Merge branch 'main' into lt/unify-bls

Author: ltitanb

Cargo.lock

@@ -5,7 +5,7 @@ resolver = "2"
 [workspace.package]
 edition = "2021"
 rust-version = "1.83"
-version = "0.8.0"
+version = "0.8.1-rc.1"
 
 [workspace.dependencies]
 aes = "0.8"

Cargo.toml

@@ -15,10 +15,10 @@ use cb_common::{
         PROXY_DIR_KEYS_ENV, PROXY_DIR_SECRETS_DEFAULT, PROXY_DIR_SECRETS_ENV, SIGNER_DEFAULT,
         SIGNER_DIR_KEYS_DEFAULT, SIGNER_DIR_KEYS_ENV, SIGNER_DIR_SECRETS_DEFAULT,
         SIGNER_DIR_SECRETS_ENV, SIGNER_ENDPOINT_ENV, SIGNER_KEYS_ENV, SIGNER_MODULE_NAME,
-        SIGNER_URL_ENV,
+        SIGNER_PORT_DEFAULT, SIGNER_URL_ENV,
     },
-    pbs::{BUILDER_API_PATH, GET_STATUS_PATH},
-    signer::{ProxyStore, SignerLoader, DEFAULT_SIGNER_PORT},
+    pbs::{BUILDER_V1_API_PATH, GET_STATUS_PATH},
+    signer::{ProxyStore, SignerLoader},
     types::ModuleId,
     utils::random_jwt_secret,
 };
@@ -73,7 +73,7 @@ pub async fn handle_docker_init(config_path: PathBuf, output_dir: PathBuf) -> Re
     let mut targets = Vec::new();
 
     // address for signer API communication
-    let signer_port = cb_config.signer.as_ref().map(|s| s.port).unwrap_or(DEFAULT_SIGNER_PORT);
+    let signer_port = cb_config.signer.as_ref().map(|s| s.port).unwrap_or(SIGNER_PORT_DEFAULT);
     let signer_server =
         if let Some(SignerConfig { inner: SignerType::Remote { url }, .. }) = &cb_config.signer {
             url.to_string()
@@ -308,7 +308,7 @@ pub async fn handle_docker_init(config_path: PathBuf, output_dir: PathBuf) -> Re
         healthcheck: Some(Healthcheck {
             test: Some(HealthcheckTest::Single(format!(
                 "curl -f http://localhost:{}{}{}",
-                cb_config.pbs.pbs_config.port, BUILDER_API_PATH, GET_STATUS_PATH
+                cb_config.pbs.pbs_config.port, BUILDER_V1_API_PATH, GET_STATUS_PATH
             ))),
             interval: Some("30s".into()),
             timeout: Some("5s".into()),

crates/cli/src/docker_init.rs

@@ -34,11 +34,16 @@ pub const SIGNER_MODULE_NAME: &str = "signer";
 
 /// Where the signer module should open the server
 pub const SIGNER_ENDPOINT_ENV: &str = "CB_SIGNER_ENDPOINT";
+pub const SIGNER_PORT_DEFAULT: u16 = 20000;
 
-// JWT authentication settings
+/// Number of auth failures before rate limiting the client
 pub const SIGNER_JWT_AUTH_FAIL_LIMIT_ENV: &str = "CB_SIGNER_JWT_AUTH_FAIL_LIMIT";
+pub const SIGNER_JWT_AUTH_FAIL_LIMIT_DEFAULT: u32 = 3;
+
+/// How long to rate limit the client after auth failures
 pub const SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_ENV: &str =
     "CB_SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS";
+pub const SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_DEFAULT: u32 = 5 * 60;
 
 /// Comma separated list module_id=jwt_secret
 pub const JWTS_ENV: &str = "CB_JWTS";

crates/common/src/config/constants.rs

@@ -12,15 +12,13 @@ use url::Url;
 
 use super::{
     load_jwt_secrets, load_optional_env_var, utils::load_env_var, CommitBoostConfig,
-    SIGNER_ENDPOINT_ENV, SIGNER_IMAGE_DEFAULT, SIGNER_JWT_AUTH_FAIL_LIMIT_ENV,
-    SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_ENV,
+    SIGNER_ENDPOINT_ENV, SIGNER_IMAGE_DEFAULT, SIGNER_JWT_AUTH_FAIL_LIMIT_DEFAULT,
+    SIGNER_JWT_AUTH_FAIL_LIMIT_ENV, SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_DEFAULT,
+    SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_ENV, SIGNER_PORT_DEFAULT,
 };
 use crate::{
     config::{DIRK_CA_CERT_ENV, DIRK_CERT_ENV, DIRK_DIR_SECRETS_ENV, DIRK_KEY_ENV},
-    signer::{
-        ProxyStore, SignerLoader, DEFAULT_JWT_AUTH_FAIL_LIMIT,
-        DEFAULT_JWT_AUTH_FAIL_TIMEOUT_SECONDS, DEFAULT_SIGNER_PORT,
-    },
+    signer::{ProxyStore, SignerLoader},
     types::{Chain, ModuleId},
     utils::{default_host, default_u16, default_u32},
 };
@@ -32,20 +30,20 @@ pub struct SignerConfig {
     #[serde(default = "default_host")]
     pub host: Ipv4Addr,
     /// Port to listen for signer API calls on
-    #[serde(default = "default_u16::<DEFAULT_SIGNER_PORT>")]
+    #[serde(default = "default_u16::<SIGNER_PORT_DEFAULT>")]
     pub port: u16,
     /// Docker image of the module
-    #[serde(default = "default_signer")]
+    #[serde(default = "default_signer_image")]
     pub docker_image: String,
 
     /// Number of JWT auth failures before rate limiting an endpoint
     /// If set to 0, no rate limiting will be applied
-    #[serde(default = "default_u32::<DEFAULT_JWT_AUTH_FAIL_LIMIT>")]
+    #[serde(default = "default_u32::<SIGNER_JWT_AUTH_FAIL_LIMIT_DEFAULT>")]
     pub jwt_auth_fail_limit: u32,
 
     /// Duration in seconds to rate limit an endpoint after the JWT auth failure
     /// limit has been reached
-    #[serde(default = "default_u32::<DEFAULT_JWT_AUTH_FAIL_TIMEOUT_SECONDS>")]
+    #[serde(default = "default_u32::<SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_DEFAULT>")]
     pub jwt_auth_fail_timeout_seconds: u32,
 
     /// Inner type-specific configuration
@@ -70,7 +68,7 @@ impl SignerConfig {
     }
 }
 
-fn default_signer() -> String {
+fn default_signer_image() -> String {
     SIGNER_IMAGE_DEFAULT.to_string()
 }
 

crates/common/src/config/signer.rs

@@ -0,0 +1,30 @@
+use std::fmt::{Display, Formatter, Result};
+
+use serde::{Deserialize, Serialize};
+
+use crate::pbs::{BUILDER_V1_API_PATH, BUILDER_V2_API_PATH};
+
+// Version of the builder API for various routes
+#[derive(Debug, Copy, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "lowercase")]
+pub enum BuilderApiVersion {
+    V1 = 1,
+    V2,
+}
+impl BuilderApiVersion {
+    pub const fn path(&self) -> &'static str {
+        match self {
+            BuilderApiVersion::V1 => BUILDER_V1_API_PATH,
+            BuilderApiVersion::V2 => BUILDER_V2_API_PATH,
+        }
+    }
+}
+impl Display for BuilderApiVersion {
+    fn fmt(&self, f: &mut Formatter<'_>) -> Result {
+        let s = match self {
+            BuilderApiVersion::V1 => "v1",
+            BuilderApiVersion::V2 => "v2",
+        };
+        write!(f, "{}", s)
+    }
+}

crates/common/src/pbs/builder.rs

@@ -1,6 +1,7 @@
 use crate::constants::COMMIT_BOOST_VERSION;
 
-pub const BUILDER_API_PATH: &str = "/eth/v1/builder";
+pub const BUILDER_V1_API_PATH: &str = "/eth/v1/builder";
+pub const BUILDER_V2_API_PATH: &str = "/eth/v2/builder";
 
 pub const GET_HEADER_PATH: &str = "/header/{slot}/{parent_hash}/{pubkey}";
 pub const GET_STATUS_PATH: &str = "/status";

crates/common/src/pbs/constants.rs

@@ -20,7 +20,7 @@ use super::{
 };
 use crate::{
     config::{load_optional_env_var, BUILDER_URLS_ENV, HTTP_TIMEOUT_SECONDS_DEFAULT},
-    pbs::BUILDER_EVENTS_PATH,
+    pbs::{BuilderApiVersion, BUILDER_EVENTS_PATH},
 };
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -29,8 +29,9 @@ pub enum BuilderEvent {
     GetHeaderResponse(Box<Option<GetHeaderResponse>>),
     GetStatusEvent,
     GetStatusResponse,
-    SubmitBlockRequest(Box<SignedBlindedBeaconBlock>),
-    SubmitBlockResponse(Box<SubmitBlindedBlockResponse>),
+    SubmitBlockRequest(Box<SignedBlindedBeaconBlock>, BuilderApiVersion),
+    SubmitBlockResponseV1(Box<SubmitBlindedBlockResponse>),
+    SubmitBlockResponseV2,
     MissedPayload {
         /// Hash for the block for which no payload was received
         block_hash: B256,

crates/common/src/pbs/event.rs

@@ -1,9 +1,11 @@
+mod builder;
 mod constants;
 pub mod error;
 mod event;
 mod relay;
 mod types;
 
+pub use builder::*;
 pub use constants::*;
 pub use event::*;
 pub use relay::*;

crates/common/src/pbs/mod.rs

@@ -7,11 +7,13 @@ use serde::{Deserialize, Serialize};
 use url::Url;
 
 use super::{
-    constants::{BUILDER_API_PATH, GET_STATUS_PATH, REGISTER_VALIDATOR_PATH, SUBMIT_BLOCK_PATH},
+    constants::{GET_STATUS_PATH, REGISTER_VALIDATOR_PATH, SUBMIT_BLOCK_PATH},
     error::PbsError,
     HEADER_VERSION_KEY, HEADER_VERSION_VALUE,
 };
-use crate::{config::RelayConfig, types::BlsPublicKey, DEFAULT_REQUEST_TIMEOUT};
+use crate::{
+    config::RelayConfig, pbs::BuilderApiVersion, types::BlsPublicKey, DEFAULT_REQUEST_TIMEOUT,
+};
 
 /// A parsed entry of the relay url in the format: scheme://pubkey@host
 #[derive(Debug, Clone)]
@@ -98,8 +100,12 @@ impl RelayClient {
 
         Ok(url)
     }
-    pub fn builder_api_url(&self, path: &str) -> Result<Url, PbsError> {
-        self.get_url(&format!("{BUILDER_API_PATH}{path}"))
+    pub fn builder_api_url(
+        &self,
+        path: &str,
+        api_version: BuilderApiVersion,
+    ) -> Result<Url, PbsError> {
+        self.get_url(&format!("{}{path}", api_version.path()))
     }
 
     pub fn get_header_url(
@@ -108,19 +114,22 @@ impl RelayClient {
         parent_hash: &B256,
         validator_pubkey: &BlsPublicKey,
     ) -> Result<Url, PbsError> {
-        self.builder_api_url(&format!("/header/{slot}/{parent_hash}/{validator_pubkey}"))
+        self.builder_api_url(
+            &format!("/header/{slot}/{parent_hash}/{validator_pubkey}"),
+            BuilderApiVersion::V1,
+        )
     }
 
     pub fn get_status_url(&self) -> Result<Url, PbsError> {
-        self.builder_api_url(GET_STATUS_PATH)
+        self.builder_api_url(GET_STATUS_PATH, BuilderApiVersion::V1)
     }
 
     pub fn register_validator_url(&self) -> Result<Url, PbsError> {
-        self.builder_api_url(REGISTER_VALIDATOR_PATH)
+        self.builder_api_url(REGISTER_VALIDATOR_PATH, BuilderApiVersion::V1)
     }
 
-    pub fn submit_block_url(&self) -> Result<Url, PbsError> {
-        self.builder_api_url(SUBMIT_BLOCK_PATH)
+    pub fn submit_block_url(&self, api_version: BuilderApiVersion) -> Result<Url, PbsError> {
+        self.builder_api_url(SUBMIT_BLOCK_PATH, api_version)
     }
 }