如何将 AWS 区块链服务与 go-ethereum 一起使用?
How to use the AWS blockchain service with go-ethereum?
AWS 区块链服务为 HTTP 和 WebSocket 协议提供端点,但需要 IAM 签名验证才能使用它们。
要使用HTTP端点,我只需要在http.RoundTripper interface via the AWS SDK. However, if I need to use a WebSocket endpoint, I can only pass in a websocket.Dialer structure via rpc.DialWebsocketWithDialer中签名,由于go-ethereum的限制,这意味着我无法通过实现接口来解决这个问题。
如何将 AWS 区块链服务的 WebSocket 端点与 go-ethereum 一起使用?
通过阅读github.com/gorilla/websocket源码,发现(*Dialer) DialContext函数中有一个逻辑是将http.Request指针传递给可自定义的Proxy函数,这意味着我可以编写一个与 http.RoundTripper 相同的函数来注入 header.
WebSocket
package transport
import (
"context"
"crypto/sha256"
"encoding/hex"
"net/http"
"net/url"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/gorilla/websocket"
)
func NewWebSocketDialer(config aws.Config) (*websocket.Dialer, error) {
return &websocket.Dialer{
HandshakeTimeout: 45 * time.Second,
Proxy: func(request *http.Request) (*url.URL, error) {
credentials, err := config.Credentials.Retrieve(request.Context())
if err != nil {
return nil, err
}
// Because AWS may sign some unrelated headers and cause authentication failure, you need to create a blank request.
internalRequest, err := http.NewRequest(http.MethodGet, request.URL.String(), nil)
if err != nil {
return nil, err
}
header := request.Header.Clone()
hash := sha256.New()
signer := v4.NewSigner()
if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", config.Region, time.Now()); err != nil {
return nil, err
}
request.Header = internalRequest.Header
request.Header.Set("Connection", header["Connection"][0])
request.Header.Set("Sec-WebSocket-Key", header["Sec-WebSocket-Key"][0])
request.Header.Set("Sec-WebSocket-Version", header["Sec-WebSocket-Version"][0])
request.Header.Set("Upgrade", header["Upgrade"][0])
return http.ProxyFromEnvironment(request)
},
}, nil
}
HTTP
package transport
import (
"compress/gzip"
"context"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"io"
"net/http"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
)
var _ http.RoundTripper = &httpRoundTripper{}
type httpRoundTripper struct {
config aws.Config
}
func (h httpRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
credentials, err := h.config.Credentials.Retrieve(request.Context())
if err != nil {
return nil, err
}
internalRequest := request.Clone(request.Context())
bodyReader, err := request.GetBody()
if err != nil {
return nil, err
}
hash := sha256.New()
if _, err := io.Copy(hash, bodyReader); err != nil {
return nil, err
}
signer := v4.NewSigner()
if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", h.config.Region, time.Now()); err != nil {
return nil, err
}
response, err := h.config.HTTPClient.Do(internalRequest)
if err != nil {
return nil, err
}
if response.Header.Get("Content-Type") == "gzip" {
gzipReader, err := gzip.NewReader(base64.NewDecoder(base64.StdEncoding, response.Body))
if err != nil {
return nil, err
}
request.Header.Set("Content-Type", "application/json")
response.Body = gzipReader
}
return response, nil
}
func NewHttpRoundTripper(cfg aws.Config) http.RoundTripper {
return httpRoundTripper{
config: cfg,
}
}
AWS 区块链服务为 HTTP 和 WebSocket 协议提供端点,但需要 IAM 签名验证才能使用它们。
要使用HTTP端点,我只需要在http.RoundTripper interface via the AWS SDK. However, if I need to use a WebSocket endpoint, I can only pass in a websocket.Dialer structure via rpc.DialWebsocketWithDialer中签名,由于go-ethereum的限制,这意味着我无法通过实现接口来解决这个问题。
如何将 AWS 区块链服务的 WebSocket 端点与 go-ethereum 一起使用?
通过阅读github.com/gorilla/websocket源码,发现(*Dialer) DialContext函数中有一个逻辑是将http.Request指针传递给可自定义的Proxy函数,这意味着我可以编写一个与 http.RoundTripper 相同的函数来注入 header.
WebSocket
package transport
import (
"context"
"crypto/sha256"
"encoding/hex"
"net/http"
"net/url"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/gorilla/websocket"
)
func NewWebSocketDialer(config aws.Config) (*websocket.Dialer, error) {
return &websocket.Dialer{
HandshakeTimeout: 45 * time.Second,
Proxy: func(request *http.Request) (*url.URL, error) {
credentials, err := config.Credentials.Retrieve(request.Context())
if err != nil {
return nil, err
}
// Because AWS may sign some unrelated headers and cause authentication failure, you need to create a blank request.
internalRequest, err := http.NewRequest(http.MethodGet, request.URL.String(), nil)
if err != nil {
return nil, err
}
header := request.Header.Clone()
hash := sha256.New()
signer := v4.NewSigner()
if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", config.Region, time.Now()); err != nil {
return nil, err
}
request.Header = internalRequest.Header
request.Header.Set("Connection", header["Connection"][0])
request.Header.Set("Sec-WebSocket-Key", header["Sec-WebSocket-Key"][0])
request.Header.Set("Sec-WebSocket-Version", header["Sec-WebSocket-Version"][0])
request.Header.Set("Upgrade", header["Upgrade"][0])
return http.ProxyFromEnvironment(request)
},
}, nil
}
HTTP
package transport
import (
"compress/gzip"
"context"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"io"
"net/http"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
)
var _ http.RoundTripper = &httpRoundTripper{}
type httpRoundTripper struct {
config aws.Config
}
func (h httpRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
credentials, err := h.config.Credentials.Retrieve(request.Context())
if err != nil {
return nil, err
}
internalRequest := request.Clone(request.Context())
bodyReader, err := request.GetBody()
if err != nil {
return nil, err
}
hash := sha256.New()
if _, err := io.Copy(hash, bodyReader); err != nil {
return nil, err
}
signer := v4.NewSigner()
if err := signer.SignHTTP(context.Background(), credentials, internalRequest, hex.EncodeToString(hash.Sum(nil)), "managedblockchain", h.config.Region, time.Now()); err != nil {
return nil, err
}
response, err := h.config.HTTPClient.Do(internalRequest)
if err != nil {
return nil, err
}
if response.Header.Get("Content-Type") == "gzip" {
gzipReader, err := gzip.NewReader(base64.NewDecoder(base64.StdEncoding, response.Body))
if err != nil {
return nil, err
}
request.Header.Set("Content-Type", "application/json")
response.Body = gzipReader
}
return response, nil
}
func NewHttpRoundTripper(cfg aws.Config) http.RoundTripper {
return httpRoundTripper{
config: cfg,
}
}