45 tv.tv_sec = millis/1000;
46 tv.tv_usec = (millis%1000)*1000;
59 const char*
Name()
override
75static std::vector<std::vector<std::string>>
g_rpcauth;
96 req->
WriteHeader(
"Content-Type",
"application/json");
109 const std::string& salt = fields[1];
110 const std::string& hash = fields[2];
112 std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE>
out;
114 std::string hash_from_pass =
HexStr(
out);
123static bool RPCAuthorized(
const std::string& strAuth, std::string& strAuthUsernameOut)
125 if (!strAuth.starts_with(
"Basic "))
127 std::string_view strUserPass64 =
TrimStringView(std::string_view{strAuth}.substr(6));
129 std::string strUserPass;
130 if (!userpass_data)
return false;
131 strUserPass.assign(userpass_data->begin(), userpass_data->end());
133 size_t colon_pos = strUserPass.find(
':');
134 if (colon_pos == std::string::npos) {
137 std::string user = strUserPass.substr(0, colon_pos);
138 std::string pass = strUserPass.substr(colon_pos + 1);
139 strAuthUsernameOut = user;
151 std::pair<bool, std::string> authHeader = req->
GetHeader(
"authorization");
152 if (!authHeader.first) {
162 LogPrintf(
"ThreadRPCServer incorrect password attempt from %s\n", jreq.
peerAddr);
192 jreq.
parse(valRequest);
213 }
else if (valRequest.
isArray()) {
215 if (user_has_whitelist) {
216 for (
unsigned int reqIdx = 0; reqIdx < valRequest.
size(); reqIdx++) {
217 if (!valRequest[reqIdx].isObject()) {
224 LogPrintf(
"RPC User %s not allowed to call method %s\n", jreq.
authUser, strMethod);
234 for (
size_t i{0}; i < valRequest.
size(); ++i) {
239 jreq.
parse(valRequest[i]);
243 }
catch (
const std::exception& e) {
259 if (reply.
size() == 0 && valRequest.
size() > 0) {
267 req->
WriteHeader(
"Content-Type",
"application/json");
272 }
catch (
const std::exception& e) {
286 std::optional<fs::perms> cookie_perms{std::nullopt};
287 auto cookie_perms_arg{
gArgs.
GetArg(
"-rpccookieperms")};
288 if (cookie_perms_arg) {
291 LogError(
"Invalid -rpccookieperms=%s; must be one of 'owner', 'group', or 'all'.", *cookie_perms_arg);
294 cookie_perms = *perm_opt;
301 LogInfo(
"RPC authentication cookie file generation is disabled.");
304 LogInfo(
"Using random cookie authentication.");
308 LogInfo(
"Using rpcuser/rpcpassword authentication.");
309 LogWarning(
"The use of rpcuser/rpcpassword is less secure, because credentials are configured in plain text. It is recommended that locally-run instances switch to cookie-based auth, or otherwise to use hashed rpcauth credentials. See share/rpcauth in the source directory for more information.");
315 if (!user.empty() || !pass.empty()) {
317 std::array<unsigned char, 16> raw_salt;
319 std::string salt =
HexStr(raw_salt);
322 std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE>
out;
330 LogInfo(
"Using rpcauth authentication.\n");
331 for (
const std::string& rpcauth :
gArgs.
GetArgs(
"-rpcauth")) {
332 std::vector<std::string> fields{
SplitString(rpcauth,
':')};
333 const std::vector<std::string> salt_hmac{
SplitString(fields.back(),
'$')};
334 if (fields.size() == 2 && salt_hmac.size() == 2) {
336 fields.insert(fields.end(), salt_hmac.begin(), salt_hmac.end());
339 LogPrintf(
"Invalid -rpcauth argument.\n");
346 for (
const std::string& strRPCWhitelist :
gArgs.
GetArgs(
"-rpcwhitelist")) {
347 auto pos = strRPCWhitelist.find(
':');
348 std::string strUser = strRPCWhitelist.substr(0, pos);
351 if (pos != std::string::npos) {
352 std::string strWhitelist = strRPCWhitelist.substr(pos + 1);
353 std::vector<std::string> whitelist_split =
SplitString(strWhitelist,
", ");
354 std::set<std::string> new_whitelist{
355 std::make_move_iterator(whitelist_split.begin()),
356 std::make_move_iterator(whitelist_split.end())};
358 std::set<std::string> tmp_whitelist;
359 std::set_intersection(new_whitelist.begin(), new_whitelist.end(),
360 whitelist.begin(), whitelist.end(), std::inserter(tmp_whitelist, tmp_whitelist.end()));
361 new_whitelist = std::move(tmp_whitelist);
363 whitelist = std::move(new_whitelist);
#define Assume(val)
Assume is the identity function.
std::vector< std::string > GetArgs(const std::string &strArg) const
Return a vector of strings of the given argument.
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
bool GetBoolArg(const std::string &strArg, bool fDefault) const
Return boolean argument or default value.
A hasher class for HMAC-SHA-256.
CHMAC_SHA256 & Write(const unsigned char *data, size_t len)
void Finalize(unsigned char hash[OUTPUT_SIZE])
std::string ToStringAddrPort() const
void trigger(struct timeval *tv)
Trigger the event.
Simple one-shot callback timer to be used by the RPC mechanism to e.g.
HTTPRPCTimer(struct event_base *eventBase, std::function< void()> &func, int64_t millis)
const char * Name() override
Implementation name.
RPCTimerBase * NewTimer(std::function< void()> &func, int64_t millis) override
Factory function for timers.
HTTPRPCTimerInterface(struct event_base *_base)
std::pair< bool, std::string > GetHeader(const std::string &hdr) const
Get the request header specified by hdr, or an empty string.
std::string GetURI() const
Get requested URI.
void WriteReply(int nStatus, std::string_view reply="")
Write HTTP reply.
void WriteHeader(const std::string &hdr, const std::string &value)
Write output header.
RequestMethod GetRequestMethod() const
Get request method.
std::string ReadBody()
Read request body.
CService GetPeer() const
Get CService (address:ip) for the origin of the http request.
JSONRPCVersion m_json_version
bool IsNotification() const
void parse(const UniValue &valRequest)
std::optional< UniValue > id
Opaque base class for timers returned by NewTimerFunc.
void push_back(UniValue val)
const std::string & get_str() const
const UniValue & find_value(std::string_view key) const
std::string write(unsigned int prettyIndent=0, unsigned int indentLevel=0) const
const UniValue & get_obj() const
bool read(std::string_view raw)
virtual bool HasWalletSupport() const =0
Is the wallet component enabled.
const WalletInitInterface & g_wallet_init_interface
std::optional< fs::perms > InterpretPermString(const std::string &s)
Interpret a custom permissions level string as fs::perms.
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
static const char * WWW_AUTH_HEADER_DATA
WWW-Authenticate to present with 401 Unauthorized response.
void InterruptHTTPRPC()
Interrupt HTTP RPC subsystem.
void StopHTTPRPC()
Stop HTTP RPC subsystem.
static std::unique_ptr< HTTPRPCTimerInterface > httpRPCTimerInterface
static bool CheckUserAuthorized(std::string_view user, std::string_view pass)
bool StartHTTPRPC(const std::any &context)
Start HTTP RPC subsystem.
static bool g_rpc_whitelist_default
static bool RPCAuthorized(const std::string &strAuth, std::string &strAuthUsernameOut)
static std::vector< std::vector< std::string > > g_rpcauth
static bool HTTPReq_JSONRPC(const std::any &context, HTTPRequest *req)
static bool InitRPCAuthentication()
static std::map< std::string, std::set< std::string > > g_rpc_whitelist
static void JSONErrorReply(HTTPRequest *req, UniValue objError, const JSONRPCRequest &jreq)
void UnregisterHTTPHandler(const std::string &prefix, bool exactMatch)
Unregister handler for prefix.
void RegisterHTTPHandler(const std::string &prefix, bool exactMatch, const HTTPRequestHandler &handler)
Register handler for prefix.
static struct event_base * eventBase
HTTP module state.
struct event_base * EventBase()
Return evhttp event base.
#define LogDebug(category,...)
std::vector< std::string > SplitString(std::string_view str, char sep)
std::string_view TrimStringView(std::string_view str, std::string_view pattern=" \f\n\r\t\v")
void GetStrongRandBytes(std::span< unsigned char > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
GenerateAuthCookieResult GenerateAuthCookie(const std::optional< fs::perms > &cookie_perms, std::string &user, std::string &pass)
Generate a new RPC authentication cookie and write it to disk.
UniValue JSONRPCError(int code, const std::string &message)
UniValue JSONRPCReplyObj(UniValue result, UniValue error, std::optional< UniValue > id, JSONRPCVersion jsonrpc_version)
@ HTTP_INTERNAL_SERVER_ERROR
@ RPC_INVALID_REQUEST
Standard JSON-RPC 2.0 errors.
void RPCUnsetTimerInterface(RPCTimerInterface *iface)
Unset factory function for timers.
UniValue JSONRPCExec(const JSONRPCRequest &jreq, bool catch_errors)
void RPCSetTimerInterface(RPCTimerInterface *iface)
Set the factory function for timers.
unsigned char * UCharCast(char *c)
bool TimingResistantEqual(const T &a, const T &b)
Timing-attack-resistant comparison.
const UniValue NullUniValue
std::optional< std::vector< unsigned char > > DecodeBase64(std::string_view str)
void UninterruptibleSleep(const std::chrono::microseconds &n)