diff --git a/book/src/api-vc-auth-header.md b/book/src/api-vc-auth-header.md index f2f9caf46b5..adde78270a6 100644 --- a/book/src/api-vc-auth-header.md +++ b/book/src/api-vc-auth-header.md @@ -9,10 +9,10 @@ HTTP header: - Value: `Bearer ` Where `` is a string that can be obtained from the validator client -host. Here is an example `Authorization` header: +host. Here is an example of the `Authorization` header: ```text -Authorization: Bearer api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123 +Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh ``` ## Obtaining the API token @@ -24,7 +24,7 @@ text editor will suffice: ```bash cat api-token.txt -api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123 +hGut6B8uEujufDXSmZsT0thnxvdvKFBvh ``` When starting the validator client it will output a log message containing the path @@ -54,7 +54,7 @@ Response: Here is an example `curl` command using the API token in the `Authorization` header: ```bash -curl localhost:5062/lighthouse/version -H "Authorization: Bearer api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123" +curl localhost:5062/lighthouse/version -H "Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh" ``` The server should respond with its version: diff --git a/book/src/api-vc-endpoints.md b/book/src/api-vc-endpoints.md index a36aa737083..6cb66859128 100644 --- a/book/src/api-vc-endpoints.md +++ b/book/src/api-vc-endpoints.md @@ -53,12 +53,12 @@ Example Response Body: } ``` -> Note: The command provided in this documentation links to the API token file. In this documentation, it is assumed that the API token file is located in `/var/lib/lighthouse/validators/API-token.txt`. If your database is saved in another directory, modify the `DATADIR` accordingly. If you are having permission issue with accessing the API token file, you can modify the header to become `-H "Authorization: Bearer $(sudo cat ${DATADIR}/validators/api-token.txt)"`. +> Note: The command provided in this documentation links to the API token file. In this documentation, it is assumed that the API token file is located in `/var/lib/lighthouse/validators/api-token.txt`. If your database is saved in another directory, modify the `DATADIR` accordingly. If you are having permission issue with accessing the API token file, you can modify the header to become `-H "Authorization: Bearer $(sudo cat ${DATADIR}/validators/api-token.txt)"`. -> As an alternative, you can also provide the API token directly, for example, `-H "Authorization: Bearer api-token-0x02dc2a13115cc8c83baf170f597f22b1eb2930542941ab902df3daadebcb8f8176`. In this case, you obtain the token from the file `API token.txt` and the command becomes: +> As an alternative, you can also provide the API token directly, for example, `-H "Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh`. In this case, you obtain the token from the file `api-token.txt` and the command becomes: ```bash -curl -X GET "http://localhost:5062/lighthouse/version" -H "Authorization: Bearer api-token-0x02dc2a13115cc8c83baf170f597f22b1eb2930542941ab902df3daadebcb8f8176" | jq +curl -X GET "http://localhost:5062/lighthouse/version" -H "Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh" | jq ``` ## `GET /lighthouse/health` diff --git a/book/src/api-vc-sig-header.md b/book/src/api-vc-sig-header.md deleted file mode 100644 index 468f714cfa9..00000000000 --- a/book/src/api-vc-sig-header.md +++ /dev/null @@ -1,108 +0,0 @@ -# Validator Client API: Signature Header - -## Overview - -The validator client HTTP server adds the following header to all responses: - -- Name: `Signature` -- Value: a secp256k1 signature across the SHA256 of the response body. - -Example `Signature` header: - -```text -Signature: 0x304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873 -``` - -## Verifying the Signature - -Below is a browser-ready example of signature verification. - -### HTML - -```html - - -``` - -### Javascript - -```javascript -// Helper function to turn a hex-string into bytes. -function hexStringToByte(str) { - if (!str) { - return new Uint8Array(); - } - - var a = []; - for (var i = 0, len = str.length; i < len; i+=2) { - a.push(parseInt(str.substr(i,2),16)); - } - - return new Uint8Array(a); -} - -// This example uses the secp256k1 curve from the "elliptic" library: -// -// https://github.com/indutny/elliptic -var ec = new elliptic.ec('secp256k1'); - -// The public key is contained in the API token: -// -// Authorization: Basic api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123 -var pk_bytes = hexStringToByte('03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123'); - -// The signature is in the `Signature` header of the response: -// -// Signature: 0x304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873 -var sig_bytes = hexStringToByte('304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873'); - -// The HTTP response body. -var response_body = "{\"data\":{\"version\":\"Lighthouse/v0.2.11-fc0654fbe+/x86_64-linux\"}}"; - -// The HTTP response body is hashed (SHA256) to determine the 32-byte message. -let hash = sha256.create(); -hash.update(response_body); -let message = hash.array(); - -// The 32-byte message hash, the signature and the public key are verified. -if (ec.verify(message, sig_bytes, pk_bytes)) { - console.log("The signature is valid") -} else { - console.log("The signature is invalid") -} -``` - -*This example is also available as a [JSFiddle](https://jsfiddle.net/wnqd74Lz/).* - -## Example - -The previous Javascript example was written using the output from the following -`curl` command: - -```bash -curl -v localhost:5062/lighthouse/version -H "Authorization: Basic api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123" -``` - -```text -* Trying ::1:5062... -* connect to ::1 port 5062 failed: Connection refused -* Trying 127.0.0.1:5062... -* Connected to localhost (127.0.0.1) port 5062 (#0) -> GET /lighthouse/version HTTP/1.1 -> Host: localhost:5062 -> User-Agent: curl/7.72.0 -> Accept: */* -> Authorization: Basic api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123 -> -* Mark bundle as not supporting multiuse -< HTTP/1.1 200 OK -< content-type: application/json -< signature: 0x304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873 -< server: Lighthouse/v0.2.11-fc0654fbe+/x86_64-linux -< access-control-allow-origin: -< content-length: 65 -< date: Tue, 29 Sep 2020 04:23:46 GMT -< -* Connection #0 to host localhost left intact -{"data":{"version":"Lighthouse/v0.2.11-fc0654fbe+/x86_64-linux"}} -``` diff --git a/book/src/validator-manager-move.md b/book/src/validator-manager-move.md index 10de1fe87c6..f7184ce1277 100644 --- a/book/src/validator-manager-move.md +++ b/book/src/validator-manager-move.md @@ -116,7 +116,7 @@ location of the file varies, but it is located in the "validator directory" of y alongside validator keystores. For example: `~/.lighthouse/mainnet/validators/api-token.txt`. If you are unsure of the `api-token.txt` path, you can run `curl http://localhost:5062/lighthouse/auth` which will show the path. Copy the contents of that file into a new file on the **destination host** at `~/src-token.txt`. The -API token should be similar to `api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123`. +API token is a random string, e.g., `hGut6B8uEujufDXSmZsT0thnxvdvKFBvh`. ### 4. Create an SSH Tunnel