From 1eee91f1a8a6f62f2b4bfc49ad5256fa97d4deab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frederik=20Sch=C3=B6ll?= Date: Fri, 23 Feb 2024 14:30:48 +0100 Subject: [PATCH 1/2] add api key authentication to the firehose fetch client --- cmd/tools/firehose/firehose.go | 2 +- firehose/client/client.go | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/cmd/tools/firehose/firehose.go b/cmd/tools/firehose/firehose.go index 088247c..6cfdb4b 100644 --- a/cmd/tools/firehose/firehose.go +++ b/cmd/tools/firehose/firehose.go @@ -68,7 +68,7 @@ func getFirehoseClientFromCmd[B firecore.Block, C any](cmd *cobra.Command, logge if kind == "stream-client" { rawClient, connClose, requestInfo.GRPCCallOpts, err = client.NewFirehoseClient(endpoint, jwt, apiKey, insecure, plaintext) } else if kind == "fetch-client" { - rawClient, connClose, err = client.NewFirehoseFetchClient(endpoint, jwt, insecure, plaintext) + rawClient, connClose, requestInfo.GRPCCallOpts, err = client.NewFirehoseFetchClient(endpoint, jwt, apiKey, insecure, plaintext) } else { panic(fmt.Errorf("unsupported Firehose client kind: %s", kind)) } diff --git a/firehose/client/client.go b/firehose/client/client.go index 9875a33..64c4fd4 100644 --- a/firehose/client/client.go +++ b/firehose/client/client.go @@ -77,10 +77,10 @@ func (a *ApiKeyAuth) RequireTransportSecurity() bool { return true } -func NewFirehoseFetchClient(endpoint, jwt string, useInsecureTSLConnection, usePlainTextConnection bool) (cli pbfirehose.FetchClient, closeFunc func() error, err error) { +func NewFirehoseFetchClient(endpoint, jwt, apiKey string, useInsecureTSLConnection, usePlainTextConnection bool) (cli pbfirehose.FetchClient, closeFunc func() error, callOpts []grpc.CallOption, err error) { if useInsecureTSLConnection && usePlainTextConnection { - return nil, nil, fmt.Errorf("option --insecure and --plaintext are mutually exclusive, they cannot be both specified at the same time") + return nil, nil, nil, fmt.Errorf("option --insecure and --plaintext are mutually exclusive, they cannot be both specified at the same time") } var dialOptions []grpc.DialOption @@ -92,14 +92,18 @@ func NewFirehoseFetchClient(endpoint, jwt string, useInsecureTSLConnection, useP dialOptions = []grpc.DialOption{grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{InsecureSkipVerify: true}))} } - if jwt != "" && !usePlainTextConnection { - credentials := oauth.NewOauthAccess(&oauth2.Token{AccessToken: jwt, TokenType: "Bearer"}) - dialOptions = append(dialOptions, grpc.WithPerRPCCredentials(credentials)) + if !usePlainTextConnection { + if jwt != "" { + credentials := oauth.NewOauthAccess(&oauth2.Token{AccessToken: jwt, TokenType: "Bearer"}) + callOpts = append(callOpts, grpc.PerRPCCredentials(credentials)) + } else if apiKey != "" { + callOpts = append(callOpts, grpc.PerRPCCredentials(&ApiKeyAuth{ApiKey: apiKey})) + } } conn, err := dgrpc.NewExternalClient(endpoint, dialOptions...) if err != nil { - return nil, nil, fmt.Errorf("unable to create external gRPC client: %w", err) + return nil, nil, nil, fmt.Errorf("unable to create external gRPC client: %w", err) } closeFunc = conn.Close cli = pbfirehose.NewFetchClient(conn) From aa3e1455cf94316be0203af5c90f878b92301c38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frederik=20Sch=C3=B6ll?= Date: Mon, 26 Feb 2024 15:25:38 +0100 Subject: [PATCH 2/2] add changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7a9d9e..f6acbb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,7 @@ If you were at `firehose-core` version `1.0.0` and are bumping to `1.1.0`, you s and is expanded as is. * Added `Beacon` to known list of Block model. +* Added api key authentication to `NewFirehoseFetchClient` ## v1.2.3