[Merged by Bors] - Add SensitiveUrl to redact user secrets from endpoints

Cargo.toml

@@ -33,6 +33,7 @@ members = [
     "common/logging",
     "common/lru_cache",
     "common/remote_signer_consumer",
+    "common/sensitive_url",
     "common/slot_clock",
     "common/task_executor",
     "common/test_random_derive",

account_manager/Cargo.toml

@@ -34,6 +34,7 @@ slashing_protection = { path = "../validator_client/slashing_protection" }
 eth2 = {path = "../common/eth2"}
 safe_arith = {path = "../consensus/safe_arith"}
 slot_clock = { path = "../common/slot_clock" }
+sensitive_url = { path = "../common/sensitive_url" }
 
 [dev-dependencies]
 tempfile = "3.1.0"

account_manager/src/validator/exit.rs

@@ -4,11 +4,12 @@ use clap::{App, Arg, ArgMatches};
 use environment::Environment;
 use eth2::{
     types::{GenesisData, StateId, ValidatorData, ValidatorId, ValidatorStatus},
-    BeaconNodeHttpClient, Url,
+    BeaconNodeHttpClient,
 };
 use eth2_keystore::Keystore;
 use eth2_network_config::Eth2NetworkConfig;
 use safe_arith::SafeArith;
+use sensitive_url::SensitiveUrl;
 use slot_clock::{SlotClock, SystemTimeSlotClock};
 use std::path::{Path, PathBuf};
 use std::time::Duration;
@@ -75,7 +76,7 @@ pub fn cli_run<E: EthSpec>(matches: &ArgMatches, env: Environment<E>) -> Result<
     let spec = env.eth2_config().spec.clone();
     let server_url: String = clap_utils::parse_required(matches, BEACON_SERVER_FLAG)?;
     let client = BeaconNodeHttpClient::new(
-        Url::parse(&server_url)
+        SensitiveUrl::parse(&server_url)
             .map_err(|e| format!("Failed to parse beacon http server: {:?}", e))?,
     );
 

beacon_node/Cargo.toml

@@ -44,3 +44,4 @@ hyper = "0.14.4"
 lighthouse_version = { path = "../common/lighthouse_version" }
 hex = "0.4.2"
 slasher = { path = "../slasher" }
+sensitive_url = { path = "../common/sensitive_url" }

beacon_node/eth1/Cargo.toml

@@ -34,3 +34,4 @@ lazy_static = "1.4.0"
 task_executor = { path = "../../common/task_executor" }
 eth2 = { path = "../../common/eth2" }
 fallback = { path = "../../common/fallback" }
+sensitive_url = { path = "../../common/sensitive_url" }

beacon_node/eth1/src/http.rs

@@ -12,6 +12,7 @@
 
 use futures::future::TryFutureExt;
 use reqwest::{header::CONTENT_TYPE, ClientBuilder, StatusCode};
+use sensitive_url::SensitiveUrl;
 use serde::{Deserialize, Serialize};
 use serde_json::{json, Value};
 use std::ops::Range;
@@ -79,7 +80,7 @@ impl FromStr for Eth1Id {
 }
 
 /// Get the eth1 network id of the given endpoint.
-pub async fn get_network_id(endpoint: &str, timeout: Duration) -> Result<Eth1Id, String> {
+pub async fn get_network_id(endpoint: &SensitiveUrl, timeout: Duration) -> Result<Eth1Id, String> {
     let response_body = send_rpc_request(endpoint, "net_version", json!([]), timeout).await?;
     Eth1Id::from_str(
         response_result(&response_body)?
@@ -90,7 +91,7 @@ pub async fn get_network_id(endpoint: &str, timeout: Duration) -> Result<Eth1Id,
 }
 
 /// Get the eth1 chain id of the given endpoint.
-pub async fn get_chain_id(endpoint: &str, timeout: Duration) -> Result<Eth1Id, String> {
+pub async fn get_chain_id(endpoint: &SensitiveUrl, timeout: Duration) -> Result<Eth1Id, String> {
     let response_body = send_rpc_request(endpoint, "eth_chainId", json!([]), timeout).await?;
     hex_to_u64_be(
         response_result(&response_body)?
@@ -111,7 +112,7 @@ pub struct Block {
 /// Returns the current block number.
 ///
 /// Uses HTTP JSON RPC at `endpoint`. E.g., `http://localhost:8545`.
-pub async fn get_block_number(endpoint: &str, timeout: Duration) -> Result<u64, String> {
+pub async fn get_block_number(endpoint: &SensitiveUrl, timeout: Duration) -> Result<u64, String> {
     let response_body = send_rpc_request(endpoint, "eth_blockNumber", json!([]), timeout).await?;
     hex_to_u64_be(
         response_result(&response_body)?
@@ -126,7 +127,7 @@ pub async fn get_block_number(endpoint: &str, timeout: Duration) -> Result<u64,
 ///
 /// Uses HTTP JSON RPC at `endpoint`. E.g., `http://localhost:8545`.
 pub async fn get_block(
-    endpoint: &str,
+    endpoint: &SensitiveUrl,
     query: BlockQuery,
     timeout: Duration,
 ) -> Result<Block, String> {
@@ -191,7 +192,7 @@ pub async fn get_block(
 ///
 /// Uses HTTP JSON RPC at `endpoint`. E.g., `http://localhost:8545`.
 pub async fn get_deposit_count(
-    endpoint: &str,
+    endpoint: &SensitiveUrl,
     address: &str,
     block_number: u64,
     timeout: Duration,
@@ -229,7 +230,7 @@ pub async fn get_deposit_count(
 ///
 /// Uses HTTP JSON RPC at `endpoint`. E.g., `http://localhost:8545`.
 pub async fn get_deposit_root(
-    endpoint: &str,
+    endpoint: &SensitiveUrl,
     address: &str,
     block_number: u64,
     timeout: Duration,
@@ -266,7 +267,7 @@ pub async fn get_deposit_root(
 ///
 /// Uses HTTP JSON RPC at `endpoint`. E.g., `http://localhost:8545`.
 async fn call(
-    endpoint: &str,
+    endpoint: &SensitiveUrl,
     address: &str,
     hex_data: &str,
     block_number: u64,
@@ -308,7 +309,7 @@ pub struct Log {
 ///
 /// Uses HTTP JSON RPC at `endpoint`. E.g., `http://localhost:8545`.
 pub async fn get_deposit_logs_in_range(
-    endpoint: &str,
+    endpoint: &SensitiveUrl,
     address: &str,
     block_height_range: Range<u64>,
     timeout: Duration,
@@ -353,7 +354,7 @@ pub async fn get_deposit_logs_in_range(
 ///
 /// Tries to receive the response and parse the body as a `String`.
 pub async fn send_rpc_request(
-    endpoint: &str,
+    endpoint: &SensitiveUrl,
     method: &str,
     params: Value,
     timeout: Duration,
@@ -374,7 +375,7 @@ pub async fn send_rpc_request(
         .timeout(timeout)
         .build()
         .expect("The builder should always build a client")
-        .post(endpoint)
+        .post(endpoint.full.clone())
         .header(CONTENT_TYPE, "application/json")
         .body(body)
         .send()