fix: add accept: application/json header to remote signer requests …

…and improve invalid response handling (#6587)

* fix: handle remote signer non "application/json" response content type

* restrict logger to minimal set and remove cast

* Fix typo - `minamal`; refactor/inline response handling functions; remove error logging and improve exception messaging for res != OK; fix content type parsing and handling of invalid content types;

* fix: exception message text

* Removed logger in externalSignerClient; Improved handling of response media types;

* fix: use response statusText as error message if response body is empty (response error)

* fix: exception message text proper epmpty string check

* fix: exception message text proper epmpty string check

* fix: lint errors

* reintroduce handleExternalSignerResponse generic function with better error handling; add accept header to all requests;

* fix: remove forgotten check in externalSignerUpCheck function

* Simplify checking response media type

* Include json parse error message in thrown Error

* Remove unnecessary string cast of err body

* Fix json parsing

* More robust error handling

* Formatting

* Simplify err body message parser

* Revert error handling changes

---------

Co-authored-by: Nico Flaig <nflaig@protonmail.com>

packages/validator/src/util/externalSignerClient.ts

@@ -101,16 +101,20 @@ type Web3SignerSerializedRequest = {
   signingRoot: RootHex;
 };
 
+enum MediaType {
+  json = "application/json",
+}
+
 /**
  * Return public keys from the server.
  */
 export async function externalSignerGetKeys(externalSignerUrl: string): Promise<string[]> {
   const res = await fetch(`${externalSignerUrl}/api/v1/eth2/publicKeys`, {
     method: "GET",
-    headers: {"Content-Type": "application/json"},
+    headers: {Accept: MediaType.json},
   });
 
-  return handlerExternalSignerResponse<string[]>(res);
+  return handleExternalSignerResponse<string[]>(res);
 }
 
 /**
@@ -143,11 +147,14 @@ export async function externalSignerPostSignature(
 
   const res = await fetch(`${externalSignerUrl}/api/v1/eth2/sign/${pubkeyHex}`, {
     method: "POST",
-    headers: {"Content-Type": "application/json"},
+    headers: {
+      Accept: MediaType.json,
+      "Content-Type": MediaType.json,
+    },
     body: JSON.stringify(requestObj),
   });
 
-  const data = await handlerExternalSignerResponse<{signature: string}>(res);
+  const data = await handleExternalSignerResponse<{signature: string}>(res);
   return data.signature;
 }
 
@@ -157,20 +164,34 @@ export async function externalSignerPostSignature(
 export async function externalSignerUpCheck(remoteUrl: string): Promise<boolean> {
   const res = await fetch(`${remoteUrl}/upcheck`, {
     method: "GET",
-    headers: {"Content-Type": "application/json"},
+    headers: {Accept: MediaType.json},
   });
 
-  const data = await handlerExternalSignerResponse<{status: string}>(res);
+  const data = await handleExternalSignerResponse<{status: string}>(res);
   return data.status === "OK";
 }
 
-async function handlerExternalSignerResponse<T>(res: Response): Promise<T> {
+async function handleExternalSignerResponse<T>(res: Response): Promise<T> {
   if (!res.ok) {
     const errBody = await res.text();
-    throw Error(`${errBody}`);
+    throw Error(errBody || res.statusText);
+  }
+
+  const contentType = res.headers.get("content-type");
+  if (contentType === null) {
+    throw Error("No Content-Type header found in response");
   }
 
-  return JSON.parse(await res.text()) as T;
+  const mediaType = contentType.split(";", 1)[0].trim().toLowerCase();
+  if (mediaType !== MediaType.json) {
+    throw Error(`Unsupported response media type: ${mediaType}`);
+  }
+
+  try {
+    return (await res.json()) as T;
+  } catch (e) {
+    throw Error(`Invalid json response: ${(e as Error).message}`);
+  }
 }
 
 function serializerSignableMessagePayload(config: BeaconConfig, payload: SignableMessage): Record<string, unknown> {