add internal_bearer_token to config

web3_proxy/src/config.rs

@@ -150,6 +150,9 @@ pub struct AppConfig {
     /// percentage to increase eth_estimateGas results. 100 == 100%
     pub gas_increase_percent: Option<U256>,
 
+    /// bearer token for internal requests. keep this secret
+    pub internal_bearer_token: Option<String>,
+
     /// Restrict user registration.
     /// None = no code needed
     pub invite_code: Option<String>,

web3_proxy/src/frontend/admin.rs

@@ -56,7 +56,10 @@ pub async fn admin_increase_balance(
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
     Json(payload): Json<AdminIncreaseBalancePost>,
 ) -> Web3ProxyResponse {
-    let caller = app.bearer_is_authorized(bearer).await?;
+    let caller = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     // Establish connections
     let db_conn = global_db_conn()?;

web3_proxy/src/frontend/authorization.rs

@@ -614,7 +614,16 @@ impl App {
     /// Verify that the given bearer token and address are allowed to take the specified action.
     /// This includes concurrent request limiting.
     /// keep the semaphore alive until the user's request is entirely complete
-    pub async fn bearer_is_authorized(&self, bearer: Bearer) -> Web3ProxyResult<user::Model> {
+    pub async fn bearer_is_authorized(
+        &self,
+        bearer: Bearer,
+    ) -> Web3ProxyResult<Option<user::Model>> {
+        if let Some(internal_token) = &self.config.internal_bearer_token {
+            if internal_token == bearer.token() {
+                return Ok(None);
+            }
+        }
+
         // get the user id for this bearer token
         let user_bearer_token = UserBearerToken::try_from(bearer)?;
 
@@ -631,7 +640,7 @@ impl App {
             .web3_context("fetching user from db by bearer token")?
             .web3_context("unknown bearer token")?;
 
-        Ok(user)
+        Ok(Some(user))
     }
 
     pub async fn rate_limit_login(

web3_proxy/src/frontend/users/mod.rs

@@ -56,7 +56,10 @@ pub async fn user_post(
     TypedHeader(Authorization(bearer_token)): TypedHeader<Authorization<Bearer>>,
     Json(payload): Json<UserPost>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer_token).await?;
+    let user = app
+        .bearer_is_authorized(bearer_token)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let user_id = user.id;
 

web3_proxy/src/frontend/users/payment.rs

@@ -44,7 +44,10 @@ pub async fn user_balance_get(
     State(app): State<Arc<App>>,
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -64,7 +67,10 @@ pub async fn user_chain_deposits_get(
     State(app): State<Arc<App>>,
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -103,7 +109,10 @@ pub async fn user_stripe_deposits_get(
     State(app): State<Arc<App>>,
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -146,7 +155,10 @@ pub async fn user_admin_deposits_get(
     State(app): State<Arc<App>>,
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 

web3_proxy/src/frontend/users/referral.rs

@@ -1,5 +1,5 @@
 //! Handle registration, logins, and managing account data.
-use crate::errors::Web3ProxyResponse;
+use crate::errors::{Web3ProxyError, Web3ProxyResponse};
 use crate::globals::global_db_conn;
 use crate::referral_code::ReferralCode;
 use crate::{app::App, globals::global_db_replica_conn};
@@ -34,7 +34,10 @@ pub async fn user_referral_link_get(
     Query(_params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
     // First get the bearer token and check if the user is logged in
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -79,7 +82,10 @@ pub async fn user_used_referral_stats(
     Query(_params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
     // First get the bearer token and check if the user is logged in
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -137,7 +143,10 @@ pub async fn user_shared_referral_stats(
     Query(_params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
     // First get the bearer token and check if the user is logged in
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 

web3_proxy/src/frontend/users/rpc_keys.rs

@@ -31,7 +31,10 @@ pub async fn rpc_keys_get(
     State(app): State<Arc<App>>,
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -160,7 +163,10 @@ pub async fn rpc_keys_management(
 ) -> Web3ProxyResponse {
     // TODO: is there a way we can know if this is a PUT or POST? right now we can modify or create keys with either. though that probably doesn't matter
 
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 

web3_proxy/src/frontend/users/stats.rs

@@ -1,6 +1,6 @@
 //! Handle registration, logins, and managing account data.
 use crate::app::App;
-use crate::errors::{Web3ProxyErrorContext, Web3ProxyResponse};
+use crate::errors::{Web3ProxyError, Web3ProxyErrorContext, Web3ProxyResponse};
 use crate::globals::global_db_replica_conn;
 use crate::http_params::{
     get_chain_id_from_params, get_page_from_params, get_query_start_from_params,
@@ -32,7 +32,10 @@ pub async fn user_revert_logs_get(
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
     Query(params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let chain_id = get_chain_id_from_params(app.as_ref(), &params)?;
     let query_start = get_query_start_from_params(&params)?;
@@ -140,7 +143,10 @@ pub async fn user_mysql_stats_get(
     State(app): State<Arc<App>>,
     TypedHeader(Authorization(bearer)): TypedHeader<Authorization<Bearer>>,
 ) -> Web3ProxyResponse {
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
     let db_replica = global_db_replica_conn()?;
 
     // Fetch everything from mysql, joined

web3_proxy/src/frontend/users/subuser.rs

@@ -34,7 +34,10 @@ pub async fn get_keys_as_subuser(
     Query(_params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
     // First, authenticate
-    let subuser = app.bearer_is_authorized(bearer).await?;
+    let subuser = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -99,7 +102,8 @@ pub async fn get_subusers(
     Query(mut params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
     // First, authenticate
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app.bearer_is_authorized(bearer).await?
+    .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 
@@ -171,7 +175,10 @@ pub async fn modify_subuser(
     Query(mut params): Query<HashMap<String, String>>,
 ) -> Web3ProxyResponse {
     // First, authenticate
-    let user = app.bearer_is_authorized(bearer).await?;
+    let user = app
+        .bearer_is_authorized(bearer)
+        .await?
+        .ok_or(Web3ProxyError::InvalidUserKey)?;
 
     let db_replica = global_db_replica_conn()?;
 

web3_proxy/src/stats/influxdb_queries.rs

@@ -34,7 +34,10 @@ pub async fn query_user_influx_stats<'a>(
 ) -> Web3ProxyResponse {
     let caller_user = match bearer {
         Some(TypedHeader(Authorization(bearer))) => {
-            let user = app.bearer_is_authorized(bearer).await?;
+            let user = app
+                .bearer_is_authorized(bearer)
+                .await?
+                .ok_or(Web3ProxyError::InvalidUserKey)?;
 
             Some(user)
         }