Events stream api does not work with basic auth

Question

Events stream api does not work with basic auth

Closed this issue 4 months ago · 5 comments

Based on my testing it looks like the events stream api does not work if beacon node is behind a proxy with basic auth, other apis seem to work fine.

{"level":"error","service":"client","impl":"http","id":"35694623","address":"https://user:%2A%2A%2A@example.domain.com","error":"unexpected EOF","time":"2024-07-25T08:26:45Z","message":"Failed to subscribe to event stream"}

My password only contains letters (lower, upper) and digits. What looks suspicious is that in the error log, it always prints %2A%2A%2A as the password in the URL, no matter what's the actual password.

Answer 1 · 2024-07-25T10:57:28.000Z

Which version of go-eth2-client are you testing with?

Answer 2 · 2024-07-25T11:35:46.000Z

Which version of go-eth2-client are you testing with?

Vouch 1.8.2 which should have latest version

Answer 3 · 2024-07-25T11:43:05.000Z

From a quick look that should be okay. Are you seeing authentication failures on the proxy?

(BTW %2A is the * character, used to mask sensitive information in the URL. I've changed that to x to avoid confusion in the logs.)

Answer 4 · 2024-07-25T11:56:30.000Z

It may be useful to check the events stream outside of Vouch. Below is a short golang program that should allow you to connect to your authenticated endpoint for testing; just change URLGOESHERE to your URL and see if it picks up head events.

package main

import (
        "context"
        "fmt"
        "os"
        "os/signal"
        "syscall"
        "time"

        consensusclient "github.com/attestantio/go-eth2-client"
        apiv1 "github.com/attestantio/go-eth2-client/api/v1"
        "github.com/attestantio/go-eth2-client/http"
        "github.com/rs/zerolog"
)

func main() {
        ctx, cancel := context.WithCancel(context.Background())

        client, err := http.New(ctx,
                http.WithLogLevel(zerolog.TraceLevel),
                http.WithAddress("URLGOESHERE"),
        )
        if err != nil {
                panic(err)
        }

        if err := client.(consensusclient.EventsProvider).Events(ctx, []string{"head"}, handler); err != nil {
                panic(err)
        }

        // Wait for a signal.
        sigCh := make(chan os.Signal, 1)
        signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM, os.Interrupt)
        for {
                sig := <-sigCh
                if sig == syscall.SIGINT || sig == syscall.SIGTERM || sig == os.Interrupt || sig == os.Kill {
                        break
                }
        }

        // Shut down the connection cleanly.
        cancel()
        time.Sleep(100 * time.Millisecond)
}

func handler(event *apiv1.Event) {
        fmt.Fprintf(os.Stdout, "Received %s event\n", event.Topic)
}

Answer 5 · 2024-07-25T13:33:37.000Z

Thanks for the script and taking a look into it so quickly. I don't see the issue and basic auth indeed seems to work fine. I am still not sure why I have these sporadic event stream errors on the Vouch side. When I only connect Vouch to local node without basic auth it does not happen.

For context, I am proxying the beacon nodes through Cloudflare, the issue could be related to that although I don't see errors when running Lodestar vc which also uses the event stream (head topic). But at the same time, I had your script running for over an hour without any error as well.

Consider this closed, sorry for the false alarm.