Commit graph

88 commits

Author SHA1 Message Date
Josh Rickmar
461111cadf Allow alternative btcd RPC server auth.
This change adds the new btcdusername and btcdpassword options which,
if set, are used instead of the username and password when
authenticating to a btcd RPC server.  If these new options are unset,
the btcd user and password settings are shared with the client auth
settings.
2014-05-16 12:58:33 -05:00
Josh Rickmar
17ebf9461f Rename connect option to rpcconnect.
The connect option is already used by btcd to force a connection to
other full node peers.  Wallet does not talk directly with these
peers, so the connect option is being renamed to something unique for
an RPC client connection.
2014-05-06 13:25:56 -05:00
Josh Rickmar
e9bdf2a094 Another day, another tx store implementation.
The last transaction store was a great example of how not to write
scalable software.  For a variety of reasons, it was very slow at
processing transaction inserts.  Among them:

1) Every single transaction record being saved in a linked list
   (container/list), and inserting into this list would be an O(n)
   operation so that records could be ordered by receive date.

2) Every single transaction in the above mentioned list was iterated
   over in order to find double spends which must be removed.  It is
   silly to do this check for mined transactions, which already have
   been checked for this by btcd.  Worse yet, if double spends were
   found, the list would be iterated a second (or third, or fourth)
   time for each removed transaction.

3) All spend tracking for signed-by-wallet transactions was found on
   each transaction insert, even if the now spent previous transaction
   outputs were known by the caller.

This list could keep going on, but you get the idea.  It was bad.

To resolve these issues a new transaction store had to be implemented.
The new implementation:

1) Tracks mined and unmined transactions in different data structures.
   Mined transactions are cheap to track because the required double
   spend checks have already been performed by the chain server, and
   double spend checks are only required to be performed on
   newly-inserted mined transactions which may conflict with previous
   unmined transactions.

2) Saves mined transactions grouped by block first, and then by their
   transaction index.  Lookup keys for mined transactions are simply
   the block height (in the best chain, that's all we save) and index
   of the transaction in the block.  This makes looking up any
   arbitrary transaction almost an O(1) operation (almost, because
   block height and block indexes are mapped to their slice indexes
   with a Go map).

3) Saves records in each transaction for whether the outputs are
   wallet credits (spendable by wallet) and for whether inputs debit
   from previous credits.  Both structures point back to the source
   or spender (credits point to the transaction that spends them, or
   nil for unspent credits, and debits include keys to lookup the
   transaction credits they spent.  While complicated to keep track
   of, this greatly simplifies the spent tracking for transactions
   across rollbacks and transaction removals.

4) Implements double spend checking as an almost O(1) operation.  A
   Go map is used to map each previous outpoint for all unconfirmed
   transactions to the unconfirmed tx record itself.  Checking for
   double spends on confirmed transaction inserts only involves
   looking up each previous outpoint of the inserted tx in this map.
   If a double spend is found, removal is simplified by only
   removing the transaction and its spend chain from store maps,
   rather than iterating a linked list several times over to remove
   each dead transaction in the spend chain.

5) Allows the caller to specify the previous credits which are spent
   by a debiting transaction.  When a transaction is created by
   wallet, the previous outputs are already known, and by passing
   their record types to the AddDebits method, lookups for each
   previously unspent credit are omitted.

6) Bookkeeps all blocks with transactions with unspent credits, and
   bookkeeps the transaction indexes of all transactions with unspent
   outputs for a single block.  For the case where the caller adding a
   debit record does not know what credits a transaction debits from,
   these bookkeeping structures allow the store to only consider known
   unspent transactions, rather than searching through both spent and
   unspents.

7) Saves amount deltas for the entire balance as a result of each
   block, due to transactions within that block.  This improves the
   performance of calculating the full balance by not needing to
   iterate over every transaction, and then every credit, to determine
   if a credit is spent or unspent.  When transactions are moved from
   unconfirmed to a block structure, the amount deltas are incremented
   by the amount of all transaction credits (both spent and unspent)
   and debited by the total amount the transaction spends from
   previous wallet credits.  For the common case of calculating a
   balance with just one confirmation, the only involves iterating
   over each block structure and adding the (possibly negative)
   amount delta.  Coinbase rewards are saved similarly, but with a
   different amount variable so they can be seperatly included or
   excluded.

Due to all of the changes in how the store internally works, the
serialization format has changed.  To simplify the serialization
logic, support for reading the last store file version has been
removed.  Past this change, a rescan (run automatically) will be
required to rebuild the transaction history.
2014-05-05 16:12:05 -05:00
Josh Rickmar
e956d0b290 Immediately terminate improperly auth'd ws conns.
This fixes a bug with the authentication handling for websocket
clients where it was possible that even after supplying bad
authentication using the HTTP Authorization header, the connection
would remain open and flagged as unauthenticated, and clients (if they
somehow knew auth failed, although btcwallet would never tell them
until after they failed their next request) could try their hand at
authorization again by issuing an authenticate request.

While I don't know of any reason the above described bug could result
in a security leak, it's better to fail the connection as soon as
possible if they failed their first authentication attempt.

While here, also set a read deadline of 10 seconds for the first
request.  If the initial handshake cannot complete in this timeframe,
the connection is terminated.  This matches the behavior in btcd, and
prevents websocket clients from connecting without the Authorization
header and never issuing their first authenticate request.
2014-04-28 18:19:45 -05:00
David Hill
6a908d63bc Handle disconnecting clients properly.
Also, add logging for connecting and disconnecting clients.
2014-04-22 16:03:17 -04:00
Josh Rickmar
b1a71d5f83 Delay JSON unmarshaling until needed.
This change takes advantage of the RawMessage type in the
encoding/json package to defer unmarshaling of all JSON-RPC values
until absolutely necessary.

This is particularly important for request passthrough when btcwallet
must ask btcd to handle a chain request for a wallet client.  In the
previous code, during the marshal and unmarshal dance to set the
original client's request id in the btcd response, large JSON numbers
were being mangled to use (scientific) E notation even when they could
be represented as a integer without any loss of precision.
2014-04-09 12:50:16 -05:00
Josh Rickmar
19fd6406e8 Prevent a send on closed chan panic.
The select statement does not guarantee selecting a better case if one
might panic for sending to a closed channel.  This case was hit during
client disconnect due to having multiple senders on a single channel
with one of the senders closing the chan to notify the next goroutine
to finish.  This change gives each writes its own unique channel to
prevent this error.
2014-03-20 16:10:42 -05:00
Josh Rickmar
4f1d2e7121 Add support for the authenticate extension request.
Just like btcd, this commit adds support for the authenticate request
allowing clients unable to set the HTTP Authorization header to
authenticate to use the RPC server.  The rules for the authenticate
request are as follows:

1) Authentication make clients stateful.  Clients may either be flagged
   as authenticated or unauthenticated.

2) Clients may authenticate by exactly one of two possible ways,
   either by setting the Authorization header or by sending a JSON-RPC
   authenticate request as follows:

   {
     "jsonrpc":"1.0",
     "id":0,
     "method":"authenticate",
     "params":["rpcuser", "rpcpass"]
   }

3) When not authenticated by the Authorization header, the first request
   must be an authenticate request.

4) Sending an authenticate request after a client has already
   successfully authenticated (either by the Authorization header or a
   previous authentication request) is invalid.

5) The result used in the response to a successful authenticate request
   is a JSON null.  For any unsuccessful or invalid authenticate
   requests, the connection is terminated.

This change also orders all incoming requests for a client.  This was
required to ensure that any authentication requests are processed
first.
2014-03-20 14:27:52 -05:00
Josh Rickmar
998a29b0e6 Do not warn for io.EOF when receiving ws msgs. 2014-03-17 22:36:44 -05:00
Josh Rickmar
6be1d86df2 Log reasons for disconnecting a websocket client. 2014-03-17 15:32:26 -05:00
Josh Rickmar
fc2e313a39 Introduce new transaction store.
This change replaces the old transaction store file format and
implementation.  The most important change is how the full backing
transactions for any received or sent transaction are now saved,
rather than simply saving parsed-out details of the tx (tx shas, block
height/hash, pkScripts, etc.).

To support the change, notifications for received transaction outputs
and txs spending watched outpoints have been updated to use the new
redeemingtx and recvtx notifications as these contain the full tx,
which is deserializead and inserted into the store.

The old transaction store serialization code is completely removed, as
updating to the new format automatically cannot be done.  Old wallets
first running past this change will error reading the file and start a
full rescan to rebuild the data.  Unlike previous rescan code,
transactions spending outpoint managed by wallet are also included.
This results in recovering not just received history, but history for
sent transactions as well.
2014-02-24 14:35:30 -05:00
Josh Rickmar
438f55a0a4 Set deadline on client websocket sends.
It appears that the websocket package will occasionally enter a
Codec's Send function and block forever, never erroring (presumably
due to a closed connection).  This change adds a deadline for the send
of two seconds.  If the send cannot complete before the deadline is
reached, the send is aborted and the connection is assumed to be lost.

A buffer should be added here as well, so even waiting max two seconds
for the send to error out won't cause wallet code to block.
2014-02-19 13:57:52 -05:00
Josh Rickmar
3a23fdaf64 Move duplicater chan send out of default case.
At any instant when a duplicated notification must be sent, either one
of two channel sends/recvs must occur.  The first possibility is that
the client is disconnected, in which case the disconnected channel
will be read, and then the context removed from the goroutine-managed
map.  The second possibility is that the disconnect channel has not
yet been closed, in which case it must block on an actual message
send.  This change moves the second case out of the default case of
the select statement to avoid a race where:

1) The client has not yet disconnected, and the disconnected chan is
   not ready for reads.
2) Control switches to the default case.
3) The client disconnects, the goroutine reading the send channel
   returns, closes the disconnected channel, and no more reads occur.
4) The notification duplicator blocks forever trying to send the
   message even when the disconnected notification channel has
   already been closed.
2014-02-18 21:11:33 -05:00
Josh Rickmar
2ff7f85b0c Notify connected ws clients of btcd connect state.
This shouldn't be nececssary (a TODO was added to remind me to make
clients explicitly ask for this info) but in the meantime this fixes
clients such as btcgui which otherwise wouldn't think btcwallet is
properly connected to btcd and will desensitise some widgets.
2014-02-18 15:51:06 -05:00
Josh Rickmar
e837ca5b64 Cleanly remove disconnected clients.
Also fixes a bug where responses for a single client would be sent to
every connected client.
2014-02-18 12:39:53 -05:00
Josh Rickmar
45e0a3fcb9 Move websocket endpoint to /ws. 2014-02-03 11:50:11 -05:00
Josh Rickmar
6a08c7de07 Redo account locking and RPC request processing.
This change removes the three separate mutexes which used to lock an
account's wallet, tx store, and utxo store.  Accounts no longer
contain any locking mechanism and rely on go's other synchronization
constructs (goroutines and channels) for correct access.

All accounts are now managed as a collection through the new
AccountManager, rather than the old AccountStore.  AccountManager runs
as its own goroutine to provide access to accounts.

RPC requests are now queued for handling, being denied if the queue
buffer is exhausted.  Notifications are also queued (instead of being
sent from their own goroutine after being received, in which order is
undefined), however, notifications are never dropped and will
potentially grow a queue of infinite size if unhandled.
2014-02-01 13:18:34 -05:00
Josh Rickmar
f87aab49df Explicitly request block notifications. 2014-01-17 16:45:40 -05:00
Josh Rickmar
a309196ea2 Create missing directories before writing certpair. 2014-01-17 12:17:51 -05:00
Josh Rickmar
86cf8e7005 Write RPC cert and key to correct files. 2014-01-14 11:13:27 -05:00
Josh Rickmar
467d976f0a Switch to btcutil for certificate generation. 2014-01-10 15:51:54 -05:00
Josh Rickmar
3e2f67fda7 Short circuit handshake if default account does not exist. 2014-01-09 19:25:51 -05:00
Josh Rickmar
15ffc674a9 Rework the btcd RPC connection.
This change greatly cleans up the RPC connection between btcwallet and
btcd.  Proper (JSON-RPC spec-following) notifications are now expected
rather than Responses with a non-empty IDs.

A new RPCConn interface type has also been introduced with a
BtcdRPCConn concrete type for btcd RPC connections.  Non-btcd-specific
code handles the RPCConn, while the btcd details have been abstracted
away to a handful of functions.  This will make it easier to write
tests by creating a new fake RPC connection with hardcoded expected
replies.
2014-01-09 14:07:17 -05:00
Josh Rickmar
614ed93a1d Support mempool transaction notifications. 2013-12-20 12:48:47 -05:00
Josh Rickmar
75d3a77106 Fix build for new btcws notifications. 2013-12-13 11:00:31 -05:00
Josh Rickmar
7a91209a4c Add wallet API to set better earliest block height. 2013-12-09 17:03:51 -05:00
Josh Rickmar
35a991e503 Remove circular dependancy on wallet creation. 2013-12-09 16:51:07 -05:00
Josh Rickmar
c97e0d5fc6 Detect reorgs after btcd disconnect/reconnect.
This change saves (at most) the last 20 block hashes to disk.  Upon
btcd connect, in the handshake, btcwallet checks whether btcd's best
chain still contains these blocks, starting from the most recently
added block and continuing until the earliest saved.  If any blocks
are missing, Tx history and UTXOs from any blocks no longer in the
chain are removed, and a rescan is started from after the best block
still in the main chain.

If all previous block hashes are exhausted (either due to a large
reorg, or because not enough blocks have been seen), a full rescan is
triggered (full meaning from the earliest block that matters to this
wallet) since the last synced up to point is no longer available.

The previous 20 seen block hashes are saved to the wallet file, which
required bumping the file version.  Older wallets written with lesser
versions will use the previous reading function, making this change
backwards compatible.
2013-12-09 15:19:20 -05:00
Josh Rickmar
8669129917 Copy btcd RPC listening behavior.
This change copies the listening behavior of btcd by replacing the
--serverport option with --listen.  By default, btcwallet will only
listen for localhost connections, but with this change it will be
possible to add listeners for remote connections.

This was added due to finding a bug with updateConfigWithActiveParams.
After consulting the btcd source code, the bug was fixed by replacing
the function (as it was no longer needed) when the new listening code
was introduced.

While here, mask out the password flag from being shown in the help
message.
2013-12-05 17:25:36 -05:00
Josh Rickmar
311276eae5 Make authentication check time-constant. 2013-12-05 13:01:26 -05:00
Josh Rickmar
4bdb88f4bc Log authentication failures to info debug level. 2013-12-05 10:04:35 -05:00
Josh Rickmar
ce23523ed7 Introduce new account file structure.
This changes the locations that account files (wallet.bin, utxo.bin,
and tx.bin) are searched for when opening or disk syncing accounts.
Previously, files were saved in the following layout:

  ~/.btcwallet/
    - btcwallet/
      - wallet.bin
      - tx.bin
      - utxo.bin
    - btcwallet-AccountA/
      - wallet.bin
      - tx.bin
      - utxo.bin

This format had two issues.  First, each account would require its own
directory, causing a scalability issue on unix (and perhaps other)
platforms.  Second, there was no distinction between testnet and
mainnet wallets, and if mainnet support was enabled, btcwallet would
attempt to open accounts with testnet wallets.

Instead, the following file structure is now used:

  ~/.btcwallet/
    - testnet/
      - wallet.bin
      - tx.bin
      - utxo.bin
      - AccountA-wallet.bin
      - AccountA-tx.bin
      - AccountA-utxo.bin

This solves both of the previously-mentioned issues by requiring only
two subdirectories (one each for the testnet and mainnet bitcoin
networks), and by separating the locations to open and save testnet
and mainnet account files.

At startup, a check for the old account file structure is performed.
If found, files are moved to the new locations, and the old account
directories are removed.  Account files are moved to the testnet
directory, as only testnet support is currently enabled.

The version has been bumped to 0.1.1 to reflect this change.

Fixes #16.
2013-12-04 20:25:13 -05:00
Josh Rickmar
3b04e3a4bc Use TLS+auth for frontend connections.
This change is mostly a copy paste job from the TLS listeners and
autogenerated cert code from btcd.
2013-12-03 10:52:09 -05:00
Josh Rickmar
3c528f81ec New Account and AccountStore API.
This change better organizes account handling by creating a new
AccountStore type and accountstore global variable, with receiver
funcs for all operations that require all accounts.  More Account
funcs are also added to clean up account handling in the RPC code.

Intial work on this done by dhill.
2013-12-02 14:56:06 -05:00
Josh Rickmar
413f23ea18 Add support for listtransactions RPC request.
This change adds support for the listtransactions RPC command.  To
properly reply to this command, additonal information about received
transactions was added, and is now saved in an account's tx.bin file.
Additionally, when sending a transaction, a *tx.SendTx is now saved to
the Tx store, and is included in listtransactions replies under the
"send" category.

WARNING: All account's tx.bin and utxo.bin files should be removed
before running with this change, or else the files may not be read
correctly.  Removing tx.bin is not an issue as it was not being used
before, and was being saved with incorrect data.  Removing utxo.bin is
not an issue as it will just trigger a rescan on next start.  File
format versions are now included in both files, so automatic updates
from previous file formats will be possible with future changes.

Fixes #12.
2013-11-26 16:22:15 -05:00
Josh Rickmar
a246fc91d6 Update for new btcws TxMinedNtfn API. 2013-11-25 12:54:49 -05:00
Josh Rickmar
74d7178aa8 Set TLS1.2 as the minimum acceptable TLS version. 2013-11-21 16:41:15 -05:00
Josh Rickmar
21faab5e3e Simplify BtcdHandler. 2013-11-21 15:49:07 -05:00
Josh Rickmar
935335f1a5 Pass handsake errors to caller. 2013-11-21 15:01:51 -05:00
Josh Rickmar
828544cb2f Fix some races found by -race. 2013-11-21 14:41:05 -05:00
Josh Rickmar
e1ce9843bf Add missing mutex unlock if an error is hit.
Spotted by dhill.
2013-11-21 10:48:35 -05:00
David Hill
89e3054bc5 socks5/tor proxy support 2013-11-19 20:54:48 -05:00
Josh Rickmar
00fe439670 Add private key import and export support.
This adds the necessary bits for handling importing addresses for the
wallet file format, as well as implementing the importprivkey and
dumpprivkey RPC requests.

Initial code by dhill.
2013-11-19 20:18:11 -05:00
Josh Rickmar
0bd877237f Add missing space for basic HTTP auth header. 2013-11-19 18:25:42 -05:00
Josh Rickmar
5dbf69d23e Enable TLS support for btcd websocket connections.
This adds an additional config option, -cafile, to specify the root
certificates checked when verifying a btcd TLC connection.  btcd will
now automatically generate certs in
~/.btcd/data/{main,test}net/rpc.cert, and this file should be copied
to ~/.btcwallet/cert.pem.

The -btcdport option is also gone now, and replaced with -connect (or
-c), to specify both the hostname/ip and port of the server running
btcd.
2013-11-19 12:21:54 -05:00
Josh Rickmar
474106a757 Sending and receving from chans on the same goroutine is a bad idea. 2013-11-18 16:37:28 -05:00
Josh Rickmar
28087af90b Add handling for standard bitcoind-style RPC.
With the exception of the createencryptedwallet extension (which is
required to make a wallet), all websocket-specific handlers are now
only available from a websocket connection, and standard RPC requests
are handled with a normal HTTP request and reply.

As an added bonus, listening on IPv6 now works.
2013-11-18 15:51:50 -05:00
Josh Rickmar
ef49eca365 more wallet -> account renames 2013-11-15 11:44:24 -05:00
Josh Rickmar
503f591e88 Process tx notifications before new blocks.
This change modifies the order in which transaction to watched
addresses are processed and when frontend notifications occur.  Due to
btcd notifying all transactions before sending the blockconnected
notification, the UTXO and transaction stores can be modified without
sending any frontend notifications, and then a single frontend
notification is sent when the blockconnected notification arrives.

The order in which each file is synced to disk was also changed to
write out the UTXO and transaction stores before writing the wallet.
This is to prevent a race where wallet closes after writing the dirty
wallet, but before the dirty UTXO store is written.  In this
situation, newly added UTXOs will be missed and not found again on the
next wallet open during the rescan.  Writing the wallet (which holds
the synced-to-block information) last prevents this.

An issue where the unconfirmed change UTXO created from a new
transaction never being properly notified to frontends is fixed now as
well.
2013-11-12 14:53:38 -05:00
Josh Rickmar
30db3490c0 Use btcws for parsing btcd notifications. 2013-11-08 12:45:18 -05:00