291 |
292 | backend.request(t, lowerTimestampFcu, from)
293 | require.NotNil(t, backend.proxyService.bestBeaconEntry)
294 | require.Equal(t, backend.proxyService.bestBeaconEntry.Timestamp, uint64(1))
295 |
296 | backend.request(t, higherTimestampFcu, from)
297 | require.NotNil(t, backend.proxyService.bestBeaconEntry)
298 | require.Equal(t, uint64(10), backend.proxyService.bestBeaconEntry.Timestamp)
299 | })
300 |
301 | t.Run("should not update address to sync if timestamp received is not higher than previously received", func(t *testing.T) {
302 | backend := newTestBackend(t, 1, 0, time.Second, time.Second)
303 |
304 | backend.request(t, higherTimestampFcu, from)
305 | require.NotNil(t, backend.proxyService.bestBeaconEntry)
306 | require.Equal(t, backend.proxyService.bestBeaconEntry.Timestamp, uint64(10))
307 |
308 | backend.request(t, higherTimestampFcu, from)
309 | require.NotNil(t, backend.proxyService.bestBeaconEntry)
310 | require.Equal(t, backend.proxyService.bestBeaconEntry.Timestamp, uint64(10))
311 | })
312 | }
313 |
--------------------------------------------------------------------------------
/staticcheck.conf:
--------------------------------------------------------------------------------
1 | checks = ["all"]
2 | # checks = ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-ST1023"]
3 | initialisms = ["ACL", "API", "ASCII", "CPU", "CSS", "DNS", "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", "IP", "JSON", "QPS", "RAM", "RPC", "SLA", "SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", "UDP", "UI", "GID", "UID", "UUID", "URI", "URL", "UTF8", "VM", "XML", "XMPP", "XSRF", "XSS", "SIP", "RTP", "AMQP", "DB", "TS"]
4 | dot_import_whitelist = ["github.com/mmcloughlin/avo/build", "github.com/mmcloughlin/avo/operand", "github.com/mmcloughlin/avo/reg"]
5 | http_status_code_whitelist = ["200", "400", "404", "500"]
6 |
--------------------------------------------------------------------------------
/types.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "encoding/json"
5 | "fmt"
6 | "strings"
7 |
8 | "github.com/ethereum/go-ethereum/beacon/engine"
9 | )
10 |
11 | type JSONRPCRequest struct {
12 | JSONRPC string `json:"jsonrpc"`
13 | Method string `json:"method"`
14 | Params []any `json:"params,omitempty"`
15 | ID int `json:"id"`
16 | }
17 |
18 | type JSONRPCResponse struct {
19 | JSONRPC string `json:"jsonrpc"`
20 | ID int `json:"id"`
21 | Result any `json:"result"`
22 | }
23 |
24 | // PayloadID is an identifier of the payload build process
25 | type PayloadID [8]byte
26 |
27 | type PayloadStatusV1 = engine.PayloadStatusV1 // same response as newPayloadV2
28 |
29 | type ForkChoiceResponse = engine.ForkChoiceResponse // same response as forkchoiceUpdatedV2
30 |
31 | type PayloadAttributes = engine.PayloadAttributes // only interested in timestamp
32 |
33 | type ExecutionPayload = engine.ExecutableData
34 |
35 | func (req *JSONRPCRequest) UnmarshalJSON(data []byte) error {
36 | var msg struct {
37 | JSONRPC string `json:"jsonrpc"`
38 | Method string `json:"method"`
39 | ID int `json:"id"`
40 | }
41 |
42 | if err := json.Unmarshal(data, &msg); err != nil {
43 | return err
44 | }
45 |
46 | var requestParams struct {
47 | Params []json.RawMessage `json:"params"`
48 | }
49 | var params []any
50 | switch {
51 | case strings.HasPrefix(msg.Method, fcU):
52 | if err := json.Unmarshal(data, &requestParams); err != nil {
53 | return err
54 | }
55 | if len(requestParams.Params) < 2 {
56 | return fmt.Errorf("expected at least 2 params for forkchoiceUpdated")
57 | }
58 | params = append(params, requestParams.Params[0])
59 |
60 | var payloadAttributes PayloadAttributes
61 | if string(requestParams.Params[1]) != "null" {
62 | if err := json.Unmarshal(requestParams.Params[1], &payloadAttributes); err != nil {
63 | return err
64 | }
65 | }
66 |
67 | params = append(params, &payloadAttributes)
68 | case strings.HasPrefix(msg.Method, newPayload):
69 | if err := json.Unmarshal(data, &requestParams); err != nil {
70 | return err
71 | }
72 | if len(requestParams.Params) < 1 {
73 | return fmt.Errorf("expected at least 1 param for newPayload")
74 | }
75 | var executionPayload ExecutionPayload
76 | if err := json.Unmarshal(requestParams.Params[0], &executionPayload); err != nil {
77 | return err
78 | }
79 | params = append(params, &executionPayload)
80 | default:
81 | }
82 | *req = JSONRPCRequest{
83 | JSONRPC: msg.JSONRPC,
84 | Method: msg.Method,
85 | Params: params,
86 | ID: msg.ID,
87 | }
88 | return nil
89 | }
90 |
--------------------------------------------------------------------------------
/utils.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "bytes"
5 | "context"
6 | "encoding/json"
7 | "io"
8 | "net/http"
9 | "net/http/httputil"
10 | "strings"
11 | )
12 |
13 | func BuildProxyRequest(req *http.Request, proxy *httputil.ReverseProxy, bodyBytes []byte) *http.Request {
14 | // Copy and redirect request to EL endpoint
15 | proxyReq := req.Clone(context.Background())
16 | appendHostToXForwardHeader(proxyReq.Header, req.URL.Host)
17 | proxyReq.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
18 |
19 | proxy.Director(proxyReq)
20 | return proxyReq
21 | }
22 | func SendProxyRequest(req *http.Request, proxy *httputil.ReverseProxy, bodyBytes []byte) (*http.Response, error) {
23 | proxyReq := BuildProxyRequest(req, proxy, bodyBytes)
24 | resp, err := proxy.Transport.RoundTrip(proxyReq)
25 | if err != nil {
26 | return nil, err
27 | }
28 |
29 | return resp, nil
30 | }
31 |
32 | func copyHeader(dst, src http.Header) {
33 | for k, vv := range src {
34 | for _, v := range vv {
35 | dst.Add(k, v)
36 | }
37 | }
38 | }
39 |
40 | func appendHostToXForwardHeader(header http.Header, host string) {
41 | // X-Forwarded-For information to indicate it is forwarded from a BN
42 | if prior, ok := header["X-Forwarded-For"]; ok {
43 | host = strings.Join(prior, ", ") + ", " + host
44 | }
45 | header.Set("X-Forwarded-For", host)
46 | }
47 |
48 | func isEngineRequest(method string) bool {
49 | return strings.HasPrefix(method, "engine_")
50 | }
51 |
52 | func getRemoteHost(r *http.Request) string {
53 | var remoteHost string
54 | if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
55 | remoteHost = xff
56 | } else {
57 | splitAddr := strings.Split(r.RemoteAddr, ":")
58 | if len(splitAddr) > 0 {
59 | remoteHost = splitAddr[0]
60 | }
61 | }
62 | return remoteHost
63 | }
64 |
65 | func extractStatus(method string, response []byte) (string, error) {
66 | var responseJSON JSONRPCResponse
67 |
68 | switch {
69 | case strings.HasPrefix(method, newPayload):
70 | responseJSON.Result = new(PayloadStatusV1)
71 | case strings.HasPrefix(method, fcU):
72 | responseJSON.Result = new(ForkChoiceResponse)
73 | default:
74 | return "", nil // not interested in other engine api calls
75 | }
76 |
77 | if err := json.Unmarshal(response, &responseJSON); err != nil {
78 | return "", err
79 | }
80 |
81 | switch v := responseJSON.Result.(type) {
82 | case *ForkChoiceResponse:
83 | return v.PayloadStatus.Status, nil
84 | case *PayloadStatusV1:
85 | return v.Status, nil
86 | default:
87 | return "", nil // not interested in other engine api calls
88 | }
89 | }
90 |
91 | func getResponseBody(response BuilderResponse) []byte {
92 | if len(response.UncompressedBody) != 0 {
93 | return response.UncompressedBody
94 | }
95 | return response.Body
96 | }
97 |
--------------------------------------------------------------------------------