如何使用AWS区块链服务与go-ethereum?

huangapple go评论90阅读模式
英文:

How to use the AWS blockchain service with go-ethereum?

问题

AWS区块链服务提供了HTTPWebSocket协议的端点,但需要使用IAM签名验证才能使用它们。

要使用HTTP端点,只需通过AWS SDK在http.RoundTripper接口中对其进行签名即可。然而,如果我需要使用WebSocket端点,由于go-ethereum的限制,我只能通过websocket.Dialer结构通过rpc.DialWebsocketWithDialer传递,这意味着我无法通过实现接口来解决这个问题。

如何在go-ethereum中使用AWS区块链服务的WebSocket端点?

英文:

The AWS Blockchain service provides endpoints for HTTP and WebSocket protocols, but requires IAM signature verification to use them.

To use the HTTP endpoint, I just need to sign it in the http.RoundTripper interface via the AWS SDK. However, if I need to use a WebSocket endpoint, I can only pass in a websocket.Dialer structure via rpc.DialWebsocketWithDialer due to the limitations of go-ethereum, which means that I can't solve this problem by implementing an interface.

How do I use the AWS Blockchain Service's WebSocket endpoint with go-ethereum?

答案1

得分: 3

通过阅读github.com/gorilla/websocket的源代码,我发现在(*Dialer) DialContext函数中有一个逻辑,可以将http.Request指针传递给可定制的Proxy函数,这意味着我可以编写一个函数来实现与http.RoundTripper相同的功能,用于注入标头。

WebSocket

package transport

import (
	"context"
	"crypto/sha256"
	"encoding/hex"
	"net/http"
	"net/url"
	"time"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
	"github.com/gorilla/websocket"
)

func NewWebSocketDialer(config aws.Config) (*websocket.Dialer, error) {
	return &websocket.Dialer{
		HandshakeTimeout: 45 * time.Second,
		Proxy: func(request *http.Request) (*url.URL, error) {
			credentials, err := config.Credentials.Retrieve(request.Context())
			if err != nil {
				return nil, err
			}

			// 因为AWS可能会签署一些无关的标头并导致身份验证失败,所以需要创建一个空请求。
			internalRequest, err := http.NewRequest(http.MethodGet, request.URL.String(), nil)
			if err != nil {
				return nil, err
			}

			header := request.Header.Clone()

			hash := sha256.New()

			signer := v4.NewSigner()

			if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", config.Region, time.Now()); err != nil {
				return nil, err
			}

			request.Header = internalRequest.Header

			request.Header.Set("Connection", header["Connection"][0])
			request.Header.Set("Sec-WebSocket-Key", header["Sec-WebSocket-Key"][0])
			request.Header.Set("Sec-WebSocket-Version", header["Sec-WebSocket-Version"][0])
			request.Header.Set("Upgrade", header["Upgrade"][0])

			return http.ProxyFromEnvironment(request)
		},
	}, nil
}

HTTP

package transport

import (
	"compress/gzip"
	"context"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"io"
	"net/http"
	"time"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
)

var _ http.RoundTripper = &httpRoundTripper{}

type httpRoundTripper struct {
	config aws.Config
}

func (h httpRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
	credentials, err := h.config.Credentials.Retrieve(request.Context())
	if err != nil {
		return nil, err
	}

	internalRequest := request.Clone(request.Context())

	bodyReader, err := request.GetBody()
	if err != nil {
		return nil, err
	}

	hash := sha256.New()

	if _, err := io.Copy(hash, bodyReader); err != nil {
		return nil, err
	}

	signer := v4.NewSigner()
	if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", h.config.Region, time.Now()); err != nil {
		return nil, err
	}

	response, err := h.config.HTTPClient.Do(internalRequest)
	if err != nil {
		return nil, err
	}

	if response.Header.Get("Content-Type") == "gzip" {
		gzipReader, err := gzip.NewReader(base64.NewDecoder(base64.StdEncoding, response.Body))
		if err != nil {
			return nil, err
		}

		request.Header.Set("Content-Type", "application/json")

		response.Body = gzipReader
	}

	return response, nil
}

func NewHttpRoundTripper(cfg aws.Config) http.RoundTripper {
	return httpRoundTripper{
		config: cfg,
	}
}

以上是要翻译的内容。

英文:

By reading the github.com/gorilla/websocket source code, I found out that there is a logic in the (*Dialer) DialContext function to pass the http.Request pointer into the customizable Proxy function, which means I can write a function that does the same thing as http.RoundTripper for injecting header.

WebSocket

package transport

import (
	"context"
	"crypto/sha256"
	"encoding/hex"
	"net/http"
	"net/url"
	"time"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
	"github.com/gorilla/websocket"
)

func NewWebSocketDialer(config aws.Config) (*websocket.Dialer, error) {
	return &websocket.Dialer{
		HandshakeTimeout: 45 * time.Second,
		Proxy: func(request *http.Request) (*url.URL, error) {
			credentials, err := config.Credentials.Retrieve(request.Context())
			if err != nil {
				return nil, err
			}

			// Because AWS may sign some unrelated headers and cause authentication failure, you need to create a blank request.
			internalRequest, err := http.NewRequest(http.MethodGet, request.URL.String(), nil)
			if err != nil {
				return nil, err
			}

			header := request.Header.Clone()

			hash := sha256.New()

			signer := v4.NewSigner()

			if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", config.Region, time.Now()); err != nil {
				return nil, err
			}

			request.Header = internalRequest.Header

			request.Header.Set("Connection", header["Connection"][0])
			request.Header.Set("Sec-WebSocket-Key", header["Sec-WebSocket-Key"][0])
			request.Header.Set("Sec-WebSocket-Version", header["Sec-WebSocket-Version"][0])
			request.Header.Set("Upgrade", header["Upgrade"][0])

			return http.ProxyFromEnvironment(request)
		},
	}, nil
}

HTTP

package transport

import (
	"compress/gzip"
	"context"
	"crypto/sha256"
	"encoding/base64"
	"encoding/hex"
	"io"
	"net/http"
	"time"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
)

var _ http.RoundTripper = &httpRoundTripper{}

type httpRoundTripper struct {
	config aws.Config
}

func (h httpRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
	credentials, err := h.config.Credentials.Retrieve(request.Context())
	if err != nil {
		return nil, err
	}

	internalRequest := request.Clone(request.Context())

	bodyReader, err := request.GetBody()
	if err != nil {
		return nil, err
	}

	hash := sha256.New()

	if _, err := io.Copy(hash, bodyReader); err != nil {
		return nil, err
	}

	signer := v4.NewSigner()
	if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", h.config.Region, time.Now()); err != nil {
		return nil, err
	}

	response, err := h.config.HTTPClient.Do(internalRequest)
	if err != nil {
		return nil, err
	}

	if response.Header.Get("Content-Type") == "gzip" {
		gzipReader, err := gzip.NewReader(base64.NewDecoder(base64.StdEncoding, response.Body))
		if err != nil {
			return nil, err
		}

		request.Header.Set("Content-Type", "application/json")

		response.Body = gzipReader
	}

	return response, nil
}

func NewHttpRoundTripper(cfg aws.Config) http.RoundTripper {
	return httpRoundTripper{
		config: cfg,
	}
}

huangapple
  • 本文由 发表于 2022年5月8日 09:39:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/72157490.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定