You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
5.7 KiB
202 lines
5.7 KiB
10 years ago
|
#include "httprpc.h"
|
||
|
|
||
|
#include "base58.h"
|
||
|
#include "chainparams.h"
|
||
|
#include "httpserver.h"
|
||
|
#include "rpcprotocol.h"
|
||
|
#include "rpcserver.h"
|
||
|
#include "random.h"
|
||
|
#include "sync.h"
|
||
|
#include "util.h"
|
||
|
#include "utilstrencodings.h"
|
||
|
#include "ui_interface.h"
|
||
|
|
||
|
#include <boost/algorithm/string.hpp> // boost::trim
|
||
|
|
||
|
/** Simple one-shot callback timer to be used by the RPC mechanism to e.g.
|
||
|
* re-lock the wellet.
|
||
|
*/
|
||
|
class HTTPRPCTimer : public RPCTimerBase
|
||
|
{
|
||
|
public:
|
||
|
HTTPRPCTimer(struct event_base* eventBase, boost::function<void(void)>& func, int64_t seconds) : ev(eventBase, false, new Handler(func))
|
||
|
{
|
||
|
struct timeval tv = {seconds, 0};
|
||
|
ev.trigger(&tv);
|
||
|
}
|
||
|
private:
|
||
|
HTTPEvent ev;
|
||
|
|
||
|
class Handler : public HTTPClosure
|
||
|
{
|
||
|
public:
|
||
|
Handler(const boost::function<void(void)>& func) : func(func)
|
||
|
{
|
||
|
}
|
||
|
private:
|
||
|
boost::function<void(void)> func;
|
||
|
void operator()() { func(); }
|
||
|
};
|
||
|
};
|
||
|
|
||
|
class HTTPRPCTimerInterface : public RPCTimerInterface
|
||
|
{
|
||
|
public:
|
||
|
HTTPRPCTimerInterface(struct event_base* base) : base(base)
|
||
|
{
|
||
|
}
|
||
|
const char* Name()
|
||
|
{
|
||
|
return "HTTP";
|
||
|
}
|
||
|
RPCTimerBase* NewTimer(boost::function<void(void)>& func, int64_t seconds)
|
||
|
{
|
||
|
return new HTTPRPCTimer(base, func, seconds);
|
||
|
}
|
||
|
private:
|
||
|
struct event_base* base;
|
||
|
};
|
||
|
|
||
|
|
||
|
/* Pre-base64-encoded authentication token */
|
||
|
static std::string strRPCUserColonPass;
|
||
|
/* Stored RPC timer interface (for unregistration) */
|
||
|
static HTTPRPCTimerInterface* httpRPCTimerInterface = 0;
|
||
|
|
||
|
static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const UniValue& id)
|
||
|
{
|
||
|
// Send error reply from json-rpc error object
|
||
|
int nStatus = HTTP_INTERNAL_SERVER_ERROR;
|
||
|
int code = find_value(objError, "code").get_int();
|
||
|
|
||
|
if (code == RPC_INVALID_REQUEST)
|
||
|
nStatus = HTTP_BAD_REQUEST;
|
||
|
else if (code == RPC_METHOD_NOT_FOUND)
|
||
|
nStatus = HTTP_NOT_FOUND;
|
||
|
|
||
|
std::string strReply = JSONRPCReply(NullUniValue, objError, id);
|
||
|
|
||
|
req->WriteHeader("Content-Type", "application/json");
|
||
|
req->WriteReply(nStatus, strReply);
|
||
|
}
|
||
|
|
||
|
static bool RPCAuthorized(const std::string& strAuth)
|
||
|
{
|
||
|
if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
|
||
|
return false;
|
||
|
if (strAuth.substr(0, 6) != "Basic ")
|
||
|
return false;
|
||
|
std::string strUserPass64 = strAuth.substr(6);
|
||
|
boost::trim(strUserPass64);
|
||
|
std::string strUserPass = DecodeBase64(strUserPass64);
|
||
|
return TimingResistantEqual(strUserPass, strRPCUserColonPass);
|
||
|
}
|
||
|
|
||
|
static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
|
||
|
{
|
||
|
// JSONRPC handles only POST
|
||
|
if (req->GetRequestMethod() != HTTPRequest::POST) {
|
||
|
req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests");
|
||
|
return false;
|
||
|
}
|
||
|
// Check authorization
|
||
|
std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
|
||
|
if (!authHeader.first) {
|
||
|
req->WriteReply(HTTP_UNAUTHORIZED);
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if (!RPCAuthorized(authHeader.second)) {
|
||
|
LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
|
||
|
|
||
|
/* Deter brute-forcing
|
||
|
If this results in a DoS the user really
|
||
|
shouldn't have their RPC port exposed. */
|
||
|
MilliSleep(250);
|
||
|
|
||
|
req->WriteReply(HTTP_UNAUTHORIZED);
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
JSONRequest jreq;
|
||
|
try {
|
||
|
// Parse request
|
||
|
UniValue valRequest;
|
||
|
if (!valRequest.read(req->ReadBody()))
|
||
|
throw JSONRPCError(RPC_PARSE_ERROR, "Parse error");
|
||
|
|
||
|
std::string strReply;
|
||
|
// singleton request
|
||
|
if (valRequest.isObject()) {
|
||
|
jreq.parse(valRequest);
|
||
|
|
||
|
UniValue result = tableRPC.execute(jreq.strMethod, jreq.params);
|
||
|
|
||
|
// Send reply
|
||
|
strReply = JSONRPCReply(result, NullUniValue, jreq.id);
|
||
|
|
||
|
// array of requests
|
||
|
} else if (valRequest.isArray())
|
||
|
strReply = JSONRPCExecBatch(valRequest.get_array());
|
||
|
else
|
||
|
throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error");
|
||
|
|
||
|
req->WriteHeader("Content-Type", "application/json");
|
||
|
req->WriteReply(HTTP_OK, strReply);
|
||
|
} catch (const UniValue& objError) {
|
||
|
JSONErrorReply(req, objError, jreq.id);
|
||
|
return false;
|
||
|
} catch (const std::exception& e) {
|
||
|
JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id);
|
||
|
return false;
|
||
|
}
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
static bool InitRPCAuthentication()
|
||
|
{
|
||
|
if (mapArgs["-rpcpassword"] == "")
|
||
|
{
|
||
|
LogPrintf("No rpcpassword set - using random cookie authentication\n");
|
||
|
if (!GenerateAuthCookie(&strRPCUserColonPass)) {
|
||
|
uiInterface.ThreadSafeMessageBox(
|
||
|
_("Error: A fatal internal error occurred, see debug.log for details"), // Same message as AbortNode
|
||
|
"", CClientUIInterface::MSG_ERROR);
|
||
|
return false;
|
||
|
}
|
||
|
} else {
|
||
|
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
|
||
|
}
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
bool StartHTTPRPC()
|
||
|
{
|
||
|
LogPrint("rpc", "Starting HTTP RPC server\n");
|
||
|
if (!InitRPCAuthentication())
|
||
|
return false;
|
||
|
|
||
|
RegisterHTTPHandler("/", true, HTTPReq_JSONRPC);
|
||
|
|
||
|
assert(EventBase());
|
||
|
httpRPCTimerInterface = new HTTPRPCTimerInterface(EventBase());
|
||
|
RPCRegisterTimerInterface(httpRPCTimerInterface);
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
void InterruptHTTPRPC()
|
||
|
{
|
||
|
LogPrint("rpc", "Interrupting HTTP RPC server\n");
|
||
|
}
|
||
|
|
||
|
void StopHTTPRPC()
|
||
|
{
|
||
|
LogPrint("rpc", "Stopping HTTP RPC server\n");
|
||
|
UnregisterHTTPHandler("/", true);
|
||
|
if (httpRPCTimerInterface) {
|
||
|
RPCUnregisterTimerInterface(httpRPCTimerInterface);
|
||
|
delete httpRPCTimerInterface;
|
||
|
httpRPCTimerInterface = 0;
|
||
|
}
|
||
|
}
|