From 3c1266e41c8677e4f6f022484b6c97086da10e59 Mon Sep 17 00:00:00 2001
From: chonghe <44791194+chong-he@users.noreply.github.com>
Date: Thu, 22 Aug 2024 14:51:59 +0800
Subject: [PATCH] Remove VC response signing and update api-token in Lighthouse
 Book  (#6288)

* update api-token

* Update book/src/api-vc-auth-header.md

Co-authored-by: Michael Sproul <micsproul@gmail.com>

* Update book/src/api-vc-auth-header.md

Co-authored-by: Michael Sproul <micsproul@gmail.com>

* Update book/src/api-vc-endpoints.md

Co-authored-by: Michael Sproul <micsproul@gmail.com>

* Update book/src/api-vc-endpoints.md

Co-authored-by: Michael Sproul <micsproul@gmail.com>

* Remove 33 characeter
---
 book/src/api-vc-auth-header.md     |   8 +--
 book/src/api-vc-endpoints.md       |   6 +-
 book/src/api-vc-sig-header.md      | 108 -----------------------------
 book/src/validator-manager-move.md |   2 +-
 4 files changed, 8 insertions(+), 116 deletions(-)
 delete mode 100644 book/src/api-vc-sig-header.md

diff --git a/book/src/api-vc-auth-header.md b/book/src/api-vc-auth-header.md
index f2f9caf46b5..adde78270a6 100644
--- a/book/src/api-vc-auth-header.md
+++ b/book/src/api-vc-auth-header.md
@@ -9,10 +9,10 @@ HTTP header:
 - Value: `Bearer <api-token>`
 
 Where `<api-token>` is a string that can be obtained from the validator client
-host. Here is an example `Authorization` header:
+host. Here is an example of the `Authorization` header:
 
 ```text
-Authorization: Bearer api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123
+Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh
 ```
 
 ## Obtaining the API token
@@ -24,7 +24,7 @@ text editor will suffice:
 
 ```bash
 cat api-token.txt
-api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123
+hGut6B8uEujufDXSmZsT0thnxvdvKFBvh
 ```
 
 When starting the validator client it will output a log message containing the path
@@ -54,7 +54,7 @@ Response:
 Here is an example `curl` command using the API token in the `Authorization` header:
 
 ```bash
-curl localhost:5062/lighthouse/version -H "Authorization: Bearer api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123"
+curl localhost:5062/lighthouse/version -H "Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh"
 ```
 
 The server should respond with its version:
diff --git a/book/src/api-vc-endpoints.md b/book/src/api-vc-endpoints.md
index a36aa737083..6cb66859128 100644
--- a/book/src/api-vc-endpoints.md
+++ b/book/src/api-vc-endpoints.md
@@ -53,12 +53,12 @@ Example Response Body:
 }
 ```
 
-> Note: The command provided in this documentation links to the API token file. In this documentation, it is assumed that the API token file is located in `/var/lib/lighthouse/validators/API-token.txt`. If your database is saved in another directory, modify the `DATADIR` accordingly. If you are having permission issue with accessing the API token file, you can modify the header to become `-H "Authorization: Bearer $(sudo cat ${DATADIR}/validators/api-token.txt)"`.
+> Note: The command provided in this documentation links to the API token file. In this documentation, it is assumed that the API token file is located in `/var/lib/lighthouse/validators/api-token.txt`. If your database is saved in another directory, modify the `DATADIR` accordingly. If you are having permission issue with accessing the API token file, you can modify the header to become `-H "Authorization: Bearer $(sudo cat ${DATADIR}/validators/api-token.txt)"`.
 
-> As an alternative, you can also provide the API token directly, for example, `-H "Authorization: Bearer api-token-0x02dc2a13115cc8c83baf170f597f22b1eb2930542941ab902df3daadebcb8f8176`. In this case, you obtain the token from the file `API token.txt` and the command becomes:
+> As an alternative, you can also provide the API token directly, for example, `-H "Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh`. In this case, you obtain the token from the file `api-token.txt` and the command becomes:
 
 ```bash
-curl -X GET "http://localhost:5062/lighthouse/version" -H "Authorization: Bearer api-token-0x02dc2a13115cc8c83baf170f597f22b1eb2930542941ab902df3daadebcb8f8176" | jq
+curl -X GET "http://localhost:5062/lighthouse/version" -H "Authorization: Bearer hGut6B8uEujufDXSmZsT0thnxvdvKFBvh" | jq
 ```
 
 ## `GET /lighthouse/health`
diff --git a/book/src/api-vc-sig-header.md b/book/src/api-vc-sig-header.md
deleted file mode 100644
index 468f714cfa9..00000000000
--- a/book/src/api-vc-sig-header.md
+++ /dev/null
@@ -1,108 +0,0 @@
-# Validator Client API: Signature Header
-
-## Overview
-
-The validator client HTTP server adds the following header to all responses:
-
-- Name: `Signature`
-- Value: a secp256k1 signature across the SHA256 of the response body.
-
-Example `Signature` header:
-
-```text
-Signature: 0x304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873
-```
-
-## Verifying the Signature
-
-Below is a browser-ready example of signature verification.
-
-### HTML
-
-```html
-<script src="https://rawgit.com/emn178/js-sha256/master/src/sha256.js" type="text/javascript"></script>
-<script src="https://rawgit.com/indutny/elliptic/master/dist/elliptic.min.js" type="text/javascript"></script>
-```
-
-### Javascript
-
-```javascript
-// Helper function to turn a hex-string into bytes.
-function hexStringToByte(str) {
-  if (!str) {
-    return new Uint8Array();
-  }
-
-  var a = [];
-  for (var i = 0, len = str.length; i < len; i+=2) {
-    a.push(parseInt(str.substr(i,2),16));
-  }
-
-  return new Uint8Array(a);
-}
-
-// This example uses the secp256k1 curve from the "elliptic" library:
-//
-// https://github.com/indutny/elliptic
-var ec = new elliptic.ec('secp256k1');
-
-// The public key is contained in the API token:
-//
-// Authorization: Basic api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123
-var pk_bytes = hexStringToByte('03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123');
-
-// The signature is in the `Signature` header of the response:
-//
-// Signature: 0x304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873
-var sig_bytes = hexStringToByte('304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873');
-
-// The HTTP response body.
-var response_body = "{\"data\":{\"version\":\"Lighthouse/v0.2.11-fc0654fbe+/x86_64-linux\"}}";
-
-// The HTTP response body is hashed (SHA256) to determine the 32-byte message.
-let hash = sha256.create();
-hash.update(response_body);
-let message = hash.array();
-
-// The 32-byte message hash, the signature and the public key are verified.
-if (ec.verify(message, sig_bytes, pk_bytes)) {
-  console.log("The signature is valid")
-} else {
-  console.log("The signature is invalid")
-}
-```
-
-*This example is also available as a [JSFiddle](https://jsfiddle.net/wnqd74Lz/).*
-
-## Example
-
-The previous Javascript example was written using the output from the following
-`curl` command:
-
-```bash
-curl -v localhost:5062/lighthouse/version -H "Authorization: Basic api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123"
-```
-
-```text
-*   Trying ::1:5062...
-* connect to ::1 port 5062 failed: Connection refused
-*   Trying 127.0.0.1:5062...
-* Connected to localhost (127.0.0.1) port 5062 (#0)
-> GET /lighthouse/version HTTP/1.1
-> Host: localhost:5062
-> User-Agent: curl/7.72.0
-> Accept: */*
-> Authorization: Basic api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123
->
-* Mark bundle as not supporting multiuse
-< HTTP/1.1 200 OK
-< content-type: application/json
-< signature: 0x304402205b114366444112580bf455d919401e9c869f5af067cd496016ab70d428b5a99d0220067aede1eb5819eecfd5dd7a2b57c5ac2b98f25a7be214b05684b04523aef873
-< server: Lighthouse/v0.2.11-fc0654fbe+/x86_64-linux
-< access-control-allow-origin:
-< content-length: 65
-< date: Tue, 29 Sep 2020 04:23:46 GMT
-<
-* Connection #0 to host localhost left intact
-{"data":{"version":"Lighthouse/v0.2.11-fc0654fbe+/x86_64-linux"}}
-```
diff --git a/book/src/validator-manager-move.md b/book/src/validator-manager-move.md
index 10de1fe87c6..f7184ce1277 100644
--- a/book/src/validator-manager-move.md
+++ b/book/src/validator-manager-move.md
@@ -116,7 +116,7 @@ location of the file varies, but it is located in the "validator directory" of y
 alongside validator keystores. For example: `~/.lighthouse/mainnet/validators/api-token.txt`. If you are unsure of the `api-token.txt` path, you can run `curl http://localhost:5062/lighthouse/auth` which will show the path.
 
 Copy the contents of that file into a new file on the **destination host** at `~/src-token.txt`. The
-API token should be similar to `api-token-0x03eace4c98e8f77477bb99efb74f9af10d800bd3318f92c33b719a4644254d4123`.
+API token is a random string, e.g., `hGut6B8uEujufDXSmZsT0thnxvdvKFBvh`.
 
 ### 4. Create an SSH Tunnel