Merge pull request #1647 from ethereum-optimism/bwilson/rpc-proxy-only-on-post

Bypass lua checking when the request is not a POST

Merge pull request #1647 from ethereum-optimism/bwilson/rpc-proxy-only-on-post
Bypass lua checking when the request is not a POST
240e62e9 · Mark Tyneway · GitHub · 458dd0ef · 3e09aa0a · 240e62e9
Commit 240e62e9 authored Oct 29, 2021 by Mark Tyneway Committed by GitHub Oct 29, 2021
6 changed files
--- a/.changeset/smart-crabs-jump.md
+++ b/.changeset/smart-crabs-jump.md
+---
+'@eth-optimism/rpc-proxy': patch
+---
+Initial rpc-proxy package
--- a/.github/workflows/publish-canary.yml
+++ b/.github/workflows/publish-canary.yml
@@ -24,6 +24,7 @@ jobs:
      replica-healthcheck: ${{ steps.packages.outputs.replica-healthcheck }}
      canary-docker-tag: ${{ steps.docker-image-name.outputs.canary-docker-tag }}
      proxyd: ${{ steps.canary-publish.outputs.proxyd }}
+      rpc-proxy : ${{ steps.canary-publish.outputs.rpc-proxy }}
    steps:
      - name: Check out source code
@@ -342,3 +343,29 @@ jobs:
          build-args:
            - GITCOMMIT=$GITHUB_SHA
            - GITDATE=$GITDATE
+  rpc-proxy:
+    name: Publish rpc-proxy Version ${{ needs.canary-publish.outputs.canary-docker-tag }}
+    needs: canary-publish
+    if: needs.canary-publish.outputs.rpc-proxy != ''
+    runs-on: ubuntu:latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_ACCESS_TOKEN_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN_SECRET }}
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./ops/docker/Dockerfile.rpc-proxy
+          push: true
+          tags: ethereumoptimism/rpc-proxy:${{ needs.canary-publish.outputs.rpc-proxy }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,6 +20,7 @@ jobs:
      gas-oracle: ${{ steps.packages.outputs.gas-oracle }}
      replica-healthcheck: ${{ steps.packages.outputs.replica-healthcheck }}
      proxyd: ${{ steps.packages.outputs.proxyd }}
+      rpc-proxy: ${{ steps.packages.outputs.rpc-proxy }}
    steps:
      - name: Checkout Repo
@@ -360,3 +361,33 @@ jobs:
          build-args:
            - GITCOMMIT=$GITHUB_SHA
            - GITDATE=$GITDATE
+  rpc-proxy:
+    name: Publish rpc-proxy Version ${{ needs.release.outputs.rpc-proxy }}
+    needs: release
+    if: needs.release.outputs.rpc-proxy != ''
+    runs-on: ubuntu:latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_ACCESS_TOKEN_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN_SECRET }}
+      - name: Set env
+        run: |
+          echo "GITDATE=$(date)" >> $GITHUB_ENV"
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./ops/docker/Dockerfile.rpc-proxy
+          push: true
+          tags: ethereumoptimism/rpc-proxy:${{ needs.canary-publish.outputs.rpc-proxy }}
--- a/ops/docker/rpc-proxy/nginx.template.conf
+++ b/ops/docker/rpc-proxy/nginx.template.conf
@@ -69,7 +69,9 @@ http {
    }
    location / {
      set $jsonrpc_whitelist {{env.Getenv "ETH_CALLS_ALLOWED"}};
-      access_by_lua_file 'eth-jsonrpc-access.lua';
+      if ($request_method = POST) {
+        access_by_lua_file 'eth-jsonrpc-access.lua';
+      }
      proxy_pass http://sequencer;
    }
  }

--- a/ops/docker/rpc-proxy/package.json
+++ b/ops/docker/rpc-proxy/package.json
+{
+  "name": "@eth-optimism/rpc-proxy",
+  "version": "0.0.1",
+  "private": true,
+  "devDependencies": {}
+}
--- a/package.json
+++ b/package.json
@@ -11,7 +11,8 @@
      "specs",
      "go/gas-oracle",
      "go/batch-submitter",
-      "go/proxyd"
+      "go/proxyd",
+      "ops/docker/rpc-proxy"
    ],
    "nohoist": [
      "examples/*"