bug: no flag found on v0.13.0 for --rpc.skip-auth or --rpc.disable-auth

[jcstein]

Celestia Node version

v0.13.0

OS

macOS

Install tools

docs

Others

No response

Steps to reproduce it

try to use either --rpc.skip-auth or --rpc.disable-auth

Expected result

it should disable auth

Actual result

Relevant log output

Error: unknown flag: --rpc.skip-auth
Usage:
  celestia das sampling-stats [flags]

# and

Error: unknown flag: --rpc.disable-auth
Usage:
  celestia das sampling-stats [flags]

Notes

How does a user skip auth if the node store must be specified to tell which chain it is specific to? Does celestia-node know which network is running and will refer to that data store for the network?

I wasn't sure which flag to use, because the issue summary says "New flag: --rpc.skip-auth" and the release notes say "feat!(rpc): rpc.disable-auth flag by @ distractedm1nd in https://github.com/celestiaorg/celestia-node/pull/3117"

[ramin]

@jcstein I see how this is confusing and had to stop and think myseld.

as currently implemented, --rpc.skip-auth is a flag provided ONLY when starting the node, ie:

celestia light start --rpc.skip-auth

Then the verifyAuth middleware for RPC will skip validating the provided auth token in the request header. This was introduced as a request to support programmatic access without managing auth tokens. The cli (as would any sdk client) remains unaware if a server was started with auth skipped. So, in this case, you could provide anything as token, ie:

• start a server with --rpc.skip-auth
• run a cli rpc command like celestia p2p info --token LOLWHUT

and it'd be accepted

[jcstein]

thanks for the explanation @ramin. for a user interacting using Golang, will they also provide a dummy token in this case? what do you think is the best thing to document? putting a token where one isn't needed seems hacky IMHO