fix: change miner authentication to use separate X-Miner-ID header instead of API key for miner identification

- Add get_miner_id() dependency to extract miner ID from X-Miner-ID header - Update miner register and heartbeat endpoints to require both X-Miner-ID and X-Api-Key headers - Remove miner_id from query parameters in favor of header-based extraction - Fix miner heartbeat CLI to send proper JSON payload with inflight, status, and metadata fields - Fix typo in MinerService: extra_metadata → extra_meta_data
2026-03-05 12:28:17 +01:00
parent 80b9ea4b25
commit efd85060db
5 changed files with 38 additions and 15 deletions
--- a/apps/coordinator-api/src/app/deps.py
+++ b/apps/coordinator-api/src/app/deps.py
@@ -36,6 +36,17 @@ def require_miner_key() -> Callable[[str | None], str]:
    return validator


+def get_miner_id() -> Callable[[str | None], str]:
+    """Dependency to get miner ID from X-Miner-ID header."""
+
+    def validator(miner_id: str | None = Header(default=None, alias="X-Miner-ID")) -> str:
+        if not miner_id:
+            raise HTTPException(status_code=400, detail="X-Miner-ID header required")
+        return miner_id
+
+    return validator
+
+
 def require_admin_key() -> Callable[[str | None], str]:
    """Dependency for admin API key authentication (reads live settings)."""

--- a/apps/coordinator-api/src/app/routers/miner.py
+++ b/apps/coordinator-api/src/app/routers/miner.py
@@ -5,7 +5,7 @@ from fastapi import APIRouter, Depends, HTTPException, Response, status, Request
 from slowapi import Limiter
 from slowapi.util import get_remote_address

-from ..deps import require_miner_key
+from ..deps import require_miner_key, get_miner_id
 from ..schemas import AssignedJob, JobFailSubmit, JobResultSubmit, JobState, MinerHeartbeat, MinerRegister, PollRequest
 from ..services import JobService, MinerService
 from ..services.receipts import ReceiptService
@@ -24,7 +24,8 @@ async def register(
    req: MinerRegister,
    request: Request,
    session: SessionDep,
-    miner_id: str = Depends(require_miner_key()),
+    miner_id: str = Depends(get_miner_id()),
+    api_key: str = Depends(require_miner_key()),
 ) -> dict[str, Any]:  # type: ignore[arg-type]
    service = MinerService(session)
    record = service.register(miner_id, req)
@@ -36,7 +37,8 @@ async def heartbeat(
    req: MinerHeartbeat,
    request: Request,
    session: SessionDep,
-    miner_id: str = Depends(require_miner_key()),
+    miner_id: str = Depends(get_miner_id()),
+    api_key: str = Depends(require_miner_key()),
 ) -> dict[str, str]:  # type: ignore[arg-type]
    try:
        MinerService(session).heartbeat(miner_id, req)
--- a/apps/coordinator-api/src/app/services/miners.py
+++ b/apps/coordinator-api/src/app/services/miners.py
@@ -54,7 +54,7 @@ class MinerService:
            metadata["edge_optimized"] = payload.edge_optimized
        if payload.network_latency_ms is not None:
            metadata["network_latency_ms"] = payload.network_latency_ms
-        miner.extra_metadata = metadata
+        miner.extra_meta_data = metadata
        miner.last_heartbeat = datetime.utcnow()
        self.session.add(miner)
        self.session.commit()