core_rpc_server: add a --restricted-rpc option
It does not expose the RPC for commands like start_mining, etc (ie, commands a public node operator might want to be restricted)
This commit is contained in:
parent
4061a32082
commit
75742977a8
|
@ -55,8 +55,8 @@
|
||||||
|
|
||||||
#define MAP_URI_AUTO_XML2(s_pattern, callback_f, command_type) //TODO: don't think i ever again will use xml - ambiguous and "overtagged" format
|
#define MAP_URI_AUTO_XML2(s_pattern, callback_f, command_type) //TODO: don't think i ever again will use xml - ambiguous and "overtagged" format
|
||||||
|
|
||||||
#define MAP_URI_AUTO_JON2(s_pattern, callback_f, command_type) \
|
#define MAP_URI_AUTO_JON2_IF(s_pattern, callback_f, command_type, cond) \
|
||||||
else if(query_info.m_URI == s_pattern) \
|
else if((query_info.m_URI == s_pattern) && (cond)) \
|
||||||
{ \
|
{ \
|
||||||
handled = true; \
|
handled = true; \
|
||||||
uint64_t ticks = misc_utils::get_tick_count(); \
|
uint64_t ticks = misc_utils::get_tick_count(); \
|
||||||
|
@ -80,6 +80,8 @@
|
||||||
LOG_PRINT( s_pattern << " processed with " << ticks1-ticks << "/"<< ticks2-ticks1 << "/" << ticks3-ticks2 << "ms", LOG_LEVEL_2); \
|
LOG_PRINT( s_pattern << " processed with " << ticks1-ticks << "/"<< ticks2-ticks1 << "/" << ticks3-ticks2 << "ms", LOG_LEVEL_2); \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define MAP_URI_AUTO_JON2(s_pattern, callback_f, command_type) MAP_URI_AUTO_JON2_IF(s_pattern, callback_f, command_type, true)
|
||||||
|
|
||||||
#define MAP_URI_AUTO_BIN2(s_pattern, callback_f, command_type) \
|
#define MAP_URI_AUTO_BIN2(s_pattern, callback_f, command_type) \
|
||||||
else if(query_info.m_URI == s_pattern) \
|
else if(query_info.m_URI == s_pattern) \
|
||||||
{ \
|
{ \
|
||||||
|
|
|
@ -51,6 +51,7 @@ namespace cryptonote
|
||||||
command_line::add_arg(desc, arg_rpc_bind_ip);
|
command_line::add_arg(desc, arg_rpc_bind_ip);
|
||||||
command_line::add_arg(desc, arg_rpc_bind_port);
|
command_line::add_arg(desc, arg_rpc_bind_port);
|
||||||
command_line::add_arg(desc, arg_testnet_rpc_bind_port);
|
command_line::add_arg(desc, arg_testnet_rpc_bind_port);
|
||||||
|
command_line::add_arg(desc, arg_restricted_rpc);
|
||||||
}
|
}
|
||||||
//------------------------------------------------------------------------------------------------------------------------------
|
//------------------------------------------------------------------------------------------------------------------------------
|
||||||
core_rpc_server::core_rpc_server(
|
core_rpc_server::core_rpc_server(
|
||||||
|
@ -69,6 +70,7 @@ namespace cryptonote
|
||||||
|
|
||||||
m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
|
m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
|
||||||
m_port = command_line::get_arg(vm, p2p_bind_arg);
|
m_port = command_line::get_arg(vm, p2p_bind_arg);
|
||||||
|
m_restricted = command_line::get_arg(vm, arg_restricted_rpc);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
//------------------------------------------------------------------------------------------------------------------------------
|
//------------------------------------------------------------------------------------------------------------------------------
|
||||||
|
@ -957,4 +959,10 @@ namespace cryptonote
|
||||||
, std::to_string(config::testnet::RPC_DEFAULT_PORT)
|
, std::to_string(config::testnet::RPC_DEFAULT_PORT)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
const command_line::arg_descriptor<bool> core_rpc_server::arg_restricted_rpc = {
|
||||||
|
"restricted-rpc"
|
||||||
|
, "Restrict RPC to view only commands"
|
||||||
|
, false
|
||||||
|
};
|
||||||
|
|
||||||
} // namespace cryptonote
|
} // namespace cryptonote
|
||||||
|
|
|
@ -55,6 +55,7 @@ namespace cryptonote
|
||||||
static const command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
|
static const command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
|
||||||
static const command_line::arg_descriptor<std::string> arg_rpc_bind_port;
|
static const command_line::arg_descriptor<std::string> arg_rpc_bind_port;
|
||||||
static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port;
|
static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port;
|
||||||
|
static const command_line::arg_descriptor<bool> arg_restricted_rpc;
|
||||||
|
|
||||||
typedef epee::net_utils::connection_context_base connection_context;
|
typedef epee::net_utils::connection_context_base connection_context;
|
||||||
|
|
||||||
|
@ -79,20 +80,20 @@ namespace cryptonote
|
||||||
MAP_URI_AUTO_JON2("/gettransactions", on_get_transactions, COMMAND_RPC_GET_TRANSACTIONS)
|
MAP_URI_AUTO_JON2("/gettransactions", on_get_transactions, COMMAND_RPC_GET_TRANSACTIONS)
|
||||||
MAP_URI_AUTO_JON2("/is_key_image_spent", on_is_key_image_spent, COMMAND_RPC_IS_KEY_IMAGE_SPENT)
|
MAP_URI_AUTO_JON2("/is_key_image_spent", on_is_key_image_spent, COMMAND_RPC_IS_KEY_IMAGE_SPENT)
|
||||||
MAP_URI_AUTO_JON2("/sendrawtransaction", on_send_raw_tx, COMMAND_RPC_SEND_RAW_TX)
|
MAP_URI_AUTO_JON2("/sendrawtransaction", on_send_raw_tx, COMMAND_RPC_SEND_RAW_TX)
|
||||||
MAP_URI_AUTO_JON2("/start_mining", on_start_mining, COMMAND_RPC_START_MINING)
|
MAP_URI_AUTO_JON2_IF("/start_mining", on_start_mining, COMMAND_RPC_START_MINING, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/stop_mining", on_stop_mining, COMMAND_RPC_STOP_MINING)
|
MAP_URI_AUTO_JON2_IF("/stop_mining", on_stop_mining, COMMAND_RPC_STOP_MINING, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/mining_status", on_mining_status, COMMAND_RPC_MINING_STATUS)
|
MAP_URI_AUTO_JON2_IF("/mining_status", on_mining_status, COMMAND_RPC_MINING_STATUS, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/save_bc", on_save_bc, COMMAND_RPC_SAVE_BC)
|
MAP_URI_AUTO_JON2_IF("/save_bc", on_save_bc, COMMAND_RPC_SAVE_BC, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/get_peer_list", on_get_peer_list, COMMAND_RPC_GET_PEER_LIST)
|
MAP_URI_AUTO_JON2_IF("/get_peer_list", on_get_peer_list, COMMAND_RPC_GET_PEER_LIST, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/set_log_hash_rate", on_set_log_hash_rate, COMMAND_RPC_SET_LOG_HASH_RATE)
|
MAP_URI_AUTO_JON2_IF("/set_log_hash_rate", on_set_log_hash_rate, COMMAND_RPC_SET_LOG_HASH_RATE, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/set_log_level", on_set_log_level, COMMAND_RPC_SET_LOG_LEVEL)
|
MAP_URI_AUTO_JON2_IF("/set_log_level", on_set_log_level, COMMAND_RPC_SET_LOG_LEVEL, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/get_transaction_pool", on_get_transaction_pool, COMMAND_RPC_GET_TRANSACTION_POOL)
|
MAP_URI_AUTO_JON2("/get_transaction_pool", on_get_transaction_pool, COMMAND_RPC_GET_TRANSACTION_POOL)
|
||||||
MAP_URI_AUTO_JON2("/stop_daemon", on_stop_daemon, COMMAND_RPC_STOP_DAEMON)
|
MAP_URI_AUTO_JON2_IF("/stop_daemon", on_stop_daemon, COMMAND_RPC_STOP_DAEMON, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/getinfo", on_get_info, COMMAND_RPC_GET_INFO)
|
MAP_URI_AUTO_JON2("/getinfo", on_get_info, COMMAND_RPC_GET_INFO)
|
||||||
MAP_URI_AUTO_JON2("/fast_exit", on_fast_exit, COMMAND_RPC_FAST_EXIT)
|
MAP_URI_AUTO_JON2_IF("/fast_exit", on_fast_exit, COMMAND_RPC_FAST_EXIT, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/out_peers", on_out_peers, COMMAND_RPC_OUT_PEERS)
|
MAP_URI_AUTO_JON2_IF("/out_peers", on_out_peers, COMMAND_RPC_OUT_PEERS, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/start_save_graph", on_start_save_graph, COMMAND_RPC_START_SAVE_GRAPH)
|
MAP_URI_AUTO_JON2_IF("/start_save_graph", on_start_save_graph, COMMAND_RPC_START_SAVE_GRAPH, !m_restricted)
|
||||||
MAP_URI_AUTO_JON2("/stop_save_graph", on_stop_save_graph, COMMAND_RPC_STOP_SAVE_GRAPH)
|
MAP_URI_AUTO_JON2_IF("/stop_save_graph", on_stop_save_graph, COMMAND_RPC_STOP_SAVE_GRAPH, !m_restricted)
|
||||||
BEGIN_JSON_RPC_MAP("/json_rpc")
|
BEGIN_JSON_RPC_MAP("/json_rpc")
|
||||||
MAP_JON_RPC("getblockcount", on_getblockcount, COMMAND_RPC_GETBLOCKCOUNT)
|
MAP_JON_RPC("getblockcount", on_getblockcount, COMMAND_RPC_GETBLOCKCOUNT)
|
||||||
MAP_JON_RPC_WE("on_getblockhash", on_getblockhash, COMMAND_RPC_GETBLOCKHASH)
|
MAP_JON_RPC_WE("on_getblockhash", on_getblockhash, COMMAND_RPC_GETBLOCKHASH)
|
||||||
|
@ -161,5 +162,6 @@ private:
|
||||||
std::string m_port;
|
std::string m_port;
|
||||||
std::string m_bind_ip;
|
std::string m_bind_ip;
|
||||||
bool m_testnet;
|
bool m_testnet;
|
||||||
|
bool m_restricted;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue