CBST2-12: Improve External HTTP Requests

Cargo.toml

@@ -25,6 +25,7 @@ base64 = "0.22.1"
 bimap = { version = "0.6.3", features = ["serde"] }
 blsful = "2.5"
 blst = "0.3.11"
+bytes = "1.10.1"
 cb-cli = { path = "crates/cli" }
 cb-common = { path = "crates/common" }
 cb-metrics = { path = "crates/metrics" }
@@ -36,6 +37,7 @@ color-eyre = "0.6.3"
 ctr = "0.9.2"
 derive_more = { version = "2.0.1", features = ["deref", "display", "from", "into"] }
 docker-compose-types = "0.16.0"
+docker-image = "0.2.1"
 eth2_keystore = { git = "https://github.com/sigp/lighthouse", rev = "8d058e4040b765a96aa4968f4167af7571292be2" }
 ethereum_serde_utils = "0.7.0"
 ethereum_ssz = "0.8"
@@ -52,11 +54,14 @@ prometheus = "0.13.4"
 prost = "0.13.4"
 rand = { version = "0.9", features = ["os_rng"] }
 reqwest = { version = "0.12.4", features = ["json", "stream"] }
+scopeguard = "1.2.0"
 serde = { version = "1.0.202", features = ["derive"] }
 serde_json = "1.0.117"
 serde_yaml = "0.9.33"
+serial_test = "3.2.0"
 sha2 = "0.10.8"
 ssz_types = "0.10"
+tempfile = "3.20.0"
 thiserror = "2.0.12"
 tokio = { version = "1.37.0", features = ["full"] }
 toml = "0.8.13"

config.example.toml

@@ -55,6 +55,9 @@ extra_validation_enabled = false
 # Execution Layer RPC url to use for extra validation
 # OPTIONAL
 rpc_url = "https://ethereum-holesky-rpc.publicnode.com"
+# Timeout for any HTTP requests sent from the PBS module to other services, in seconds
+# OPTIONAL, DEFAULT: 10
+http_timeout_seconds = 10
 
 # The PBS module needs one or more [[relays]] as defined below.
 [[relays]]

crates/common/Cargo.toml

@@ -13,9 +13,11 @@ axum.workspace = true
 base64.workspace = true
 bimap.workspace = true
 blst.workspace = true
+bytes.workspace = true
 cipher.workspace = true
 ctr.workspace = true
 derive_more.workspace = true
+docker-image.workspace = true
 eth2_keystore.workspace = true
 ethereum_serde_utils.workspace = true
 ethereum_ssz.workspace = true
@@ -41,3 +43,5 @@ tree_hash_derive.workspace = true
 unicode-normalization.workspace = true
 url.workspace = true
 jsonwebtoken.workspace = true
+serial_test.workspace = true
+scopeguard.workspace = true

crates/common/src/config/constants.rs

@@ -35,6 +35,11 @@ pub const SIGNER_MODULE_NAME: &str = "signer";
 /// Where the signer module should open the server
 pub const SIGNER_ENDPOINT_ENV: &str = "CB_SIGNER_ENDPOINT";
 
+// JWT authentication settings
+pub const SIGNER_JWT_AUTH_FAIL_LIMIT_ENV: &str = "CB_SIGNER_JWT_AUTH_FAIL_LIMIT";
+pub const SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS_ENV: &str =
+    "CB_SIGNER_JWT_AUTH_FAIL_TIMEOUT_SECONDS";
+
 /// Comma separated list module_id=jwt_secret
 pub const JWTS_ENV: &str = "CB_JWTS";
 
@@ -67,6 +72,15 @@ pub const PROXY_DIR_KEYS_DEFAULT: &str = "/proxy_keys";
 pub const PROXY_DIR_SECRETS_ENV: &str = "CB_PROXY_SECRETS_DIR";
 pub const PROXY_DIR_SECRETS_DEFAULT: &str = "/proxy_secrets";
 
+////////////////////////// MUXER //////////////////////////
+
+/// Timeout for HTTP requests, in seconds
+pub const HTTP_TIMEOUT_SECONDS_ENV: &str = "CB_HTTP_TIMEOUT_SECONDS";
+pub const HTTP_TIMEOUT_SECONDS_DEFAULT: u64 = 10;
+
+/// Max content length for Muxer HTTP responses, in bytes
+pub const MUXER_HTTP_MAX_LENGTH: u64 = 1024 * 1024 * 1024 * 10; // 10 MiB
+
 ///////////////////////// MODULES /////////////////////////
 
 /// The unique ID of the module
@@ -81,3 +95,6 @@ pub const SIGNER_URL_ENV: &str = "CB_SIGNER_URL";
 /// Events modules
 /// Where to receive builder events
 pub const BUILDER_PORT_ENV: &str = "CB_BUILDER_PORT";
+
+///////////////////////// TESTING CONSTANTS /////////////////////////
+pub const CB_TEST_HTTP_DISABLE_CONTENT_LENGTH_ENV: &str = "CB_TEST_HTTP_DISABLE_CONTENT_LENGTH";

crates/common/src/config/mod.rs

@@ -41,6 +41,9 @@ impl CommitBoostConfig {
     /// Validate config
     pub async fn validate(&self) -> Result<()> {
         self.pbs.pbs_config.validate(self.chain).await?;
+        if let Some(signer) = &self.signer {
+            signer.validate().await?;
+        }
         Ok(())
     }