config: unify lbcd and lbcwallet RPC credentails
1. remove lbcdusername and lbcdpassword 2. rename (username, password) to (rpcuser, rpcpass) Most users are confused with the lbcduser and username at first, and choose to use the same credentials between lbcd and lbcwallet.
This commit is contained in:
parent
7a4cd602bb
commit
be7892a2ae
5 changed files with 20 additions and 55 deletions
23
README.md
23
README.md
|
@ -22,10 +22,6 @@ does mean they could track all transactions involving your addresses
|
||||||
and therefore know your exact balance. In a future release, public data
|
and therefore know your exact balance. In a future release, public data
|
||||||
encryption will extend to transactions as well.
|
encryption will extend to transactions as well.
|
||||||
|
|
||||||
Wallet clients can use one of two RPC servers:
|
|
||||||
|
|
||||||
1. A legacy JSON-RPC server mostly compatible with Bitcoin Core
|
|
||||||
|
|
||||||
The JSON-RPC server exists to ease the migration of wallet applications
|
The JSON-RPC server exists to ease the migration of wallet applications
|
||||||
from Core, but complete compatibility is not guaranteed. Some portions of
|
from Core, but complete compatibility is not guaranteed. Some portions of
|
||||||
the API (and especially accounts) have to work differently due to other
|
the API (and especially accounts) have to work differently due to other
|
||||||
|
@ -33,15 +29,6 @@ Wallet clients can use one of two RPC servers:
|
||||||
compatibility issue and feel that it could be reasonably supported, please
|
compatibility issue and feel that it could be reasonably supported, please
|
||||||
report an issue. This server is enabled by default.
|
report an issue. This server is enabled by default.
|
||||||
|
|
||||||
2. An experimental gRPC server
|
|
||||||
|
|
||||||
The gRPC server uses a new API built for lbcwallet, but the API is not
|
|
||||||
stabilized and the server is feature gated behind a config option
|
|
||||||
(`--experimentalrpclisten`). If you don't mind applications breaking due
|
|
||||||
to API changes, don't want to deal with issues of the legacy API, or need
|
|
||||||
notifications for changes to the wallet, this is the RPC server to use.
|
|
||||||
The gRPC server is documented [here](./rpc/documentation/README.md).
|
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
We take security seriously. Please contact [security](mailto:security@lbry.com) regarding any security issues.
|
We take security seriously. Please contact [security](mailto:security@lbry.com) regarding any security issues.
|
||||||
|
@ -93,25 +80,23 @@ Start a local instance of `lbcd` and have the `lbcwallet` connecting to it.
|
||||||
|
|
||||||
``` sh
|
``` sh
|
||||||
# Start a lbcd with its RPC credentials
|
# Start a lbcd with its RPC credentials
|
||||||
./lbcd --txindex --rpcuser=lbcduser --rpcpass=lbcdpass
|
./lbcd --txindex --rpcuser=rpcuser --rpcpass=rpcpass
|
||||||
|
|
||||||
# Start a lbcwallet with its RPC credentials along with the lbcd's RPC credentials
|
# Start a lbcwallet with its RPC credentials along with the lbcd's RPC credentials
|
||||||
# The default lbcd instance to conect to is already localhost:9245 so we don't need to specify it explicitly here.
|
# The default lbcd instance to conect to is already localhost:9245 so we don't need to specify it explicitly here.
|
||||||
./lbcwallet --username=rpcuser --password=rpcpass --lbcdusername=lbcduser --lbcdpassword=lbcdpass # --rpcconnect=localhost:9245
|
./lbcwallet --rpcuser=rpcuser --rpcpass=rpcpass # --rpcconnect=localhost:9245
|
||||||
|
|
||||||
#
|
#
|
||||||
# rpcuser/rpcpass lbcduser/lbcdpass
|
# rpcuser/rpcpass rpcuser/rpcpass
|
||||||
# lbcctl <-------------------> lbcwallet <--------------------> lbcd
|
# lbcctl <-------------------> lbcwallet <--------------------> lbcd
|
||||||
# RPC port 9244 RPC port 9245
|
# RPC port 9244 RPC port 9245
|
||||||
#
|
#
|
||||||
```
|
```
|
||||||
|
|
||||||
If the `lbcd` and `lbcwallet` use the same RPC credentials, we can skip the `--lbcdusername` and `--lbcdpassword`
|
|
||||||
|
|
||||||
``` sh
|
``` sh
|
||||||
./lbcd --txindex --rpcuser=rpcuser --rpcpass=rpcpass
|
./lbcd --txindex --rpcuser=rpcuser --rpcpass=rpcpass
|
||||||
|
|
||||||
./lbcwallet --username=rpcuser --password=rpcpass
|
./lbcwallet --rpcuser=rpcuser --rpcpass=rpcpass
|
||||||
|
|
||||||
#
|
#
|
||||||
# rpcuser/rpcpass rpcuser/rpcpass
|
# rpcuser/rpcpass rpcuser/rpcpass
|
||||||
|
|
19
config.go
19
config.go
|
@ -70,8 +70,6 @@ type config struct {
|
||||||
CAFile *cfgutil.ExplicitString `long:"cafile" description:"File containing root certificates to authenticate a TLS connections with lbcd"`
|
CAFile *cfgutil.ExplicitString `long:"cafile" description:"File containing root certificates to authenticate a TLS connections with lbcd"`
|
||||||
DisableClientTLS bool `long:"noclienttls" description:"Disable TLS for the RPC client"`
|
DisableClientTLS bool `long:"noclienttls" description:"Disable TLS for the RPC client"`
|
||||||
SkipVerify bool `long:"skipverify" description:"Skip verifying TLS for the RPC client"`
|
SkipVerify bool `long:"skipverify" description:"Skip verifying TLS for the RPC client"`
|
||||||
LbcdUsername string `long:"lbcdusername" description:"Username for lbcd authentication"`
|
|
||||||
LbcdPassword string `long:"lbcdpassword" default-mask:"-" description:"Password for lbcd authentication"`
|
|
||||||
Proxy string `long:"proxy" description:"Connect via SOCKS5 proxy (eg. 127.0.0.1:9050)"`
|
Proxy string `long:"proxy" description:"Connect via SOCKS5 proxy (eg. 127.0.0.1:9050)"`
|
||||||
ProxyUser string `long:"proxyuser" description:"Username for proxy server"`
|
ProxyUser string `long:"proxyuser" description:"Username for proxy server"`
|
||||||
ProxyPass string `long:"proxypass" default-mask:"-" description:"Password for proxy server"`
|
ProxyPass string `long:"proxypass" default-mask:"-" description:"Password for proxy server"`
|
||||||
|
@ -90,9 +88,9 @@ type config struct {
|
||||||
DisableServerTLS bool `long:"noservertls" description:"Disable TLS for the RPC server"`
|
DisableServerTLS bool `long:"noservertls" description:"Disable TLS for the RPC server"`
|
||||||
LegacyRPCListeners []string `long:"rpclisten" description:"Listen for legacy RPC connections on this interface/port (default port: 9244, testnet: 19244, regtest: 29244, simnet: 29244)"`
|
LegacyRPCListeners []string `long:"rpclisten" description:"Listen for legacy RPC connections on this interface/port (default port: 9244, testnet: 19244, regtest: 29244, simnet: 29244)"`
|
||||||
LegacyRPCMaxClients int64 `long:"rpcmaxclients" description:"Max number of legacy RPC clients for standard connections"`
|
LegacyRPCMaxClients int64 `long:"rpcmaxclients" description:"Max number of legacy RPC clients for standard connections"`
|
||||||
LegacyRPCMaxWebsockets int64 `long:"rpcmaxwebsockets" description:"Max number of legacy RPC websocket connections"`
|
LegacyRPCMaxWebsockets int64 `long:"rpcmaxwebsockets" description:"Max number of RPC websocket connections"`
|
||||||
Username string `short:"u" long:"username" description:"Username for legacy RPC and lbcd authentication (if lbcdusername is unset)"`
|
RPCUser string `short:"u" long:"rpcuser" description:"Username for RPC and lbcd authentication"`
|
||||||
Password string `short:"P" long:"password" default-mask:"-" description:"Password for legacy RPC and lbcd authentication (if lbcdpassword is unset)"`
|
RPCPass string `short:"P" long:"rpcpass" default-mask:"-" description:"Password for RPC and lbcd authentication"`
|
||||||
|
|
||||||
// Deprecated options
|
// Deprecated options
|
||||||
DataDir *cfgutil.ExplicitString `short:"b" long:"datadir" default-mask:"-" description:"DEPRECATED -- use appdata instead"`
|
DataDir *cfgutil.ExplicitString `short:"b" long:"datadir" default-mask:"-" description:"DEPRECATED -- use appdata instead"`
|
||||||
|
@ -601,17 +599,6 @@ func loadConfig() (*config, []string, error) {
|
||||||
cfg.RPCCert.Value = cleanAndExpandPath(cfg.RPCCert.Value)
|
cfg.RPCCert.Value = cleanAndExpandPath(cfg.RPCCert.Value)
|
||||||
cfg.RPCKey.Value = cleanAndExpandPath(cfg.RPCKey.Value)
|
cfg.RPCKey.Value = cleanAndExpandPath(cfg.RPCKey.Value)
|
||||||
|
|
||||||
// If the lbcd username or password are unset, use the same auth as for
|
|
||||||
// the client. The two settings were previously shared for lbcd and
|
|
||||||
// client auth, so this avoids breaking backwards compatibility while
|
|
||||||
// allowing users to use different auth settings for lbcd and wallet.
|
|
||||||
if cfg.LbcdUsername == "" {
|
|
||||||
cfg.LbcdUsername = cfg.Username
|
|
||||||
}
|
|
||||||
if cfg.LbcdPassword == "" {
|
|
||||||
cfg.LbcdPassword = cfg.Password
|
|
||||||
}
|
|
||||||
|
|
||||||
// Warn about missing config file after the final command line parse
|
// Warn about missing config file after the final command line parse
|
||||||
// succeeds. This prevents the warning on help messages and invalid
|
// succeeds. This prevents the warning on help messages and invalid
|
||||||
// options.
|
// options.
|
||||||
|
|
|
@ -214,7 +214,7 @@ func readCAFile() []byte {
|
||||||
func startChainRPC(certs []byte) (*chain.RPCClient, error) {
|
func startChainRPC(certs []byte) (*chain.RPCClient, error) {
|
||||||
log.Infof("Attempting RPC client connection to %v", cfg.RPCConnect)
|
log.Infof("Attempting RPC client connection to %v", cfg.RPCConnect)
|
||||||
rpcc, err := chain.NewRPCClient(activeNet.Params, cfg.RPCConnect,
|
rpcc, err := chain.NewRPCClient(activeNet.Params, cfg.RPCConnect,
|
||||||
cfg.LbcdUsername, cfg.LbcdPassword, certs, cfg.DisableClientTLS,
|
cfg.RPCPass, cfg.RPCPass, certs, cfg.DisableClientTLS,
|
||||||
cfg.SkipVerify, 0)
|
cfg.SkipVerify, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -126,8 +126,8 @@ func startRPCServers(walletLoader *wallet.Loader) (*legacyrpc.Server, error) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.Username == "" || cfg.Password == "" {
|
if cfg.RPCUser == "" || cfg.RPCPass == "" {
|
||||||
log.Info("Legacy RPC server disabled (requires username and password)")
|
log.Info("RPC server disabled (requires rpcuser and rpcpass)")
|
||||||
} else if len(cfg.LegacyRPCListeners) != 0 {
|
} else if len(cfg.LegacyRPCListeners) != 0 {
|
||||||
listeners := makeListeners(cfg.LegacyRPCListeners, legacyListen)
|
listeners := makeListeners(cfg.LegacyRPCListeners, legacyListen)
|
||||||
if len(listeners) == 0 {
|
if len(listeners) == 0 {
|
||||||
|
@ -135,8 +135,8 @@ func startRPCServers(walletLoader *wallet.Loader) (*legacyrpc.Server, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
opts := legacyrpc.Options{
|
opts := legacyrpc.Options{
|
||||||
Username: cfg.Username,
|
Username: cfg.RPCUser,
|
||||||
Password: cfg.Password,
|
Password: cfg.RPCPass,
|
||||||
MaxPOSTClients: cfg.LegacyRPCMaxClients,
|
MaxPOSTClients: cfg.LegacyRPCMaxClients,
|
||||||
MaxWebsocketClients: cfg.LegacyRPCMaxWebsockets,
|
MaxWebsocketClients: cfg.LegacyRPCMaxWebsockets,
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,15 +88,8 @@
|
||||||
|
|
||||||
; Username and password to authenticate to lbcd a RPC server and authenticate
|
; Username and password to authenticate to lbcd a RPC server and authenticate
|
||||||
; new client connections
|
; new client connections
|
||||||
; username=
|
; rpcuser=
|
||||||
; password=
|
; rpcpass=
|
||||||
|
|
||||||
; Alternative username and password for lbcd. If set, these will be used
|
|
||||||
; instead of the username and password set above for authentication to a
|
|
||||||
; lbcd RPC server.
|
|
||||||
; lbcdusername=
|
|
||||||
; lbcdpassword=
|
|
||||||
|
|
||||||
|
|
||||||
; ------------------------------------------------------------------------------
|
; ------------------------------------------------------------------------------
|
||||||
; Debug
|
; Debug
|
||||||
|
|
Loading…
Reference in a new issue