lbrycrd/src/rpcprotocol.cpp

// Copyright (c) 2010 Satoshi Nakamoto
// Copyright (c) 2009-2014 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include "rpcprotocol.h"

#include "random.h"
#include "tinyformat.h"
#include "util.h"
#include "utilstrencodings.h"
#include "utiltime.h"
#include "version.h"

#include <stdint.h>
#include <fstream>

using namespace std;

/**
 * JSON-RPC protocol.  Bitcoin speaks version 1.0 for maximum compatibility,
 * but uses JSON-RPC 1.1/2.0 standards for parts of the 1.0 standard that were
 * unspecified (HTTP errors and contents of 'error').
 * 
 * 1.0 spec: http://json-rpc.org/wiki/specification
 * 1.2 spec: http://jsonrpc.org/historical/json-rpc-over-http.html
 */

string JSONRPCRequest(const string& strMethod, const UniValue& params, const UniValue& id)
{
    UniValue request(UniValue::VOBJ);
    request.push_back(Pair("method", strMethod));
    request.push_back(Pair("params", params));
    request.push_back(Pair("id", id));
    return request.write() + "\n";
}

UniValue JSONRPCReplyObj(const UniValue& result, const UniValue& error, const UniValue& id)
{
    UniValue reply(UniValue::VOBJ);
    if (!error.isNull())
        reply.push_back(Pair("result", NullUniValue));
    else
        reply.push_back(Pair("result", result));
    reply.push_back(Pair("error", error));
    reply.push_back(Pair("id", id));
    return reply;
}

string JSONRPCReply(const UniValue& result, const UniValue& error, const UniValue& id)
{
    UniValue reply = JSONRPCReplyObj(result, error, id);
    return reply.write() + "\n";
}

UniValue JSONRPCError(int code, const string& message)
{
    UniValue error(UniValue::VOBJ);
    error.push_back(Pair("code", code));
    error.push_back(Pair("message", message));
    return error;
}

/** Username used when cookie authentication is in use (arbitrary, only for
 * recognizability in debugging/logging purposes)
 */
static const std::string COOKIEAUTH_USER = "__cookie__";
/** Default name for auth cookie file */
static const std::string COOKIEAUTH_FILE = ".cookie";

boost::filesystem::path GetAuthCookieFile()
{
    boost::filesystem::path path(GetArg("-rpccookiefile", COOKIEAUTH_FILE));
    if (!path.is_complete()) path = GetDataDir() / path;
    return path;
}

bool GenerateAuthCookie(std::string *cookie_out)
{
    unsigned char rand_pwd[32];
    GetRandBytes(rand_pwd, 32);
    std::string cookie = COOKIEAUTH_USER + ":" + EncodeBase64(&rand_pwd[0],32);

    /** the umask determines what permissions are used to create this file -
     * these are set to 077 in init.cpp unless overridden with -sysperms.
     */
    std::ofstream file;
    boost::filesystem::path filepath = GetAuthCookieFile();
    file.open(filepath.string().c_str());
    if (!file.is_open()) {
        LogPrintf("Unable to open cookie authentication file %s for writing\n", filepath.string());
        return false;
    }
    file << cookie;
    file.close();
    LogPrintf("Generated RPC authentication cookie %s\n", filepath.string());

    if (cookie_out)
        *cookie_out = cookie;
    return true;
}

bool GetAuthCookie(std::string *cookie_out)
{
    std::ifstream file;
    std::string cookie;
    boost::filesystem::path filepath = GetAuthCookieFile();
    file.open(filepath.string().c_str());
    if (!file.is_open())
        return false;
    std::getline(file, cookie);
    file.close();

    if (cookie_out)
        *cookie_out = cookie;
    return true;
}

void DeleteAuthCookie()
{
    try {
        boost::filesystem::remove(GetAuthCookieFile());
    } catch (const boost::filesystem::filesystem_error& e) {
        LogPrintf("%s: Unable to remove random auth cookie file: %s\n", __func__, e.what());
    }
}
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`// Copyright (c) 2010 Satoshi Nakamoto`
Added "Core" to copyright headers Github-Pull: #5494 Rebased-From: 15de949bb9277e442302bdd8dee299a8d6deee60 2014-12-17 02:47:57 +01:00			`// Copyright (c) 2009-2014 The Bitcoin Core developers`
Update comments in src/rpc* to be doxygen compatible 2014-11-20 03:19:29 +01:00			`// Distributed under the MIT software license, see the accompanying`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`

			`#include "rpcprotocol.h"`

rpc: Implement random-cookie based authentication When no `-rpcpassword` is specified, use a special 'cookie' file for authentication. This file is generated with random content when the daemon starts, and deleted when it exits. Read access to this file controls who can access through RPC. By default this file is stored in the data directory but it be overriden with `-rpccookiefile`. This is similar to Tor CookieAuthentication: see https://www.torproject.org/docs/tor-manual.html.en Alternative to #6258. Like that pull, this allows running bitcoind without any manual configuration. However, daemons should ideally never write to their configuration files, so I prefer this solution. 2015-07-07 14:53:48 +02:00			`#include "random.h"`
Split up util.cpp/h Split up util.cpp/h into: - string utilities (hex, base32, base64): no internal dependencies, no dependency on boost (apart from foreach) - money utilities (parsesmoney, formatmoney) - time utilities (gettime*, sleep, format date): - and the rest (logging, argument parsing, config file parsing) The latter is basically the environment and OS handling, and is stripped of all utility functions, so we may want to rename it to something else than util.cpp/h for clarity (Matt suggested osinterface). Breaks dependency of sha256.cpp on all the things pulled in by util. 2014-08-21 16:11:09 +02:00			`#include "tinyformat.h"`
header include cleanup - ensures alphabetical ordering for includes etc. in source file headers 2014-09-14 12:43:56 +02:00			`#include "util.h"`
Split up util.cpp/h Split up util.cpp/h into: - string utilities (hex, base32, base64): no internal dependencies, no dependency on boost (apart from foreach) - money utilities (parsesmoney, formatmoney) - time utilities (gettime*, sleep, format date): - and the rest (logging, argument parsing, config file parsing) The latter is basically the environment and OS handling, and is stripped of all utility functions, so we may want to rename it to something else than util.cpp/h for clarity (Matt suggested osinterface). Breaks dependency of sha256.cpp on all the things pulled in by util. 2014-08-21 16:11:09 +02:00			`#include "utilstrencodings.h"`
			`#include "utiltime.h"`
Move `*Version()` functions to version.h/cpp 2014-08-21 16:11:05 +02:00			`#include "version.h"`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00
			`#include <stdint.h>`
rpc: Implement random-cookie based authentication When no `-rpcpassword` is specified, use a special 'cookie' file for authentication. This file is generated with random content when the daemon starts, and deleted when it exits. Read access to this file controls who can access through RPC. By default this file is stored in the data directory but it be overriden with `-rpccookiefile`. This is similar to Tor CookieAuthentication: see https://www.torproject.org/docs/tor-manual.html.en Alternative to #6258. Like that pull, this allows running bitcoind without any manual configuration. However, daemons should ideally never write to their configuration files, so I prefer this solution. 2015-07-07 14:53:48 +02:00			`#include <fstream>`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00
			`using namespace std;`

Update comments in src/rpc* to be doxygen compatible 2014-11-20 03:19:29 +01:00			`/**`
			`* JSON-RPC protocol. Bitcoin speaks version 1.0 for maximum compatibility,`
			`* but uses JSON-RPC 1.1/2.0 standards for parts of the 1.0 standard that were`
			`* unspecified (HTTP errors and contents of 'error').`
			`*`
			`* 1.0 spec: http://json-rpc.org/wiki/specification`
			`* 1.2 spec: http://jsonrpc.org/historical/json-rpc-over-http.html`
			`*/`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00
Remove JSON Spirit wrapper, remove JSON Spirit leftovers - implement find_value() function for UniValue - replace all Array/Value/Object types with UniValues, remove JSON Spirit to UniValue wrapper - remove JSON Spirit sources 2015-05-18 14:02:18 +02:00			`string JSONRPCRequest(const string& strMethod, const UniValue& params, const UniValue& id)`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`{`
remove JSON Spirit UniValue wrapper 2015-05-13 21:29:19 +02:00			`UniValue request(UniValue::VOBJ);`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`request.push_back(Pair("method", strMethod));`
			`request.push_back(Pair("params", params));`
			`request.push_back(Pair("id", id));`
Convert tree to using univalue. Eliminate all json_spirit uses. 2014-08-20 21:15:16 +02:00			`return request.write() + "\n";`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`}`

Remove JSON Spirit wrapper, remove JSON Spirit leftovers - implement find_value() function for UniValue - replace all Array/Value/Object types with UniValues, remove JSON Spirit to UniValue wrapper - remove JSON Spirit sources 2015-05-18 14:02:18 +02:00			`UniValue JSONRPCReplyObj(const UniValue& result, const UniValue& error, const UniValue& id)`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`{`
remove JSON Spirit UniValue wrapper 2015-05-13 21:29:19 +02:00			`UniValue reply(UniValue::VOBJ);`
Convert tree to using univalue. Eliminate all json_spirit uses. 2014-08-20 21:15:16 +02:00			`if (!error.isNull())`
			`reply.push_back(Pair("result", NullUniValue));`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`else`
			`reply.push_back(Pair("result", result));`
			`reply.push_back(Pair("error", error));`
			`reply.push_back(Pair("id", id));`
			`return reply;`
			`}`

Remove JSON Spirit wrapper, remove JSON Spirit leftovers - implement find_value() function for UniValue - replace all Array/Value/Object types with UniValues, remove JSON Spirit to UniValue wrapper - remove JSON Spirit sources 2015-05-18 14:02:18 +02:00			`string JSONRPCReply(const UniValue& result, const UniValue& error, const UniValue& id)`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`{`
remove JSON Spirit UniValue wrapper 2015-05-13 21:29:19 +02:00			`UniValue reply = JSONRPCReplyObj(result, error, id);`
Convert tree to using univalue. Eliminate all json_spirit uses. 2014-08-20 21:15:16 +02:00			`return reply.write() + "\n";`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`}`

remove JSON Spirit UniValue wrapper 2015-05-13 21:29:19 +02:00			`UniValue JSONRPCError(int code, const string& message)`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`{`
extend conversion to UniValue 2015-05-10 13:35:44 +02:00			`UniValue error(UniValue::VOBJ);`
Split up bitcoinrpc (code movement only) Split bitcoinrpc up into - rpcserver: bitcoind RPC server - rpcclient: bitcoin-cli RPC client - rpcprotocol: shared common HTTP/JSON-RPC protocol code One step towards making bitcoin-cli independent from the rest of the code, and thus a smaller executable that doesn't have to be linked against leveldb. This commit only does code movement, there are no functional changes. 2013-11-20 14:18:57 +01:00			`error.push_back(Pair("code", code));`
			`error.push_back(Pair("message", message));`
			`return error;`
			`}`
rpc: Implement random-cookie based authentication When no `-rpcpassword` is specified, use a special 'cookie' file for authentication. This file is generated with random content when the daemon starts, and deleted when it exits. Read access to this file controls who can access through RPC. By default this file is stored in the data directory but it be overriden with `-rpccookiefile`. This is similar to Tor CookieAuthentication: see https://www.torproject.org/docs/tor-manual.html.en Alternative to #6258. Like that pull, this allows running bitcoind without any manual configuration. However, daemons should ideally never write to their configuration files, so I prefer this solution. 2015-07-07 14:53:48 +02:00
			`/** Username used when cookie authentication is in use (arbitrary, only for`
			`* recognizability in debugging/logging purposes)`
			`*/`
			`static const std::string COOKIEAUTH_USER = "__cookie__";`
			`/** Default name for auth cookie file */`
			`static const std::string COOKIEAUTH_FILE = ".cookie";`

			`boost::filesystem::path GetAuthCookieFile()`
			`{`
			`boost::filesystem::path path(GetArg("-rpccookiefile", COOKIEAUTH_FILE));`
			`if (!path.is_complete()) path = GetDataDir() / path;`
			`return path;`
			`}`

			`bool GenerateAuthCookie(std::string *cookie_out)`
			`{`
			`unsigned char rand_pwd[32];`
			`GetRandBytes(rand_pwd, 32);`
			`std::string cookie = COOKIEAUTH_USER + ":" + EncodeBase64(&rand_pwd[0],32);`

			`/** the umask determines what permissions are used to create this file -`
			`* these are set to 077 in init.cpp unless overridden with -sysperms.`
			`*/`
			`std::ofstream file;`
			`boost::filesystem::path filepath = GetAuthCookieFile();`
			`file.open(filepath.string().c_str());`
			`if (!file.is_open()) {`
			`LogPrintf("Unable to open cookie authentication file %s for writing\n", filepath.string());`
			`return false;`
			`}`
			`file << cookie;`
			`file.close();`
			`LogPrintf("Generated RPC authentication cookie %s\n", filepath.string());`

			`if (cookie_out)`
			`*cookie_out = cookie;`
			`return true;`
			`}`

			`bool GetAuthCookie(std::string *cookie_out)`
			`{`
			`std::ifstream file;`
			`std::string cookie;`
			`boost::filesystem::path filepath = GetAuthCookieFile();`
			`file.open(filepath.string().c_str());`
			`if (!file.is_open())`
			`return false;`
			`std::getline(file, cookie);`
			`file.close();`

			`if (cookie_out)`
			`*cookie_out = cookie;`
			`return true;`
			`}`

			`void DeleteAuthCookie()`
			`{`
			`try {`
			`boost::filesystem::remove(GetAuthCookieFile());`
			`} catch (const boost::filesystem::filesystem_error& e) {`
			`LogPrintf("%s: Unable to remove random auth cookie file: %s\n", __func__, e.what());`
			`}`
			`}`