Receive module jwts and admin secrets from body in reload endpoint

Author: ManuelBilbao

crates/common/src/commit/request.rs

@@ -1,4 +1,5 @@
 use std::{
+    collections::HashMap,
     fmt::{self, Debug, Display},
     str::FromStr,
 };
@@ -9,11 +10,12 @@ use alloy::{
     rpc::types::beacon::BlsSignature,
 };
 use derive_more::derive::From;
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Deserializer, Serialize};
 use tree_hash::TreeHash;
 use tree_hash_derive::TreeHash;
 
 use crate::{
+    config::decode_string_to_map,
     constants::COMMIT_BOOST_DOMAIN,
     error::BlstErrorWrapper,
     signature::verify_signed_message,
@@ -202,7 +204,27 @@ pub struct GetPubkeysResponse {
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct RevokeJWTRequest {
+pub struct ReloadRequest {
+    #[serde(default, deserialize_with = "deserialize_jwt_secrets")]
+    pub jwt_secrets: Option<HashMap<ModuleId, String>>,
+    pub admin_secret: Option<String>,
+}
+
+pub fn deserialize_jwt_secrets<'de, D>(
+    deserializer: D,
+) -> Result<Option<HashMap<ModuleId, String>>, D::Error>
+where
+    D: Deserializer<'de>,
+{
+    let raw: String = Deserialize::deserialize(deserializer)?;
+
+    decode_string_to_map(&raw)
+        .map(|x| Some(x))
+        .map_err(|_| serde::de::Error::custom("Invalid format".to_string()))
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct RevokeModuleRequest {
     pub module_id: ModuleId,
 }
 

crates/common/src/config/utils.rs

@@ -31,7 +31,7 @@ pub fn load_jwt_secrets() -> Result<(String, HashMap<ModuleId, String>)> {
     decode_string_to_map(&jwt_secrets).map(|secrets| (admin_jwt, secrets))
 }
 
-fn decode_string_to_map(raw: &str) -> Result<HashMap<ModuleId, String>> {
+pub fn decode_string_to_map(raw: &str) -> Result<HashMap<ModuleId, String>> {
     // trim the string and split for comma
     raw.trim()
         .split(',')

crates/signer/src/service.rs

@@ -16,8 +16,8 @@ use cb_common::{
             REVOKE_MODULE_PATH, STATUS_PATH,
         },
         request::{
-            EncryptionScheme, GenerateProxyRequest, GetPubkeysResponse, RevokeJWTRequest,
-            SignConsensusRequest, SignProxyRequest, SignRequest,
+            EncryptionScheme, GenerateProxyRequest, GetPubkeysResponse, ReloadRequest,
+            RevokeModuleRequest, SignConsensusRequest, SignProxyRequest, SignRequest,
         },
     },
     config::StartSignerConfig,
@@ -282,6 +282,7 @@ async fn handle_generate_proxy(
 
 async fn handle_reload(
     State(mut state): State<SigningState>,
+    Json(request): Json<ReloadRequest>,
 ) -> Result<impl IntoResponse, SignerModuleError> {
     let req_id = Uuid::new_v4();
 
@@ -295,8 +296,13 @@ async fn handle_reload(
         }
     };
 
-    state.jwts = Arc::new(RwLock::new(config.jwts.clone()));
-    state.admin_secret = Arc::new(RwLock::new(config.admin_secret.clone()));
+    if let Some(jwt_secrets) = request.jwt_secrets {
+        *state.jwts.write().await = jwt_secrets;
+    }
+
+    if let Some(admin_secret) = request.admin_secret {
+        *state.admin_secret.write().await = admin_secret;
+    }
 
     let new_manager = match start_manager(config).await {
         Ok(manager) => manager,
@@ -313,7 +319,7 @@ async fn handle_reload(
 
 async fn handle_revoke_module(
     State(state): State<SigningState>,
-    Json(request): Json<RevokeJWTRequest>,
+    Json(request): Json<RevokeModuleRequest>,
 ) -> Result<impl IntoResponse, SignerModuleError> {
     let mut guard = state.jwts.write().await;
     guard