From e564ec43f6e9ec0f9af56b916100a279dfb617b4 Mon Sep 17 00:00:00 2001
From: Maciej Kulawik <maciej.s.kulawik@gmail.com>
Date: Mon, 17 Jul 2023 15:23:49 +0000
Subject: [PATCH 1/4] add AuthModules and AuthOrigins params to stack config

---
 node/config.go   | 11 +++++++++++
 node/defaults.go |  2 ++
 node/node.go     |  6 +++---
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/node/config.go b/node/config.go
index 37a7d5837f..0189c13695 100644
--- a/node/config.go
+++ b/node/config.go
@@ -146,6 +146,17 @@ type Config struct {
 	// for the authenticated api. This is by default {'localhost'}.
 	AuthVirtualHosts []string `toml:",omitempty"`
 
+	// AuthModules is a list of API modules to expose via the Auth RPC interface.
+	// If the module list is empty, all RPC API endpoints designated public will be
+	// exposed.
+	// TODO(magic) what if old config will be deserialized? is it ok to expose all public APIs?
+	AuthModules []string
+
+	// AuthOrigins is the list of domain to accept websocket requests from. Please be
+	// aware that the server can only act upon the HTTP request the client sends and
+	// cannot verify the validity of the request header.
+	AuthOrigins []string `toml:",omitempty"`
+
 	// WSHost is the host interface on which to start the websocket RPC server. If
 	// this field is empty, no websocket API endpoint will be started.
 	WSHost string
diff --git a/node/defaults.go b/node/defaults.go
index 96ebed81c5..86aaae9de1 100644
--- a/node/defaults.go
+++ b/node/defaults.go
@@ -53,6 +53,8 @@ var DefaultConfig = Config{
 	AuthAddr:            DefaultAuthHost,
 	AuthPort:            DefaultAuthPort,
 	AuthVirtualHosts:    DefaultAuthVhosts,
+	AuthModules:         DefaultAuthModules,
+	AuthOrigins:         DefaultAuthOrigins,
 	HTTPModules:         []string{"net", "web3"},
 	HTTPVirtualHosts:    []string{"localhost"},
 	HTTPTimeouts:        rpc.DefaultHTTPTimeouts,
diff --git a/node/node.go b/node/node.go
index 40ba6215a4..1b1e2f137e 100644
--- a/node/node.go
+++ b/node/node.go
@@ -450,7 +450,7 @@ func (n *Node) startRPC() error {
 		if err := server.enableRPC(allAPIs, httpConfig{
 			CorsAllowedOrigins: DefaultAuthCors,
 			Vhosts:             n.config.AuthVirtualHosts,
-			Modules:            DefaultAuthModules,
+			Modules:            n.config.AuthModules,
 			prefix:             DefaultAuthPrefix,
 			jwtSecret:          secret,
 		}); err != nil {
@@ -463,8 +463,8 @@ func (n *Node) startRPC() error {
 			return err
 		}
 		if err := server.enableWS(allAPIs, wsConfig{
-			Modules:   DefaultAuthModules,
-			Origins:   DefaultAuthOrigins,
+			Modules:   n.config.AuthModules,
+			Origins:   n.config.AuthOrigins,
 			prefix:    DefaultAuthPrefix,
 			jwtSecret: secret,
 		}); err != nil {

From bd353a830ec15a4e4ec6978ef6a92b24b622c7e5 Mon Sep 17 00:00:00 2001
From: Maciej Kulawik <maciej.s.kulawik@gmail.com>
Date: Mon, 17 Jul 2023 18:56:55 +0000
Subject: [PATCH 2/4] clean up todo comment

---
 node/config.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/node/config.go b/node/config.go
index 0189c13695..deac0a86a7 100644
--- a/node/config.go
+++ b/node/config.go
@@ -149,7 +149,6 @@ type Config struct {
 	// AuthModules is a list of API modules to expose via the Auth RPC interface.
 	// If the module list is empty, all RPC API endpoints designated public will be
 	// exposed.
-	// TODO(magic) what if old config will be deserialized? is it ok to expose all public APIs?
 	AuthModules []string
 
 	// AuthOrigins is the list of domain to accept websocket requests from. Please be

From 58afb9d45c0ec3820b2d55d3e15c783c227a5de6 Mon Sep 17 00:00:00 2001
From: Nodar <nodar.ambroladze@gmail.com>
Date: Tue, 25 Jul 2023 14:32:30 +0200
Subject: [PATCH 3/4] Export errNotFound from memorydb so that we can use it in
 error checks in nitro

---
 ethdb/memorydb/memorydb.go | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/ethdb/memorydb/memorydb.go b/ethdb/memorydb/memorydb.go
index 7e4fd7e5e7..8460bc42de 100644
--- a/ethdb/memorydb/memorydb.go
+++ b/ethdb/memorydb/memorydb.go
@@ -28,17 +28,17 @@ import (
 )
 
 var (
-	// errMemorydbClosed is returned if a memory database was already closed at the
+	// ErrMemorydbClosed is returned if a memory database was already closed at the
 	// invocation of a data access operation.
-	errMemorydbClosed = errors.New("database closed")
+	ErrMemorydbClosed = errors.New("database closed")
 
-	// errMemorydbNotFound is returned if a key is requested that is not found in
+	// ErrMemorydbNotFound is returned if a key is requested that is not found in
 	// the provided memory database.
-	errMemorydbNotFound = errors.New("not found")
+	ErrMemorydbNotFound = errors.New("not found")
 
-	// errSnapshotReleased is returned if callers want to retrieve data from a
+	// ErrSnapshotReleased is returned if callers want to retrieve data from a
 	// released snapshot.
-	errSnapshotReleased = errors.New("snapshot released")
+	ErrSnapshotReleased = errors.New("snapshot released")
 )
 
 // Database is an ephemeral key-value store. Apart from basic data storage
@@ -81,7 +81,7 @@ func (db *Database) Has(key []byte) (bool, error) {
 	defer db.lock.RUnlock()
 
 	if db.db == nil {
-		return false, errMemorydbClosed
+		return false, ErrMemorydbClosed
 	}
 	_, ok := db.db[string(key)]
 	return ok, nil
@@ -93,12 +93,12 @@ func (db *Database) Get(key []byte) ([]byte, error) {
 	defer db.lock.RUnlock()
 
 	if db.db == nil {
-		return nil, errMemorydbClosed
+		return nil, ErrMemorydbClosed
 	}
 	if entry, ok := db.db[string(key)]; ok {
 		return common.CopyBytes(entry), nil
 	}
-	return nil, errMemorydbNotFound
+	return nil, ErrMemorydbNotFound
 }
 
 // Put inserts the given value into the key-value store.
@@ -107,7 +107,7 @@ func (db *Database) Put(key []byte, value []byte) error {
 	defer db.lock.Unlock()
 
 	if db.db == nil {
-		return errMemorydbClosed
+		return ErrMemorydbClosed
 	}
 	db.db[string(key)] = common.CopyBytes(value)
 	return nil
@@ -119,7 +119,7 @@ func (db *Database) Delete(key []byte) error {
 	defer db.lock.Unlock()
 
 	if db.db == nil {
-		return errMemorydbClosed
+		return ErrMemorydbClosed
 	}
 	delete(db.db, string(key))
 	return nil
@@ -356,7 +356,7 @@ func (snap *snapshot) Has(key []byte) (bool, error) {
 	defer snap.lock.RUnlock()
 
 	if snap.db == nil {
-		return false, errSnapshotReleased
+		return false, ErrSnapshotReleased
 	}
 	_, ok := snap.db[string(key)]
 	return ok, nil
@@ -369,12 +369,12 @@ func (snap *snapshot) Get(key []byte) ([]byte, error) {
 	defer snap.lock.RUnlock()
 
 	if snap.db == nil {
-		return nil, errSnapshotReleased
+		return nil, ErrSnapshotReleased
 	}
 	if entry, ok := snap.db[string(key)]; ok {
 		return common.CopyBytes(entry), nil
 	}
-	return nil, errMemorydbNotFound
+	return nil, ErrMemorydbNotFound
 }
 
 // Release releases associated resources. Release should always succeed and can

From 8a5f649c37dc6d35ec3754849abe839b957c4d7e Mon Sep 17 00:00:00 2001
From: Nodar <nodar.ambroladze@gmail.com>
Date: Thu, 10 Aug 2023 18:06:58 +0200
Subject: [PATCH 4/4] revert exporting errSnapshotReleased/errMemorydbClosed to
 avoid merge conflicts with upstream geth

---
 ethdb/memorydb/memorydb.go | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ethdb/memorydb/memorydb.go b/ethdb/memorydb/memorydb.go
index 8460bc42de..2663caa11b 100644
--- a/ethdb/memorydb/memorydb.go
+++ b/ethdb/memorydb/memorydb.go
@@ -28,17 +28,17 @@ import (
 )
 
 var (
-	// ErrMemorydbClosed is returned if a memory database was already closed at the
+	// errMemorydbClosed is returned if a memory database was already closed at the
 	// invocation of a data access operation.
-	ErrMemorydbClosed = errors.New("database closed")
+	errMemorydbClosed = errors.New("database closed")
 
 	// ErrMemorydbNotFound is returned if a key is requested that is not found in
 	// the provided memory database.
 	ErrMemorydbNotFound = errors.New("not found")
 
-	// ErrSnapshotReleased is returned if callers want to retrieve data from a
+	// errSnapshotReleased is returned if callers want to retrieve data from a
 	// released snapshot.
-	ErrSnapshotReleased = errors.New("snapshot released")
+	errSnapshotReleased = errors.New("snapshot released")
 )
 
 // Database is an ephemeral key-value store. Apart from basic data storage
@@ -81,7 +81,7 @@ func (db *Database) Has(key []byte) (bool, error) {
 	defer db.lock.RUnlock()
 
 	if db.db == nil {
-		return false, ErrMemorydbClosed
+		return false, errMemorydbClosed
 	}
 	_, ok := db.db[string(key)]
 	return ok, nil
@@ -93,7 +93,7 @@ func (db *Database) Get(key []byte) ([]byte, error) {
 	defer db.lock.RUnlock()
 
 	if db.db == nil {
-		return nil, ErrMemorydbClosed
+		return nil, errMemorydbClosed
 	}
 	if entry, ok := db.db[string(key)]; ok {
 		return common.CopyBytes(entry), nil
@@ -107,7 +107,7 @@ func (db *Database) Put(key []byte, value []byte) error {
 	defer db.lock.Unlock()
 
 	if db.db == nil {
-		return ErrMemorydbClosed
+		return errMemorydbClosed
 	}
 	db.db[string(key)] = common.CopyBytes(value)
 	return nil
@@ -119,7 +119,7 @@ func (db *Database) Delete(key []byte) error {
 	defer db.lock.Unlock()
 
 	if db.db == nil {
-		return ErrMemorydbClosed
+		return errMemorydbClosed
 	}
 	delete(db.db, string(key))
 	return nil
@@ -356,7 +356,7 @@ func (snap *snapshot) Has(key []byte) (bool, error) {
 	defer snap.lock.RUnlock()
 
 	if snap.db == nil {
-		return false, ErrSnapshotReleased
+		return false, errSnapshotReleased
 	}
 	_, ok := snap.db[string(key)]
 	return ok, nil
@@ -369,7 +369,7 @@ func (snap *snapshot) Get(key []byte) ([]byte, error) {
 	defer snap.lock.RUnlock()
 
 	if snap.db == nil {
-		return nil, ErrSnapshotReleased
+		return nil, errSnapshotReleased
 	}
 	if entry, ok := snap.db[string(key)]; ok {
 		return common.CopyBytes(entry), nil