handle bearer token

[LesnyRumcajs]

Summary of changes

Changes introduced in this pull request:

• align JWT usage with Lotus (and in general JSON Web Token specification) - header values shall include the Bearer prefix. This is necessary, e.g., for the api compare to support sending write tokens to Lotus, see Go JSON-RPC authorization handling.
• Added some tests to untested code.

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

[ruseinov]

Since we now require Bearer prefix too - we need to make sure api compare and other tools that are parsing tokens from env or arguments prepend Bearer, when the token is available.
Another solution would be just to specify a token already with a Bearer prefix, but that's not very handy, because there is a space between the prefix and the actual token, so it'd require quotation marks and it potentially won't work for api compare token:host format.

It had already bitten me when I was testing a Write permissioned endpoint. Even though we don't have any automated tests for those endpoints yet.

[LesnyRumcajs]

Since we now require Bearer prefix too - we need to make sure api compare and other tools that are parsing tokens from env or arguments prepend Bearer, when the token is available. Another solution would be just to specify a token already with a Bearer prefix, but that's not very handy, because there is a space between the prefix and the actual token, so it'd require quotation marks and it potentially won't work for api compare token:host format.

It had already bitten me when I was testing a Write permissioned endpoint. Even though we don't have any automated tests for those endpoints yet.

I don't understand your point. The changes already work for api compare, and others. This is a cherry-pick from my branch that requires write access.

[ruseinov]

Here's an example of api compare usage with specified token.

forest-tool api compare "/Users/romanuseinov/Library/Application Support/com.ChainSafe.Forest/calibnet/0.17.2/car_db/1713525012514.forest.car.zst" --filter=SyncSub --forest "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXSwiZXhwIjoxNzE4NzE1NDA1fQ.iYPmOk-dytEbtdH7EmEE1tad83rvUqUgGkwKlD7VaO4:/ip4/127.0.0.1/tcp/2345/http"

This will fail miserably, because Bearer prefix is required. Wouldn't it be logical to prepend Bearer prefix as opposed to having to manually specify it?

[LesnyRumcajs]

Here's an example of api compare usage with specified token.

forest-tool api compare "/Users/romanuseinov/Library/Application Support/com.ChainSafe.Forest/calibnet/0.17.2/car_db/1713525012514.forest.car.zst" --filter=SyncSub --forest "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXSwiZXhwIjoxNzE4NzE1NDA1fQ.iYPmOk-dytEbtdH7EmEE1tad83rvUqUgGkwKlD7VaO4:/ip4/127.0.0.1/tcp/2345/http"

This will fail miserably, because Bearer prefix is required.

And the Bearer prefix is added in client.rs, thus satisfying the requirement.

[ruseinov]

Here's an example of api compare usage with specified token.
forest-tool api compare "/Users/romanuseinov/Library/Application Support/com.ChainSafe.Forest/calibnet/0.17.2/car_db/1713525012514.forest.car.zst" --filter=SyncSub --forest "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXSwiZXhwIjoxNzE4NzE1NDA1fQ.iYPmOk-dytEbtdH7EmEE1tad83rvUqUgGkwKlD7VaO4:/ip4/127.0.0.1/tcp/2345/http"
This will fail miserably, because Bearer prefix is required.

And the Bearer prefix is added in client.rs, thus satisfying the requirement.

My bad, I somehow managed to miss this change.