Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect an invalid x-token in Rust client #45

Closed
nbaksalyar opened this issue Feb 8, 2023 · 5 comments
Closed

Detect an invalid x-token in Rust client #45

nbaksalyar opened this issue Feb 8, 2023 · 5 comments
Assignees
@shuimuliang

Comments

@nbaksalyar
Copy link
Contributor

If I provide an invalid token, the client doesn't fail immediately.
Instead, I see a flurry of Unexpected EOF decoding stream error messages which can be confusing.
The client should return an error like InvalidToken instead.
@shuimuliang shuimuliang self-assigned this Feb 8, 2023
@shuimuliang
Copy link
Contributor

e.g:

use thiserror::Error;

#[derive(Debug, Error)]
pub enum Error {
    #[error("AccessToken: {0}")]
    AccessToken(String),

    #[error("Certificate: {0}")]
    Certificate(String),

    #[error("I/O: {0}")]
    Io(std::io::Error),

    #[error("Transport: {0}")]
    Transport(tonic::transport::Error),

    #[error("Invalid URI {0}: {1}")]
    InvalidUri(String, String),
}

@shuimuliang
Copy link
Contributor

@nbaksalyar
which kind of x-token is invalid, any samples?

@nbaksalyar
Copy link
Contributor Author

which kind of x-token is invalid, any samples?

Any string value besides the correct token - e.g. you can give it a try with 123. As a result, you won't get any clear indication that the token is invalid, only the Unexpected EOF ... error.

@shuimuliang
Copy link
Contributor

shuimuliang commented Feb 11, 2023
edited
Loading

on the gRPC server side, the request is usually check by

fn check_auth(req: Request<()>) -> Result<Request<()>, Status> {
    let token: MetadataValue<_> = "Bearer some-secret-token".parse().unwrap();

    match req.metadata().get("authorization") {
        Some(t) if token == t => Ok(req),
        _ => Err(Status::unauthenticated("No valid auth token")),
    }
}

Q:

  1. where's x_token validation logic in this code base(solana-geyser-grpc)?
  2. is x_token a bearer token similar to JWT, e.g:
    x_token: Bearer token
    x_token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

shuimuliang added a commit that referenced this issue Feb 14, 2023
@shuimuliang
fix: #45
0dec00c
@shuimuliang shuimuliang linked a pull request Feb 14, 2023 that will close this issue
Tonic retry client #38 #51
Closed
@shuimuliang shuimuliang mentioned this issue Feb 14, 2023
Closed
@shuimuliang
Copy link
Contributor

test case

    #[tokio::test]
    async fn test_channel_http_success() {
        let endpoint = "http://127.0.0.1:10000".to_owned();
        let x_token = "1234567891012141618202224268".to_owned();
        let res: Result<RetryChannel, Error> = RetryChannel::new(endpoint, Some(x_token));
        assert!(res.is_ok())
    }

    #[tokio::test]
    async fn test_channel_invalid_token_some() {
        let endpoint = "http://127.0.0.1:10000".to_owned();
        let x_token = "123".to_owned();
        let res: Result<RetryChannel, Error> = RetryChannel::new(endpoint, Some(x_token.clone()));
        assert!(res.is_err());

        if let Err(Error::XToken(_)) = res {
            assert!(true);
        } else {
            assert!(false);
        }
    }

@shuimuliang shuimuliang mentioned this issue Feb 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shuimuliang shuimuliang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Tonic retry client #38 rpcpool/yellowstone-grpc
2 participants
@nbaksalyar @shuimuliang