Add authenticated endpoint to manually trigger validator db update

sisou · sisou · commit b1b510132801 · 2026-04-04T11:03:24.000+02:00
diff --git a/nuxt.config.ts b/nuxt.config.ts
@@ -21,6 +21,7 @@ export default defineNuxtConfig({
   runtimeConfig: {
     albatrossRpcNodeUrl: process.env.ALBATROSS_RPC_NODE_URL || '',
     slackWebhookUrl: process.env.NUXT_SLACK_WEBHOOK_URL || '',
+    dbUpdateToken: process.env.NUXT_DB_UPDATE_TOKEN || '',
     public: {
       gitBranch: execSync('git branch --show-current', { stdio: ['ignore', 'pipe', 'ignore'] }).toString().trim(),
       nimiqNetwork: process.env.NUXT_PUBLIC_NIMIQ_NETWORK || '',
@@ -31,6 +32,7 @@ export default defineNuxtConfig({
     $schema: z.object({
       albatrossRpcNodeUrl: z.string().describe('Albatross RPC Node URL is required'),
       slackWebhookUrl: z.string().describe('Slack webhook URL must be a valid string'),
+      dbUpdateToken: z.string().describe('DB update token must be a valid string'),
       public: z.object({
         gitBranch: z.string().describe('Git branch is required'),
         nimiqNetwork: z.string().describe('Nimiq network is required').refine(value => !value || ['main-albatross', 'test-albatross'].includes(value), {
diff --git a/server/api/[version]/validators/update-db.post.ts b/server/api/[version]/validators/update-db.post.ts
@@ -0,0 +1,38 @@
+import { Buffer } from 'node:buffer'
+import { timingSafeEqual } from 'node:crypto'
+import { z } from 'zod'
+
+const querySchema = z.object({
+  token: z.string(),
+})
+
+export default defineEventHandler(async (event) => {
+  const { token } = await getValidatedQuery(event, querySchema.parse)
+
+  const { dbUpdateToken } = useSafeRuntimeConfig()
+
+  if (!dbUpdateToken) {
+    throw createError({
+      statusCode: 500,
+      message: 'DB update token is not configured',
+    })
+  }
+
+  if (!timingSafeEqual(Buffer.from(token, 'utf8'), Buffer.from(dbUpdateToken, 'utf8'))) {
+    throw createError({
+      statusCode: 401,
+      message: 'Unauthorized',
+    })
+  }
+
+  const validators = await importValidatorsBundled(useSafeRuntimeConfig().public.nimiqNetwork, { shouldStore: true })
+
+  if (!validators[0]) {
+    throw createError({
+      statusCode: 500,
+      message: `Failed to import bundled validators: ${validators[1]}`,
+    })
+  }
+
+  return validators[2]
+})
diff --git a/server/generated/validators-bundle.generated.ts b/server/generated/validators-bundle.generated.ts
