From 7fca8b8e846d35173647013d1171d6aa386ab2fb Mon Sep 17 00:00:00 2001
From: shinobi133 <gabrielchijioke13@gmail.com>
Date: Sat, 20 Jun 2026 18:48:40 +0100
Subject: [PATCH] fix: validate engine auth environment variables (#1108)

Adds a guard check to ensure both BASE_NODE_L2_ENGINE_AUTH and BASE_NODE_L2_ENGINE_AUTH_RAW are set, and automatically creates the target parent directory if it does not exist before writing the secret.
---
 execution-entrypoint | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/execution-entrypoint b/execution-entrypoint
index cea226016..3875b0f70 100755
--- a/execution-entrypoint
+++ b/execution-entrypoint
@@ -127,10 +127,20 @@ if [[ "$RETH_HISTORICAL_PROOFS" == "true" && -n "$RETH_HISTORICAL_PROOFS_STORAGE
         --proofs-history.storage-path=$RETH_HISTORICAL_PROOFS_STORAGE_PATH
 fi
 
+if [[ -z "${BASE_NODE_L2_ENGINE_AUTH:-}" || -z "${BASE_NODE_L2_ENGINE_AUTH_RAW:-}" ]]; then
+    echo "expected BASE_NODE_L2_ENGINE_AUTH and BASE_NODE_L2_ENGINE_AUTH_RAW to be set" 1>&2
+    exit 1
+fi
+
+# Ensure the parent directory for the JWT secret file path exists
+JWT_DIR=$(dirname "$BASE_NODE_L2_ENGINE_AUTH")
+mkdir -p "$JWT_DIR"
+
 mkdir -p "$RETH_DATA_DIR"
 echo "Starting reth with additional args: $ADDITIONAL_ARGS"
 echo "$BASE_NODE_L2_ENGINE_AUTH_RAW" > "$BASE_NODE_L2_ENGINE_AUTH"
 
+
 exec "$BINARY" node \
   -$LOG_LEVEL \
   --datadir="$RETH_DATA_DIR" \