diff --git a/CHANGELOG.md b/CHANGELOG.md index 32b340402359..807945672a0e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,8 @@ -[#5598](https://github.com/ChainSafe/forest/pull/5598) Add `forest-cli chain prune snap` command for garbage collecting the database with a new snapshot garbage collector. +-[#5629](https://github.com/ChainSafe/forest/pull/5629) Save default RPC token and consume it automatically. + ### Changed -[#5616](https://github.com/ChainSafe/forest/pull/5616) Remove the initial background task for populating Ethereum mappings. Use `forest-tool index backfill` to perform this operation offline instead. diff --git a/README.md b/README.md index c9469cc7e030..78c3f8d2c296 100644 --- a/README.md +++ b/README.md @@ -236,13 +236,14 @@ without any prompts. ### Interacting with Forest via CLI -When the Forest daemon is started, an admin token will be displayed -(alternatively, use `--save-token ` flag to save it on disk). You will -need this for commands that require a higher level of authorization (like a +When the Forest daemon is started, an admin token will be displayed and saved to +data directory by default. (alternatively, use `--save-token ` flag to save it on disk). +You will need this for commands that require a higher level of authorization (like a password). Forest, as mentioned above, uses multiaddresses for networking. This is no different in the CLI. To set the host and the port to use, if not using the default port or using a remote host, set the `FULLNODE_API_INFO` environment -variable. This is also where you can set a token for authentication. +variable. This is also where you can set a token for authentication. Note that the token is +automatically set for CLI if it is invoked on the same host of the daemon. ``` FULLNODE_API_INFO=":/ip4//tcp//http diff --git a/docs/docs/users/knowledge_base/jwt_handling.md b/docs/docs/users/knowledge_base/jwt_handling.md index 09b2b7309395..628656d6db86 100644 --- a/docs/docs/users/knowledge_base/jwt_handling.md +++ b/docs/docs/users/knowledge_base/jwt_handling.md @@ -63,7 +63,7 @@ The admin token is assumed to be stored in `/tmp/token` for the following exampl ### via `forest-cli` -The most straightforward way to use tokens is to pass them to the `forest-cli` tool. This can be done either by passing it via the `--token` flag or by setting the `FULLNODE_API_INFO` environment variable. +The most straightforward way to use tokens is to pass them to the `forest-cli` tool. This can be done either by passing it via the `--token` flag or by setting the `FULLNODE_API_INFO` environment variable. Note that the token is automatically set for CLI if it is invoked on the same host of the daemon. ```bash forest-cli --token $(cat /tmp/token) shutdown diff --git a/scripts/tests/calibnet_no_discovery_check.sh b/scripts/tests/calibnet_no_discovery_check.sh index 84d96fc374ff..68ac6ae81855 100755 --- a/scripts/tests/calibnet_no_discovery_check.sh +++ b/scripts/tests/calibnet_no_discovery_check.sh @@ -11,13 +11,10 @@ function shutdown { trap shutdown EXIT -$FOREST_PATH --chain calibnet --encrypt-keystore false --mdns false --kademlia false --auto-download-snapshot --save-token ./admin_token --exit-after-init +$FOREST_PATH --chain calibnet --encrypt-keystore false --mdns false --kademlia false --auto-download-snapshot --exit-after-init $FOREST_PATH --chain calibnet --encrypt-keystore false --mdns false --kademlia false --auto-download-snapshot --log-dir "$LOG_DIRECTORY" & FOREST_NODE_PID=$! -FULLNODE_API_INFO="$(cat admin_token):/ip4/127.0.0.1/tcp/2345/http" -export FULLNODE_API_INFO - forest_wait_api # Verify that one of the seed nodes has been connected to diff --git a/scripts/tests/calibnet_other_check.sh b/scripts/tests/calibnet_other_check.sh index eb81f3babe16..2aa144b26e19 100755 --- a/scripts/tests/calibnet_other_check.sh +++ b/scripts/tests/calibnet_other_check.sh @@ -26,7 +26,7 @@ fi forest_check_db_stats echo "Run snapshot GC" -forest_run_snap_gc +$FOREST_CLI_PATH chain prune snap forest_wait_api echo "Wait the node to sync" forest_wait_for_sync diff --git a/scripts/tests/calibnet_stateless_rpc_check.sh b/scripts/tests/calibnet_stateless_rpc_check.sh index 088690d3799b..caa1b928e276 100755 --- a/scripts/tests/calibnet_stateless_rpc_check.sh +++ b/scripts/tests/calibnet_stateless_rpc_check.sh @@ -10,13 +10,7 @@ function forest_run_node_stateless_detached_with_filter_list { pkill -9 forest || true local filter_list=$1 - $FOREST_PATH --detach --chain calibnet --encrypt-keystore false --log-dir "$LOG_DIRECTORY" --save-token ./admin_token --skip-load-actors --stateless --rpc-filter-list "$filter_list" - - ADMIN_TOKEN=$(cat admin_token) - FULLNODE_API_INFO="$ADMIN_TOKEN:/ip4/127.0.0.1/tcp/2345/http" - - export ADMIN_TOKEN - export FULLNODE_API_INFO + $FOREST_PATH --detach --chain calibnet --encrypt-keystore false --log-dir "$LOG_DIRECTORY" --skip-load-actors --stateless --rpc-filter-list "$filter_list" } # Tests the RPC method `Filecoin.ChainHead` and checks if the status code matches the expected code. diff --git a/scripts/tests/harness.sh b/scripts/tests/harness.sh index 20c9699357b6..c4cabba499b3 100644 --- a/scripts/tests/harness.sh +++ b/scripts/tests/harness.sh @@ -69,7 +69,7 @@ function forest_query_format { function forest_run_node_detached { echo "Running forest in detached mode" - $FOREST_PATH --chain calibnet --encrypt-keystore false --log-dir "$LOG_DIRECTORY" --detach --save-token ./admin_token --track-peak-rss + $FOREST_PATH --chain calibnet --encrypt-keystore false --log-dir "$LOG_DIRECTORY" --detach --track-peak-rss } function forest_run_node_stateless_detached { @@ -112,12 +112,6 @@ function forest_init { forest_check_db_stats forest_run_node_detached - ADMIN_TOKEN=$(cat admin_token) - FULLNODE_API_INFO="$ADMIN_TOKEN:/ip4/127.0.0.1/tcp/2345/http" - - export ADMIN_TOKEN - export FULLNODE_API_INFO - forest_wait_api forest_wait_for_sync forest_check_db_stats @@ -133,12 +127,6 @@ function forest_init_stateless { export FULLNODE_API_INFO } -function forest_run_snap_gc { - ADMIN_TOKEN=$(cat admin_token) - FULLNODE_API_INFO="$ADMIN_TOKEN:/ip4/127.0.0.1/tcp/2345/http" - $FOREST_CLI_PATH chain prune snap -} - function forest_print_logs_and_metrics { echo "Get and print metrics" wget -O metrics.log http://localhost:6116/metrics diff --git a/src/cli_shared/cli/client.rs b/src/cli_shared/cli/client.rs index ba1fa5e6c0c9..6c3c2f8beb79 100644 --- a/src/cli_shared/cli/client.rs +++ b/src/cli_shared/cli/client.rs @@ -97,3 +97,9 @@ impl Default for Client { } } } + +impl Client { + pub fn default_rpc_token_path(&self) -> PathBuf { + self.data_dir.join("token") + } +} diff --git a/src/daemon/context.rs b/src/daemon/context.rs index db3a7bc1b82f..fb764fbdca02 100644 --- a/src/daemon/context.rs +++ b/src/daemon/context.rs @@ -1,5 +1,6 @@ // Copyright 2019-2025 ChainSafe Systems // SPDX-License-Identifier: Apache-2.0, MIT + use crate::auth::{ADMIN, create_token, generate_priv_key}; use crate::chain::ChainStore; use crate::cli_shared::chain_path; @@ -157,7 +158,7 @@ async fn load_or_create_keystore_and_configure_jwt( if keystore.get(JWT_IDENTIFIER).is_err() { keystore.put(JWT_IDENTIFIER, generate_priv_key())?; } - let admin_jwt = handle_admin_token(opts, &keystore)?; + let admin_jwt = handle_admin_token(opts, config, &keystore)?; let keystore = Arc::new(RwLock::new(keystore)); Ok((keystore, admin_jwt)) } @@ -315,7 +316,11 @@ fn create_password(prompt: &str) -> dialoguer::Result { /// Generates, prints and optionally writes to a file the administrator JWT /// token. -fn handle_admin_token(opts: &CliOpts, keystore: &KeyStore) -> anyhow::Result { +fn handle_admin_token( + opts: &CliOpts, + config: &Config, + keystore: &KeyStore, +) -> anyhow::Result { let ki = keystore.get(JWT_IDENTIFIER)?; // Lotus admin tokens do not expire but Forest requires all JWT tokens to // have an expiration date. So we set the expiration date to 100 years in @@ -327,6 +332,10 @@ fn handle_admin_token(opts: &CliOpts, keystore: &KeyStore) -> anyhow::Result Self {