Skip to content

Support multiple RPC urls for EvmRpc #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Support multiple RPC urls for EvmRpc #9

wants to merge 3 commits into from

Conversation

@samholmes
Copy link
Contributor

@samholmes samholmes commented Nov 20, 2025
edited
Loading

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

  • Yes
  • No

Dependencies

none

Description

none

swansontec
swansontec requested changes Nov 21, 2025
View reviewed changes
src/plugins/evmRpc.ts Outdated
const { pluginId, urls, scanAdapters } = opts

// Use random URL for logging if safeUrl not provided
const safeUrl = opts.safeUrl ?? pickRandom(urls)
Copy link
Contributor

@swansontec swansontec Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The whole "safeUrl" concept needs to go away. The idea was to present both the "real" URL with the API key, and the "safe" URL with the API key redacted. But now that we have an array of URL's, we'd either need to (from worse to better):

  1. Have a matching array of safe URL's. Kinda annoying.
  2. Stop caring about logging API keys. If somebody can access our box, they can just read the keys from the config anyhow. This is only a problem if we integrate Loki or something.
  3. Use a regexp to sanitize URL's.
  4. Use the same https://somebody?apiKey={{keyName}} syntax we use in accountbased, and then substitute the API key for the fetch call, but leave it un-substituted for logging.

I leave it up to you how to address this. It's not even clear that we have API keys in any of the URL's, in which case 2 might be a sensible choice.

src/plugins/allPlugins.ts
url: 'https://polygon-amoy-bor-rpc.publicnode.com'
urls: [
'https://api.zan.top/polygon-amoy', // yellow privacy
'https://polygon-amoy-public.nodies.app', // yellow privacy
Copy link
Contributor

@swansontec swansontec Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's with all these privacy comments?

Copy link
Contributor Author

@samholmes samholmes Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are from chainlist.org. They're there to verify sorting by privacy first (green).

@samholmes
Remove safeUrl and add URL sanitization for logging
ebc7988 
- Remove safeUrl parameter from BlockbookOptions and EvmRpcOptions interfaces
- Add sanitizeUrlForLogging utility function that removes API keys from URLs
- Use sanitization function in blockbook plugin (API keys are added to URLs)
- Stub sanitization function in evmRpc plugin with TODO (API keys not yet used for RPC URLs)
- Remove safeUrl usage from allPlugins.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swansontec swansontec swansontec requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@samholmes @swansontec