Skip to content

CBST2-12: Improve External HTTP Requests #327

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 52 commits into
base: main
Choose a base branch
from
Draft

CBST2-12: Improve External HTTP Requests #327

wants to merge 52 commits into from

Conversation

jclapis
Copy link
Collaborator

@jclapis jclapis commented Jun 10, 2025

Do not merge until #310 is complete, as this relies on it.

This is a fairly large PR that addresses numerous issues with the way external HTTP requests are handled:

  • Enforces that https is used as the scheme of any endpoints to prevent man-in-the-middle listeners
  • Adds a configurable timeout so requests don't run indefinitely
  • Reads response bodies in chunks instead of loading them all directly into memory before using them
    • Prevents handling if the Content-Length header is too large
    • If it's missing, stops if reading the response body has exceeded a size threshold (currently 10 MB)

This also modifies the SSV loader tests to use a local server with a captured (good) response instead of the canoncial SSV server.

ltitanb and others added 30 commits May 13, 2025 17:17
@ltitanb @jclapis
bump version
c68125d
@jclapis
Successful cross-compilation, but runtime has memory allocation issues
d9979a2
@jclapis
Working with OpenSSL static-linked
97ef653
@jclapis
Got dynamic linking working, added a feature flag to toggle dynamic v…
91eefe2 
…s. static
@jclapis
Fixed the vendored build arg
de09415
@jclapis
Reintroduced the cargo chef setup
3aee63d
@jclapis
Ported the cross-compilation stuff into PBS
c07c717
@jclapis
Split the dockerfiles into separate builder / image definitions
699b7ec
@jclapis
Added a build guide
7165f12
@jclapis
Refactored the Github release action to use the Docker builder
9438dae
@jclapis
Fixed the Docker image binary filenames
12c020a
@jclapis
Cleaned up the Darwin artifact step
53cafc0
@jclapis
Made the CI workflow and justfile use the same toolchain as the source
58c6117
@jclapis
Revert "Made the CI workflow and justfile use the same toolchain as t…
45e581b 
…he source"

This reverts commit 58c6117.
@jclapis
Testing removal of OpenSSL vendored option
24a10c5
@jclapis
Updating just in the CI workflow
e36da54
@jclapis
Merge branch 'main' into cross-compile
843b110
@jclapis
Refactored the signer to support host and port config settings
e7c6d19
@jclapis
Updated docs
6117219
@jclapis
Fixing Clippy in CI workflow
c0f591d
@jclapis
Removed obviated CI setup
adbd34a
@jclapis
Minor dedup of RwLock guard acquisition
e3488b3
@jclapis
Added rate limiting for signer clients with repeated JWT auth failures
c3d7ec4
@jclapis
Added Signer config validation
9ddad64
@jclapis
Started unit test setup for the Signer
c62185e
@jclapis
Finished a basic signer module unit test
dc73c62
@jclapis
Added a JWT failure unit test
6c3d967
@jclapis
Added a rate limit test and cleaned up a bit
6464638
@jclapis
Added unique ports to unit tests for parallel execution
0313f18
@jclapis
Cleaned up the build Dockerfile and removed an extra dependency layer
346eea4
jclapis and others added 22 commits May 29, 2025 05:03
@jclapis
Ported the build script over to the justfile
7b20d2f
@jclapis
Merge branch 'main' into cross-compile
cf3f0b1
@jclapis
Added a justfile recipe for installing protoc
ca9f4a1
@jclapis
Merge branch 'cross-compile' into add-ip-bind-to-signer
3eed526
@jclapis
Merge branch 'add-ip-bind-to-signer' into rate-limit-jwt
aa6ad96
@jclapis
Merge branch 'main' into add-ip-bind-to-signer
fc872ac
@jclapis
Merge branch 'add-ip-bind-to-signer' into rate-limit-jwt
ca0c6e8
@jclapis
Added chunked reading to some HTTP response handlers
612b072
@jclapis
Started putting together unit tests for the SSV key loader's HTTP han…
672aacf 
…dling
@jclapis
Merge branch 'main' into add-ip-bind-to-signer
40d34aa
@jclapis @ltitanb
Update crates/cli/src/docker_init.rs
d537288 
Co-authored-by: ltitanb <[email protected]>
@jclapis
Added example signer config params
7afb763
@jclapis
Cleaned up signer config loading from feedback
09ac821
@jclapis
Merge remote-tracking branch 'origin/add-ip-bind-to-signer' into add-…
cf39d86 
…ip-bind-to-signer
@jclapis
Merge branch 'add-ip-bind-to-signer' into rate-limit-jwt
2431937
@jclapis
Merge branch 'main' into improve-http-handling
db7c915
@jclapis
Finished unit tests for the SSV loader
cb7c8eb
@jclapis
Merge branch 'main' into rate-limit-jwt
2e1198b
@jclapis
Merge branch 'rate-limit-jwt' into improve-http-handling
dcf1b0f
@jclapis
Ported HTTP timeout to the PBS event publisher
adc4389
@jclapis
Added the http timeout to the example config
37d299a
@jclapis
Fixed a test
5df487a
@jclapis jclapis self-assigned this Jun 10, 2025
@jclapis jclapis added the pbs Pbs module / Builder API label Jun 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jclapis jclapis

Labels
pbs Pbs module / Builder API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jclapis @ltitanb