lotus-provider: Put storage secret in the config
This commit is contained in:
Łukasz Magiera
parent
47d4285f10
commit
adb0fc3259
@ -1,10 +1,13 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/filecoin-project/go-statestore"
|
"github.com/filecoin-project/go-statestore"
|
||||||
|
"github.com/gbrlsnchs/jwt/v3"
|
||||||
ds "github.com/ipfs/go-datastore"
|
ds "github.com/ipfs/go-datastore"
|
||||||
dssync "github.com/ipfs/go-datastore/sync"
|
dssync "github.com/ipfs/go-datastore/sync"
|
||||||
|
"golang.org/x/xerrors"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
@ -33,7 +36,6 @@ import (
|
|||||||
"github.com/filecoin-project/lotus/metrics"
|
"github.com/filecoin-project/lotus/metrics"
|
||||||
"github.com/filecoin-project/lotus/node"
|
"github.com/filecoin-project/lotus/node"
|
||||||
"github.com/filecoin-project/lotus/node/config"
|
"github.com/filecoin-project/lotus/node/config"
|
||||||
"github.com/filecoin-project/lotus/node/modules"
|
|
||||||
"github.com/filecoin-project/lotus/node/modules/dtypes"
|
"github.com/filecoin-project/lotus/node/modules/dtypes"
|
||||||
"github.com/filecoin-project/lotus/node/repo"
|
"github.com/filecoin-project/lotus/node/repo"
|
||||||
"github.com/filecoin-project/lotus/provider"
|
"github.com/filecoin-project/lotus/provider"
|
||||||
@ -199,9 +201,9 @@ var runCmd = &cli.Command{
|
|||||||
}
|
}
|
||||||
defer fullCloser()
|
defer fullCloser()
|
||||||
|
|
||||||
sa, err := modules.StorageAuth(ctx, full)
|
sa, err := StorageAuth(cfg.Apis.StorageRPCSecret)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return xerrors.Errorf("parsing Apis.StorageRPCSecret config: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
al := alerting.NewAlertingSystem(j)
|
al := alerting.NewAlertingSystem(j)
|
||||||
@ -308,5 +310,34 @@ func makeDB(cctx *cli.Context) (*harmonydb.DB, error) {
|
|||||||
Port: cctx.String("db-port"),
|
Port: cctx.String("db-port"),
|
||||||
}
|
}
|
||||||
return harmonydb.NewFromConfig(dbConfig)
|
return harmonydb.NewFromConfig(dbConfig)
|
||||||
|
}
|
||||||
|
|
||||||
|
type jwtPayload struct {
|
||||||
|
Allow []auth.Permission
|
||||||
|
}
|
||||||
|
|
||||||
|
func StorageAuth(apiKey string) (sealer.StorageAuth, error) {
|
||||||
|
if apiKey == "" {
|
||||||
|
return nil, xerrors.Errorf("no api key provided")
|
||||||
|
}
|
||||||
|
|
||||||
|
rawKey, err := base64.StdEncoding.DecodeString(apiKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, xerrors.Errorf("decoding api key: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
key := jwt.NewHS256(rawKey)
|
||||||
|
|
||||||
|
p := jwtPayload{
|
||||||
|
Allow: []auth.Permission{"admin"},
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := jwt.Sign(&p, key)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
headers := http.Header{}
|
||||||
|
headers.Add("Authorization", "Bearer "+string(token))
|
||||||
|
return sealer.StorageAuth(headers), nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -79,6 +79,11 @@ type LotusProviderConfig struct {
|
|||||||
type ApisConfig struct {
|
type ApisConfig struct {
|
||||||
// FULLNODE_API_INFO is the API endpoint for the Lotus daemon.
|
// FULLNODE_API_INFO is the API endpoint for the Lotus daemon.
|
||||||
FULLNODE_API_INFO []string
|
FULLNODE_API_INFO []string
|
||||||
|
|
||||||
|
// RPC Secret for the storage subsystem.
|
||||||
|
// If integrating with lotus-miner this must match the value from
|
||||||
|
// cat ~/.lotusminer/keystore/MF2XI2BNNJ3XILLQOJUXMYLUMU | jq -r .PrivateKey
|
||||||
|
StorageRPCSecret string
|
||||||
}
|
}
|
||||||
|
|
||||||
type JournalConfig struct {
|
type JournalConfig struct {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user