2015-12-01 19:44:58 +01:00
|
|
|
// Copyright (c) 2013-2015 The btcsuite developers
|
|
|
|
// Use of this source code is governed by an ISC
|
|
|
|
// license that can be found in the LICENSE file.
|
Modernize the RPC server.
This is a rather monolithic commit that moves the old RPC server to
its own package (rpc/legacyrpc), introduces a new RPC server using
gRPC (rpc/rpcserver), and provides the ability to defer wallet loading
until request at a later time by an RPC (--noinitialload).
The legacy RPC server remains the default for now while the new gRPC
server is not enabled by default. Enabling the new server requires
setting a listen address (--experimenalrpclisten). This experimental
flag is used to effectively feature gate the server until it is ready
to use as a default. Both RPC servers can be run at the same time,
but require binding to different listen addresses.
In theory, with the legacy RPC server now living in its own package it
should become much easier to unit test the handlers. This will be
useful for any future changes to the package, as compatibility with
Core's wallet is still desired.
Type safety has also been improved in the legacy RPC server. Multiple
handler types are now used for methods that do and do not require the
RPC client as a dependency. This can statically help prevent nil
pointer dereferences, and was very useful for catching bugs during
refactoring.
To synchronize the wallet loading process between the main package
(the default) and through the gRPC WalletLoader service (with the
--noinitialload option), as well as increasing the loose coupling of
packages, a new wallet.Loader type has been added. All creating and
loading of existing wallets is done through a single Loader instance,
and callbacks can be attached to the instance to run after the wallet
has been opened. This is how the legacy RPC server is associated with
a loaded wallet, even after the wallet is loaded by a gRPC method in a
completely unrelated package.
Documentation for the new RPC server has been added to the
rpc/documentation directory. The documentation includes a
specification for the new RPC API, addresses how to make changes to
the server implementation, and provides short example clients in
several different languages.
Some of the new RPC methods are not implementated exactly as described
by the specification. These are considered bugs with the
implementation, not the spec. Known bugs are commented as such.
2015-06-01 21:57:50 +02:00
|
|
|
|
|
|
|
package legacyrpc
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/subtle"
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"net"
|
|
|
|
"net/http"
|
|
|
|
"sync"
|
|
|
|
"sync/atomic"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/btcsuite/btcd/btcjson"
|
|
|
|
"github.com/btcsuite/btcwallet/chain"
|
|
|
|
"github.com/btcsuite/btcwallet/wallet"
|
|
|
|
"github.com/btcsuite/fastsha256"
|
|
|
|
"github.com/btcsuite/websocket"
|
|
|
|
)
|
|
|
|
|
|
|
|
type websocketClient struct {
|
|
|
|
conn *websocket.Conn
|
|
|
|
authenticated bool
|
|
|
|
remoteAddr string
|
|
|
|
allRequests chan []byte
|
|
|
|
responses chan []byte
|
|
|
|
quit chan struct{} // closed on disconnect
|
|
|
|
wg sync.WaitGroup
|
|
|
|
}
|
|
|
|
|
|
|
|
func newWebsocketClient(c *websocket.Conn, authenticated bool, remoteAddr string) *websocketClient {
|
|
|
|
return &websocketClient{
|
|
|
|
conn: c,
|
|
|
|
authenticated: authenticated,
|
|
|
|
remoteAddr: remoteAddr,
|
|
|
|
allRequests: make(chan []byte),
|
|
|
|
responses: make(chan []byte),
|
|
|
|
quit: make(chan struct{}),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *websocketClient) send(b []byte) error {
|
|
|
|
select {
|
|
|
|
case c.responses <- b:
|
|
|
|
return nil
|
|
|
|
case <-c.quit:
|
|
|
|
return errors.New("websocket client disconnected")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Server holds the items the RPC server may need to access (auth,
|
|
|
|
// config, shutdown, etc.)
|
|
|
|
type Server struct {
|
|
|
|
httpServer http.Server
|
|
|
|
wallet *wallet.Wallet
|
|
|
|
walletLoader *wallet.Loader
|
|
|
|
chainClient *chain.RPCClient
|
|
|
|
handlerLookup func(string) (requestHandler, bool)
|
|
|
|
handlerMu sync.Mutex
|
|
|
|
|
|
|
|
listeners []net.Listener
|
|
|
|
authsha [fastsha256.Size]byte
|
|
|
|
upgrader websocket.Upgrader
|
|
|
|
|
|
|
|
maxPostClients int64 // Max concurrent HTTP POST clients.
|
|
|
|
maxWebsocketClients int64 // Max concurrent websocket clients.
|
|
|
|
|
|
|
|
wg sync.WaitGroup
|
|
|
|
quit chan struct{}
|
|
|
|
quitMtx sync.Mutex
|
|
|
|
|
|
|
|
requestShutdownChan chan struct{}
|
|
|
|
}
|
|
|
|
|
2016-02-01 15:10:22 +01:00
|
|
|
// jsonAuthFail sends a message back to the client if the http auth is rejected.
|
|
|
|
func jsonAuthFail(w http.ResponseWriter) {
|
|
|
|
w.Header().Add("WWW-Authenticate", `Basic realm="btcwallet RPC"`)
|
|
|
|
http.Error(w, "401 Unauthorized.", http.StatusUnauthorized)
|
|
|
|
}
|
|
|
|
|
Modernize the RPC server.
This is a rather monolithic commit that moves the old RPC server to
its own package (rpc/legacyrpc), introduces a new RPC server using
gRPC (rpc/rpcserver), and provides the ability to defer wallet loading
until request at a later time by an RPC (--noinitialload).
The legacy RPC server remains the default for now while the new gRPC
server is not enabled by default. Enabling the new server requires
setting a listen address (--experimenalrpclisten). This experimental
flag is used to effectively feature gate the server until it is ready
to use as a default. Both RPC servers can be run at the same time,
but require binding to different listen addresses.
In theory, with the legacy RPC server now living in its own package it
should become much easier to unit test the handlers. This will be
useful for any future changes to the package, as compatibility with
Core's wallet is still desired.
Type safety has also been improved in the legacy RPC server. Multiple
handler types are now used for methods that do and do not require the
RPC client as a dependency. This can statically help prevent nil
pointer dereferences, and was very useful for catching bugs during
refactoring.
To synchronize the wallet loading process between the main package
(the default) and through the gRPC WalletLoader service (with the
--noinitialload option), as well as increasing the loose coupling of
packages, a new wallet.Loader type has been added. All creating and
loading of existing wallets is done through a single Loader instance,
and callbacks can be attached to the instance to run after the wallet
has been opened. This is how the legacy RPC server is associated with
a loaded wallet, even after the wallet is loaded by a gRPC method in a
completely unrelated package.
Documentation for the new RPC server has been added to the
rpc/documentation directory. The documentation includes a
specification for the new RPC API, addresses how to make changes to
the server implementation, and provides short example clients in
several different languages.
Some of the new RPC methods are not implementated exactly as described
by the specification. These are considered bugs with the
implementation, not the spec. Known bugs are commented as such.
2015-06-01 21:57:50 +02:00
|
|
|
// NewServer creates a new server for serving legacy RPC client connections,
|
|
|
|
// both HTTP POST and websocket.
|
|
|
|
func NewServer(opts *Options, walletLoader *wallet.Loader, listeners []net.Listener) *Server {
|
|
|
|
serveMux := http.NewServeMux()
|
|
|
|
const rpcAuthTimeoutSeconds = 10
|
|
|
|
|
|
|
|
server := &Server{
|
|
|
|
httpServer: http.Server{
|
|
|
|
Handler: serveMux,
|
|
|
|
|
|
|
|
// Timeout connections which don't complete the initial
|
|
|
|
// handshake within the allowed timeframe.
|
|
|
|
ReadTimeout: time.Second * rpcAuthTimeoutSeconds,
|
|
|
|
},
|
|
|
|
walletLoader: walletLoader,
|
|
|
|
maxPostClients: opts.MaxPOSTClients,
|
|
|
|
maxWebsocketClients: opts.MaxWebsocketClients,
|
|
|
|
listeners: listeners,
|
|
|
|
// A hash of the HTTP basic auth string is used for a constant
|
|
|
|
// time comparison.
|
|
|
|
authsha: fastsha256.Sum256(httpBasicAuth(opts.Username, opts.Password)),
|
|
|
|
upgrader: websocket.Upgrader{
|
|
|
|
// Allow all origins.
|
|
|
|
CheckOrigin: func(r *http.Request) bool { return true },
|
|
|
|
},
|
|
|
|
quit: make(chan struct{}),
|
|
|
|
requestShutdownChan: make(chan struct{}, 1),
|
|
|
|
}
|
|
|
|
|
|
|
|
serveMux.Handle("/", throttledFn(opts.MaxPOSTClients,
|
|
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Connection", "close")
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
r.Close = true
|
|
|
|
|
|
|
|
if err := server.checkAuthHeader(r); err != nil {
|
|
|
|
log.Warnf("Unauthorized client connection attempt")
|
2016-02-01 15:10:22 +01:00
|
|
|
jsonAuthFail(w)
|
Modernize the RPC server.
This is a rather monolithic commit that moves the old RPC server to
its own package (rpc/legacyrpc), introduces a new RPC server using
gRPC (rpc/rpcserver), and provides the ability to defer wallet loading
until request at a later time by an RPC (--noinitialload).
The legacy RPC server remains the default for now while the new gRPC
server is not enabled by default. Enabling the new server requires
setting a listen address (--experimenalrpclisten). This experimental
flag is used to effectively feature gate the server until it is ready
to use as a default. Both RPC servers can be run at the same time,
but require binding to different listen addresses.
In theory, with the legacy RPC server now living in its own package it
should become much easier to unit test the handlers. This will be
useful for any future changes to the package, as compatibility with
Core's wallet is still desired.
Type safety has also been improved in the legacy RPC server. Multiple
handler types are now used for methods that do and do not require the
RPC client as a dependency. This can statically help prevent nil
pointer dereferences, and was very useful for catching bugs during
refactoring.
To synchronize the wallet loading process between the main package
(the default) and through the gRPC WalletLoader service (with the
--noinitialload option), as well as increasing the loose coupling of
packages, a new wallet.Loader type has been added. All creating and
loading of existing wallets is done through a single Loader instance,
and callbacks can be attached to the instance to run after the wallet
has been opened. This is how the legacy RPC server is associated with
a loaded wallet, even after the wallet is loaded by a gRPC method in a
completely unrelated package.
Documentation for the new RPC server has been added to the
rpc/documentation directory. The documentation includes a
specification for the new RPC API, addresses how to make changes to
the server implementation, and provides short example clients in
several different languages.
Some of the new RPC methods are not implementated exactly as described
by the specification. These are considered bugs with the
implementation, not the spec. Known bugs are commented as such.
2015-06-01 21:57:50 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
server.wg.Add(1)
|
|
|
|
server.PostClientRPC(w, r)
|
|
|
|
server.wg.Done()
|
|
|
|
}))
|
|
|
|
|
|
|
|
serveMux.Handle("/ws", throttledFn(opts.MaxWebsocketClients,
|
|
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
authenticated := false
|
|
|
|
switch server.checkAuthHeader(r) {
|
|
|
|
case nil:
|
|
|
|
authenticated = true
|
|
|
|
case ErrNoAuth:
|
|
|
|
// nothing
|
|
|
|
default:
|
|
|
|
// If auth was supplied but incorrect, rather than simply
|
|
|
|
// being missing, immediately terminate the connection.
|
|
|
|
log.Warnf("Disconnecting improperly authorized " +
|
|
|
|
"websocket client")
|
2016-02-01 15:10:22 +01:00
|
|
|
jsonAuthFail(w)
|
Modernize the RPC server.
This is a rather monolithic commit that moves the old RPC server to
its own package (rpc/legacyrpc), introduces a new RPC server using
gRPC (rpc/rpcserver), and provides the ability to defer wallet loading
until request at a later time by an RPC (--noinitialload).
The legacy RPC server remains the default for now while the new gRPC
server is not enabled by default. Enabling the new server requires
setting a listen address (--experimenalrpclisten). This experimental
flag is used to effectively feature gate the server until it is ready
to use as a default. Both RPC servers can be run at the same time,
but require binding to different listen addresses.
In theory, with the legacy RPC server now living in its own package it
should become much easier to unit test the handlers. This will be
useful for any future changes to the package, as compatibility with
Core's wallet is still desired.
Type safety has also been improved in the legacy RPC server. Multiple
handler types are now used for methods that do and do not require the
RPC client as a dependency. This can statically help prevent nil
pointer dereferences, and was very useful for catching bugs during
refactoring.
To synchronize the wallet loading process between the main package
(the default) and through the gRPC WalletLoader service (with the
--noinitialload option), as well as increasing the loose coupling of
packages, a new wallet.Loader type has been added. All creating and
loading of existing wallets is done through a single Loader instance,
and callbacks can be attached to the instance to run after the wallet
has been opened. This is how the legacy RPC server is associated with
a loaded wallet, even after the wallet is loaded by a gRPC method in a
completely unrelated package.
Documentation for the new RPC server has been added to the
rpc/documentation directory. The documentation includes a
specification for the new RPC API, addresses how to make changes to
the server implementation, and provides short example clients in
several different languages.
Some of the new RPC methods are not implementated exactly as described
by the specification. These are considered bugs with the
implementation, not the spec. Known bugs are commented as such.
2015-06-01 21:57:50 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
conn, err := server.upgrader.Upgrade(w, r, nil)
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("Cannot websocket upgrade client %s: %v",
|
|
|
|
r.RemoteAddr, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
wsc := newWebsocketClient(conn, authenticated, r.RemoteAddr)
|
|
|
|
server.websocketClientRPC(wsc)
|
|
|
|
}))
|
|
|
|
|
|
|
|
for _, lis := range listeners {
|
|
|
|
server.serve(lis)
|
|
|
|
}
|
|
|
|
|
|
|
|
return server
|
|
|
|
}
|
|
|
|
|
|
|
|
// httpBasicAuth returns the UTF-8 bytes of the HTTP Basic authentication
|
|
|
|
// string:
|
|
|
|
//
|
|
|
|
// "Basic " + base64(username + ":" + password)
|
|
|
|
func httpBasicAuth(username, password string) []byte {
|
|
|
|
const header = "Basic "
|
|
|
|
base64 := base64.StdEncoding
|
|
|
|
|
|
|
|
b64InputLen := len(username) + len(":") + len(password)
|
|
|
|
b64Input := make([]byte, 0, b64InputLen)
|
|
|
|
b64Input = append(b64Input, username...)
|
|
|
|
b64Input = append(b64Input, ':')
|
|
|
|
b64Input = append(b64Input, password...)
|
|
|
|
|
|
|
|
output := make([]byte, len(header)+base64.EncodedLen(b64InputLen))
|
|
|
|
copy(output, header)
|
|
|
|
base64.Encode(output[len(header):], b64Input)
|
|
|
|
return output
|
|
|
|
}
|
|
|
|
|
|
|
|
// serve serves HTTP POST and websocket RPC for the legacy JSON-RPC RPC server.
|
|
|
|
// This function does not block on lis.Accept.
|
|
|
|
func (s *Server) serve(lis net.Listener) {
|
|
|
|
s.wg.Add(1)
|
|
|
|
go func() {
|
|
|
|
log.Infof("Listening on %s", lis.Addr())
|
|
|
|
err := s.httpServer.Serve(lis)
|
|
|
|
log.Tracef("Finished serving RPC: %v", err)
|
|
|
|
s.wg.Done()
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
// RegisterWallet associates the legacy RPC server with the wallet. This
|
|
|
|
// function must be called before any wallet RPCs can be called by clients.
|
|
|
|
func (s *Server) RegisterWallet(w *wallet.Wallet) {
|
|
|
|
s.handlerMu.Lock()
|
|
|
|
s.wallet = w
|
|
|
|
s.handlerMu.Unlock()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Stop gracefully shuts down the rpc server by stopping and disconnecting all
|
|
|
|
// clients, disconnecting the chain server connection, and closing the wallet's
|
|
|
|
// account files. This blocks until shutdown completes.
|
|
|
|
func (s *Server) Stop() {
|
|
|
|
s.quitMtx.Lock()
|
|
|
|
select {
|
|
|
|
case <-s.quit:
|
|
|
|
s.quitMtx.Unlock()
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
|
|
|
|
// Stop the connected wallet and chain server, if any.
|
|
|
|
s.handlerMu.Lock()
|
|
|
|
wallet := s.wallet
|
|
|
|
chainClient := s.chainClient
|
|
|
|
s.handlerMu.Unlock()
|
|
|
|
if wallet != nil {
|
|
|
|
wallet.Stop()
|
|
|
|
}
|
|
|
|
if chainClient != nil {
|
|
|
|
chainClient.Stop()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Stop all the listeners.
|
|
|
|
for _, listener := range s.listeners {
|
|
|
|
err := listener.Close()
|
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Cannot close listener `%s`: %v",
|
|
|
|
listener.Addr(), err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Signal the remaining goroutines to stop.
|
|
|
|
close(s.quit)
|
|
|
|
s.quitMtx.Unlock()
|
|
|
|
|
|
|
|
// First wait for the wallet and chain server to stop, if they
|
|
|
|
// were ever set.
|
|
|
|
if wallet != nil {
|
|
|
|
wallet.WaitForShutdown()
|
|
|
|
}
|
|
|
|
if chainClient != nil {
|
|
|
|
chainClient.WaitForShutdown()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Wait for all remaining goroutines to exit.
|
|
|
|
s.wg.Wait()
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetChainServer sets the chain server client component needed to run a fully
|
|
|
|
// functional bitcoin wallet RPC server. This can be called to enable RPC
|
|
|
|
// passthrough even before a loaded wallet is set, but the wallet's RPC client
|
|
|
|
// is preferred.
|
|
|
|
func (s *Server) SetChainServer(chainClient *chain.RPCClient) {
|
|
|
|
s.handlerMu.Lock()
|
|
|
|
s.chainClient = chainClient
|
|
|
|
s.handlerMu.Unlock()
|
|
|
|
}
|
|
|
|
|
|
|
|
// handlerClosure creates a closure function for handling requests of the given
|
|
|
|
// method. This may be a request that is handled directly by btcwallet, or
|
|
|
|
// a chain server request that is handled by passing the request down to btcd.
|
|
|
|
//
|
|
|
|
// NOTE: These handlers do not handle special cases, such as the authenticate
|
|
|
|
// method. Each of these must be checked beforehand (the method is already
|
|
|
|
// known) and handled accordingly.
|
|
|
|
func (s *Server) handlerClosure(request *btcjson.Request) lazyHandler {
|
|
|
|
s.handlerMu.Lock()
|
|
|
|
// With the lock held, make copies of these pointers for the closure.
|
|
|
|
wallet := s.wallet
|
|
|
|
chainClient := s.chainClient
|
|
|
|
if wallet != nil && chainClient == nil {
|
|
|
|
chainClient = wallet.ChainClient()
|
|
|
|
s.chainClient = chainClient
|
|
|
|
}
|
|
|
|
s.handlerMu.Unlock()
|
|
|
|
|
|
|
|
return lazyApplyHandler(request, wallet, chainClient)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ErrNoAuth represents an error where authentication could not succeed
|
|
|
|
// due to a missing Authorization HTTP header.
|
|
|
|
var ErrNoAuth = errors.New("no auth")
|
|
|
|
|
|
|
|
// checkAuthHeader checks the HTTP Basic authentication supplied by a client
|
|
|
|
// in the HTTP request r. It errors with ErrNoAuth if the request does not
|
|
|
|
// contain the Authorization header, or another non-nil error if the
|
|
|
|
// authentication was provided but incorrect.
|
|
|
|
//
|
|
|
|
// This check is time-constant.
|
|
|
|
func (s *Server) checkAuthHeader(r *http.Request) error {
|
|
|
|
authhdr := r.Header["Authorization"]
|
|
|
|
if len(authhdr) == 0 {
|
|
|
|
return ErrNoAuth
|
|
|
|
}
|
|
|
|
|
|
|
|
authsha := fastsha256.Sum256([]byte(authhdr[0]))
|
|
|
|
cmp := subtle.ConstantTimeCompare(authsha[:], s.authsha[:])
|
|
|
|
if cmp != 1 {
|
|
|
|
return errors.New("bad auth")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// throttledFn wraps an http.HandlerFunc with throttling of concurrent active
|
|
|
|
// clients by responding with an HTTP 429 when the threshold is crossed.
|
|
|
|
func throttledFn(threshold int64, f http.HandlerFunc) http.Handler {
|
|
|
|
return throttled(threshold, f)
|
|
|
|
}
|
|
|
|
|
|
|
|
// throttled wraps an http.Handler with throttling of concurrent active
|
|
|
|
// clients by responding with an HTTP 429 when the threshold is crossed.
|
|
|
|
func throttled(threshold int64, h http.Handler) http.Handler {
|
|
|
|
var active int64
|
|
|
|
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
current := atomic.AddInt64(&active, 1)
|
|
|
|
defer atomic.AddInt64(&active, -1)
|
|
|
|
|
|
|
|
if current-1 >= threshold {
|
|
|
|
log.Warnf("Reached threshold of %d concurrent active clients", threshold)
|
|
|
|
http.Error(w, "429 Too Many Requests", 429)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
h.ServeHTTP(w, r)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// sanitizeRequest returns a sanitized string for the request which may be
|
|
|
|
// safely logged. It is intended to strip private keys, passphrases, and any
|
|
|
|
// other secrets from request parameters before they may be saved to a log file.
|
|
|
|
func sanitizeRequest(r *btcjson.Request) string {
|
|
|
|
// These are considered unsafe to log, so sanitize parameters.
|
|
|
|
switch r.Method {
|
|
|
|
case "encryptwallet", "importprivkey", "importwallet",
|
|
|
|
"signrawtransaction", "walletpassphrase",
|
|
|
|
"walletpassphrasechange":
|
|
|
|
|
|
|
|
return fmt.Sprintf(`{"id":%v,"method":"%s","params":SANITIZED %d parameters}`,
|
|
|
|
r.ID, r.Method, len(r.Params))
|
|
|
|
}
|
|
|
|
|
|
|
|
return fmt.Sprintf(`{"id":%v,"method":"%s","params":%v}`, r.ID,
|
|
|
|
r.Method, r.Params)
|
|
|
|
}
|
|
|
|
|
|
|
|
// idPointer returns a pointer to the passed ID, or nil if the interface is nil.
|
|
|
|
// Interface pointers are usually a red flag of doing something incorrectly,
|
|
|
|
// but this is only implemented here to work around an oddity with btcjson,
|
|
|
|
// which uses empty interface pointers for response IDs.
|
|
|
|
func idPointer(id interface{}) (p *interface{}) {
|
|
|
|
if id != nil {
|
|
|
|
p = &id
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// invalidAuth checks whether a websocket request is a valid (parsable)
|
|
|
|
// authenticate request and checks the supplied username and passphrase
|
|
|
|
// against the server auth.
|
|
|
|
func (s *Server) invalidAuth(req *btcjson.Request) bool {
|
|
|
|
cmd, err := btcjson.UnmarshalCmd(req)
|
|
|
|
if err != nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
authCmd, ok := cmd.(*btcjson.AuthenticateCmd)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
// Check credentials.
|
|
|
|
login := authCmd.Username + ":" + authCmd.Passphrase
|
|
|
|
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte(login))
|
|
|
|
authSha := fastsha256.Sum256([]byte(auth))
|
|
|
|
return subtle.ConstantTimeCompare(authSha[:], s.authsha[:]) != 1
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) websocketClientRead(wsc *websocketClient) {
|
|
|
|
for {
|
|
|
|
_, request, err := wsc.conn.ReadMessage()
|
|
|
|
if err != nil {
|
|
|
|
if err != io.EOF && err != io.ErrUnexpectedEOF {
|
|
|
|
log.Warnf("Websocket receive failed from client %s: %v",
|
|
|
|
wsc.remoteAddr, err)
|
|
|
|
}
|
|
|
|
close(wsc.allRequests)
|
|
|
|
break
|
|
|
|
}
|
|
|
|
wsc.allRequests <- request
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) websocketClientRespond(wsc *websocketClient) {
|
|
|
|
// A for-select with a read of the quit channel is used instead of a
|
|
|
|
// for-range to provide clean shutdown. This is necessary due to
|
|
|
|
// WebsocketClientRead (which sends to the allRequests chan) not closing
|
|
|
|
// allRequests during shutdown if the remote websocket client is still
|
|
|
|
// connected.
|
|
|
|
out:
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case reqBytes, ok := <-wsc.allRequests:
|
|
|
|
if !ok {
|
|
|
|
// client disconnected
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
|
|
|
|
var req btcjson.Request
|
|
|
|
err := json.Unmarshal(reqBytes, &req)
|
|
|
|
if err != nil {
|
|
|
|
if !wsc.authenticated {
|
|
|
|
// Disconnect immediately.
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
resp := makeResponse(req.ID, nil,
|
|
|
|
btcjson.ErrRPCInvalidRequest)
|
|
|
|
mresp, err := json.Marshal(resp)
|
|
|
|
// We expect the marshal to succeed. If it
|
|
|
|
// doesn't, it indicates some non-marshalable
|
|
|
|
// type in the response.
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
err = wsc.send(mresp)
|
|
|
|
if err != nil {
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if req.Method == "authenticate" {
|
|
|
|
if wsc.authenticated || s.invalidAuth(&req) {
|
|
|
|
// Disconnect immediately.
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
wsc.authenticated = true
|
|
|
|
resp := makeResponse(req.ID, nil, nil)
|
|
|
|
// Expected to never fail.
|
|
|
|
mresp, err := json.Marshal(resp)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
err = wsc.send(mresp)
|
|
|
|
if err != nil {
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if !wsc.authenticated {
|
|
|
|
// Disconnect immediately.
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
|
|
|
|
switch req.Method {
|
|
|
|
case "stop":
|
|
|
|
resp := makeResponse(req.ID,
|
|
|
|
"btcwallet stopping.", nil)
|
|
|
|
mresp, err := json.Marshal(resp)
|
|
|
|
// Expected to never fail.
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
err = wsc.send(mresp)
|
|
|
|
if err != nil {
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
s.requestProcessShutdown()
|
|
|
|
break
|
|
|
|
|
|
|
|
default:
|
|
|
|
req := req // Copy for the closure
|
|
|
|
f := s.handlerClosure(&req)
|
|
|
|
wsc.wg.Add(1)
|
|
|
|
go func() {
|
|
|
|
resp, jsonErr := f()
|
|
|
|
mresp, err := btcjson.MarshalResponse(req.ID, resp, jsonErr)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Unable to marshal response: %v", err)
|
|
|
|
} else {
|
|
|
|
_ = wsc.send(mresp)
|
|
|
|
}
|
|
|
|
wsc.wg.Done()
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
case <-s.quit:
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// allow client to disconnect after all handler goroutines are done
|
|
|
|
wsc.wg.Wait()
|
|
|
|
close(wsc.responses)
|
|
|
|
s.wg.Done()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) websocketClientSend(wsc *websocketClient) {
|
|
|
|
const deadline time.Duration = 2 * time.Second
|
|
|
|
out:
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case response, ok := <-wsc.responses:
|
|
|
|
if !ok {
|
|
|
|
// client disconnected
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
err := wsc.conn.SetWriteDeadline(time.Now().Add(deadline))
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("Cannot set write deadline on "+
|
|
|
|
"client %s: %v", wsc.remoteAddr, err)
|
|
|
|
}
|
|
|
|
err = wsc.conn.WriteMessage(websocket.TextMessage,
|
|
|
|
response)
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("Failed websocket send to client "+
|
|
|
|
"%s: %v", wsc.remoteAddr, err)
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
|
|
|
|
case <-s.quit:
|
|
|
|
break out
|
|
|
|
}
|
|
|
|
}
|
|
|
|
close(wsc.quit)
|
|
|
|
log.Infof("Disconnected websocket client %s", wsc.remoteAddr)
|
|
|
|
s.wg.Done()
|
|
|
|
}
|
|
|
|
|
2016-03-11 20:14:33 +01:00
|
|
|
// websocketClientRPC starts the goroutines to serve JSON-RPC requests over a
|
|
|
|
// websocket connection for a single client.
|
Modernize the RPC server.
This is a rather monolithic commit that moves the old RPC server to
its own package (rpc/legacyrpc), introduces a new RPC server using
gRPC (rpc/rpcserver), and provides the ability to defer wallet loading
until request at a later time by an RPC (--noinitialload).
The legacy RPC server remains the default for now while the new gRPC
server is not enabled by default. Enabling the new server requires
setting a listen address (--experimenalrpclisten). This experimental
flag is used to effectively feature gate the server until it is ready
to use as a default. Both RPC servers can be run at the same time,
but require binding to different listen addresses.
In theory, with the legacy RPC server now living in its own package it
should become much easier to unit test the handlers. This will be
useful for any future changes to the package, as compatibility with
Core's wallet is still desired.
Type safety has also been improved in the legacy RPC server. Multiple
handler types are now used for methods that do and do not require the
RPC client as a dependency. This can statically help prevent nil
pointer dereferences, and was very useful for catching bugs during
refactoring.
To synchronize the wallet loading process between the main package
(the default) and through the gRPC WalletLoader service (with the
--noinitialload option), as well as increasing the loose coupling of
packages, a new wallet.Loader type has been added. All creating and
loading of existing wallets is done through a single Loader instance,
and callbacks can be attached to the instance to run after the wallet
has been opened. This is how the legacy RPC server is associated with
a loaded wallet, even after the wallet is loaded by a gRPC method in a
completely unrelated package.
Documentation for the new RPC server has been added to the
rpc/documentation directory. The documentation includes a
specification for the new RPC API, addresses how to make changes to
the server implementation, and provides short example clients in
several different languages.
Some of the new RPC methods are not implementated exactly as described
by the specification. These are considered bugs with the
implementation, not the spec. Known bugs are commented as such.
2015-06-01 21:57:50 +02:00
|
|
|
func (s *Server) websocketClientRPC(wsc *websocketClient) {
|
|
|
|
log.Infof("New websocket client %s", wsc.remoteAddr)
|
|
|
|
|
|
|
|
// Clear the read deadline set before the websocket hijacked
|
|
|
|
// the connection.
|
|
|
|
if err := wsc.conn.SetReadDeadline(time.Time{}); err != nil {
|
|
|
|
log.Warnf("Cannot remove read deadline: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// WebsocketClientRead is intentionally not run with the waitgroup
|
|
|
|
// so it is ignored during shutdown. This is to prevent a hang during
|
|
|
|
// shutdown where the goroutine is blocked on a read of the
|
|
|
|
// websocket connection if the client is still connected.
|
|
|
|
go s.websocketClientRead(wsc)
|
|
|
|
|
|
|
|
s.wg.Add(2)
|
|
|
|
go s.websocketClientRespond(wsc)
|
|
|
|
go s.websocketClientSend(wsc)
|
|
|
|
|
|
|
|
<-wsc.quit
|
|
|
|
}
|
|
|
|
|
|
|
|
// maxRequestSize specifies the maximum number of bytes in the request body
|
|
|
|
// that may be read from a client. This is currently limited to 4MB.
|
|
|
|
const maxRequestSize = 1024 * 1024 * 4
|
|
|
|
|
|
|
|
// PostClientRPC processes and replies to a JSON-RPC client request.
|
|
|
|
func (s *Server) PostClientRPC(w http.ResponseWriter, r *http.Request) {
|
|
|
|
body := http.MaxBytesReader(w, r.Body, maxRequestSize)
|
|
|
|
rpcRequest, err := ioutil.ReadAll(body)
|
|
|
|
if err != nil {
|
|
|
|
// TODO: what if the underlying reader errored?
|
|
|
|
http.Error(w, "413 Request Too Large.",
|
|
|
|
http.StatusRequestEntityTooLarge)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// First check whether wallet has a handler for this request's method.
|
|
|
|
// If unfound, the request is sent to the chain server for further
|
|
|
|
// processing. While checking the methods, disallow authenticate
|
|
|
|
// requests, as they are invalid for HTTP POST clients.
|
|
|
|
var req btcjson.Request
|
|
|
|
err = json.Unmarshal(rpcRequest, &req)
|
|
|
|
if err != nil {
|
|
|
|
resp, err := btcjson.MarshalResponse(req.ID, nil, btcjson.ErrRPCInvalidRequest)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Unable to marshal response: %v", err)
|
|
|
|
http.Error(w, "500 Internal Server Error",
|
|
|
|
http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
_, err = w.Write(resp)
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("Cannot write invalid request request to "+
|
|
|
|
"client: %v", err)
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create the response and error from the request. Two special cases
|
|
|
|
// are handled for the authenticate and stop request methods.
|
|
|
|
var res interface{}
|
|
|
|
var jsonErr *btcjson.RPCError
|
|
|
|
var stop bool
|
|
|
|
switch req.Method {
|
|
|
|
case "authenticate":
|
|
|
|
// Drop it.
|
|
|
|
return
|
|
|
|
case "stop":
|
|
|
|
stop = true
|
|
|
|
res = "btcwallet stopping"
|
|
|
|
default:
|
|
|
|
res, jsonErr = s.handlerClosure(&req)()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Marshal and send.
|
|
|
|
mresp, err := btcjson.MarshalResponse(req.ID, res, jsonErr)
|
|
|
|
if err != nil {
|
|
|
|
log.Errorf("Unable to marshal response: %v", err)
|
|
|
|
http.Error(w, "500 Internal Server Error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
_, err = w.Write(mresp)
|
|
|
|
if err != nil {
|
|
|
|
log.Warnf("Unable to respond to client: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if stop {
|
|
|
|
s.requestProcessShutdown()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) requestProcessShutdown() {
|
|
|
|
select {
|
|
|
|
case s.requestShutdownChan <- struct{}{}:
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// RequestProcessShutdown returns a channel that is sent to when an authorized
|
|
|
|
// client requests remote shutdown.
|
|
|
|
func (s *Server) RequestProcessShutdown() <-chan struct{} {
|
|
|
|
return s.requestShutdownChan
|
|
|
|
}
|