如何将 AWS 区块链服务与 go-ethereum 一起使用?

How to use the AWS blockchain service with go-ethereum?

AWS 区块链服务为 HTTPWebSocket 协议提供端点,但需要 IAM 签名验证才能使用它们。

要使用HTTP端点,我只需要在http.RoundTripper interface via the AWS SDK. However, if I need to use a WebSocket endpoint, I can only pass in a websocket.Dialer structure via rpc.DialWebsocketWithDialer中签名,由于go-ethereum的限制,这意味着我无法通过实现接口来解决这个问题。

如何将 AWS 区块链服务的 WebSocket 端点与 go-ethereum 一起使用?

通过阅读github.com/gorilla/websocket源码,发现(*Dialer) DialContext函数中有一个逻辑是将http.Request指针传递给可自定义的Proxy函数,这意味着我可以编写一个与 http.RoundTripper 相同的函数来注入 header.

WebSocket

package transport

import (
    "context"
    "crypto/sha256"
    "encoding/hex"
    "net/http"
    "net/url"
    "time"

    "github.com/aws/aws-sdk-go-v2/aws"
    "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
    "github.com/gorilla/websocket"
)

func NewWebSocketDialer(config aws.Config) (*websocket.Dialer, error) {
    return &websocket.Dialer{
        HandshakeTimeout: 45 * time.Second,
        Proxy: func(request *http.Request) (*url.URL, error) {
            credentials, err := config.Credentials.Retrieve(request.Context())
            if err != nil {
                return nil, err
            }

            // Because AWS may sign some unrelated headers and cause authentication failure, you need to create a blank request.
            internalRequest, err := http.NewRequest(http.MethodGet, request.URL.String(), nil)
            if err != nil {
                return nil, err
            }

            header := request.Header.Clone()

            hash := sha256.New()

            signer := v4.NewSigner()

            if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", config.Region, time.Now()); err != nil {
                return nil, err
            }

            request.Header = internalRequest.Header

            request.Header.Set("Connection", header["Connection"][0])
            request.Header.Set("Sec-WebSocket-Key", header["Sec-WebSocket-Key"][0])
            request.Header.Set("Sec-WebSocket-Version", header["Sec-WebSocket-Version"][0])
            request.Header.Set("Upgrade", header["Upgrade"][0])

            return http.ProxyFromEnvironment(request)
        },
    }, nil
}

HTTP

package transport

import (
    "compress/gzip"
    "context"
    "crypto/sha256"
    "encoding/base64"
    "encoding/hex"
    "io"
    "net/http"
    "time"

    "github.com/aws/aws-sdk-go-v2/aws"
    "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
)

var _ http.RoundTripper = &httpRoundTripper{}

type httpRoundTripper struct {
    config aws.Config
}

func (h httpRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
    credentials, err := h.config.Credentials.Retrieve(request.Context())
    if err != nil {
        return nil, err
    }

    internalRequest := request.Clone(request.Context())

    bodyReader, err := request.GetBody()
    if err != nil {
        return nil, err
    }

    hash := sha256.New()

    if _, err := io.Copy(hash, bodyReader); err != nil {
        return nil, err
    }

    signer := v4.NewSigner()
    if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", h.config.Region, time.Now()); err != nil {
        return nil, err
    }

    response, err := h.config.HTTPClient.Do(internalRequest)
    if err != nil {
        return nil, err
    }

    if response.Header.Get("Content-Type") == "gzip" {
        gzipReader, err := gzip.NewReader(base64.NewDecoder(base64.StdEncoding, response.Body))
        if err != nil {
            return nil, err
        }

        request.Header.Set("Content-Type", "application/json")

        response.Body = gzipReader
    }

    return response, nil
}

func NewHttpRoundTripper(cfg aws.Config) http.RoundTripper {
    return httpRoundTripper{
        config: cfg,
    }
}