Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Api Key Rework - PRO-467 #17

Merged
merged 3 commits into from
Jan 22, 2024
Merged

Api Key Rework - PRO-467 #17

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1887340
shortened api key and fixed predefined toml
0xForerunner Jan 17, 2024
1c5268c
dynamic length api key
0xForerunner Jan 19, 2024
38892de
Fix for security issue where api keys were being exposed in logs and …
0xForerunner Jan 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 7 additions & 5 deletions config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,18 @@ escalation_interval = "1m"
datadog_enabled = false
statsd_enabled = false

[predefined.network]
[service.predefined.network]
chain_id = 31337
http_url = "http://127.0.0.1:8545"
ws_url = "ws://127.0.0.1:8545"
name = "predefined"
http_rpc = "http://127.0.0.1:8545"
ws_rpc = "ws://127.0.0.1:8545"

[predefined.relayer]
[service.predefined.relayer]
id = "1b908a34-5dc1-4d2d-a146-5eb46e975830"
name = "predefined"
chain_id = 31337
key_id = "d10607662a85424f02a33fb1e6d095bd0ac7154396ff09762e41f82ff2233aaa"
api_key = "G5CKNF3BTS2hRl60bpdYMNPqXvXsP-QZd2lrtmgctsnllwU9D3Z4D8gOt04M0QNH"
api_key = "G5CKNF3BTS2hRl60bpdYMNPqXvXsP-QZd2lrtmgctsk="

[server]
host = "127.0.0.1:3000"
Expand Down
42 changes: 17 additions & 25 deletions src/api_key.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,40 +3,37 @@ use std::str::FromStr;

use base64::Engine;
use rand::rngs::OsRng;
use rand::RngCore;
use rand::Rng;
use serde::Serialize;
use sha3::{Digest, Sha3_256};

const SECRET_LEN: usize = 16;
const UUID_LEN: usize = 16;

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ApiKey {
pub relayer_id: String,
pub api_key: [u8; 32],
pub secret: [u8; SECRET_LEN],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We actually need to make it into a Vec<u8> or some sort of small vec. We already have 32 byte secret keys running in the dev env

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry could you elaborate? You mean you'd like to keep backwards compatibility with 32byte secrets? (48byte total for the api key?)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, exactly. I see that you already implemented that

}

impl ApiKey {
pub fn new(relayer_id: impl ToString, key: [u8; 32]) -> Self {
pub fn new(relayer_id: impl ToString, secret: [u8; SECRET_LEN]) -> Self {
let relayer_id = relayer_id.to_string();

Self {
relayer_id,
api_key: key,
}
Self { relayer_id, secret }
}

pub fn random(relayer_id: impl ToString) -> Self {
let relayer_id = relayer_id.to_string();

let mut api_key = [0u8; 32];
OsRng.fill_bytes(&mut api_key);

Self {
relayer_id,
api_key,
secret: OsRng.gen(),
}
}

pub fn api_key_hash(&self) -> [u8; 32] {
Sha3_256::digest(self.api_key).into()
Sha3_256::digest(self.secret).into()
}
}

Expand Down Expand Up @@ -66,32 +63,31 @@ impl FromStr for ApiKey {
fn from_str(s: &str) -> Result<Self, Self::Err> {
let buffer = base64::prelude::BASE64_URL_SAFE.decode(s)?;

if buffer.len() != 48 {
if buffer.len() != UUID_LEN + SECRET_LEN {
return Err(eyre::eyre!("invalid api key"));
}

let relayer_id = uuid::Uuid::from_slice(&buffer[..16])?;
let relayer_id = uuid::Uuid::from_slice(&buffer[..UUID_LEN])?;
let relayer_id = relayer_id.to_string();

let mut api_key = [0u8; 32];
api_key.copy_from_slice(&buffer[16..]);
let api_key = buffer[UUID_LEN..].try_into()?;

Ok(Self {
relayer_id,
api_key,
secret: api_key,
})
}
}

impl std::fmt::Display for ApiKey {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
let mut buffer = [0u8; 48];
let mut buffer = [0u8; 32];

let relayer_id = uuid::Uuid::parse_str(&self.relayer_id)
.map_err(|_| std::fmt::Error)?;

buffer[..16].copy_from_slice(relayer_id.as_bytes());
buffer[16..].copy_from_slice(&self.api_key);
buffer[..UUID_LEN].copy_from_slice(relayer_id.as_bytes());
buffer[UUID_LEN..].copy_from_slice(&self.secret);

let encoded = base64::prelude::BASE64_URL_SAFE.encode(buffer);

Expand All @@ -102,15 +98,11 @@ impl std::fmt::Display for ApiKey {
#[cfg(test)]
mod tests {
use rand::rngs::OsRng;
use rand::RngCore;

use super::*;

fn random_api_key() -> ApiKey {
let mut api_key = [0u8; 32];
OsRng.fill_bytes(&mut api_key);

ApiKey::new(uuid::Uuid::new_v4().to_string(), api_key)
ApiKey::new(uuid::Uuid::new_v4().to_string(), OsRng.gen())
}

#[test]
Expand Down