59 Commits

Author SHA1 Message Date
Martin Holst Swende
d3441ebb56
cmd/clef, signer: security fixes (#17554)
* signer: remove local path disclosure from extapi

* signer: show more data in cli ui

* rpc: make http server forward UA and Origin via Context

* signer, clef/core: ui changes + display UA and Origin

* signer: cliui - indicate less trust in remote headers, see https://github.com/ethereum/go-ethereum/issues/17637

* signer: prevent possibility swap KV-entries in aes_gcm storage, fixes #17635

* signer: remove ecrecover from external API

* signer,clef: default reject instead of warn + valideate new passwords. fixes #17632 and #17631

* signer: check calldata length even if no ABI signature is present

* signer: fix failing testcase

* clef: remove account import from external api

* signer: allow space in passwords, improve error messsage

* signer/storage: fix typos
2018-09-25 15:54:58 +02:00
HackyMiner
b66f793443 rpc: increase maxRequestContentLength size to 512kB (#17595) 2018-09-25 12:27:18 +02:00
Ryan Schneider
5d7e18539e rpc: make HTTP RPC timeouts configurable, raise defaults (#17240)
* rpc: Make HTTP server timeout values configurable

* rpc: Remove flags for setting HTTP Timeouts, configuring via .toml is sufficient.

* rpc: Replace separate constants with a single default struct.

* rpc: Update HTTP Server Read and Write Timeouts to 30s.

* rpc: Remove redundant NewDefaultHTTPTimeouts function.

* rpc: document HTTPTimeouts.

* rpc: sanitize timeout values for library use
2018-07-31 12:16:14 +03:00
Martin Holst Swende
17f80cc2e2
rpc: set timeouts for http server, see #16859 2018-06-04 11:41:55 +02:00
Ryan Schneider
c8dcb9584e rpc: use HTTP request context as top-level context (#16861) 2018-06-02 12:26:47 +02:00
kiel barry
2ad511ce09 rpc: golint error with context as last parameter (#16657)
* rpc/*: golint error with context as last parameter

* Update json.go
2018-05-03 11:41:22 +03:00
Martin Holst Swende
8feb31825e rpc: handle HTTP response error codes (#16500) 2018-04-19 15:32:43 +02:00
Martin Holst Swende
ec3db0f56c cmd/clef, signer: initial poc of the standalone signer (#16154)
* signer: introduce external signer command

* cmd/signer, rpc: Implement new signer. Add info about remote user to Context

* signer: refactored request/response, made use of urfave.cli

* cmd/signer: Use common flags

* cmd/signer: methods to validate calldata against abi

* cmd/signer: work on abi parser

* signer: add mutex around UI

* cmd/signer: add json 4byte directory, remove passwords from api

* cmd/signer: minor changes

* cmd/signer: Use ErrRequestDenied, enable lightkdf

* cmd/signer: implement tests

* cmd/signer: made possible for UI to modify tx parameters

* cmd/signer: refactors, removed channels in ui comms, added UI-api via stdin/out

* cmd/signer: Made lowercase json-definitions, added UI-signer test functionality

* cmd/signer: update documentation

* cmd/signer: fix bugs, improve abi detection, abi argument display

* cmd/signer: minor change in json format

* cmd/signer: rework json communication

* cmd/signer: implement mixcase addresses in API, fix json id bug

* cmd/signer: rename fromaccount, update pythonpoc with new json encoding format

* cmd/signer: make use of new abi interface

* signer: documentation

* signer/main: remove redundant  option

* signer: implement audit logging

* signer: create package 'signer', minor changes

* common: add 0x-prefix to mixcaseaddress in json marshalling + validation

* signer, rules, storage: implement rules + ephemeral storage for signer rules

* signer: implement OnApprovedTx, change signing response (API BREAKAGE)

* signer: refactoring + documentation

* signer/rules: implement dispatching to next handler

* signer: docs

* signer/rules: hide json-conversion from users, ensure context is cleaned

* signer: docs

* signer: implement validation rules, change signature of call_info

* signer: fix log flaw with string pointer

* signer: implement custom 4byte databsae that saves submitted signatures

* signer/storage: implement aes-gcm-backed credential storage

* accounts: implement json unmarshalling of url

* signer: fix listresponse, fix gas->uint64

* node: make http/ipc start methods public

* signer: add ipc capability+review concerns

* accounts: correct docstring

* signer: address review concerns

* rpc: go fmt -s

* signer: review concerns+ baptize Clef

* signer,node: move Start-functions to separate file

* signer: formatting
2018-04-16 15:04:32 +03:00
Felix Lange
e9b5e22ad1 rpc: limit chunked requests (#16343) 2018-03-26 14:46:37 +03:00
Péter Szilágyi
555f42cfd8
rpc: enforce the 128KB request limits on websockets too 2018-03-13 13:55:26 +02:00
Martin Holst Swende
6c6247a690
node, rpc: fix linter issues 2018-02-12 14:12:55 +01:00
Martin Holst Swende
589b603a9b rpc: dns rebind protection (#15962)
* cmd,node,rpc: add allowedHosts to prevent dns rebinding attacks

* p2p,node: Fix bug with dumpconfig introduced in r54aeb8e4c0bb9f0e7a6c67258af67df3b266af3d

* rpc: add wildcard support for rpcallowedhosts + go fmt

* cmd/geth, cmd/utils, node, rpc: ignore direct ip(v4/6) addresses in rpc virtual hostnames check

* http, rpc, utils: make vhosts into map, address review concerns

* node: change log messages to use geth standard (not sprintf)

* rpc: fix spelling
2018-02-12 14:52:07 +02:00
Steven Roose
952482d5e4 rpc: Support specifying HTTP client in RPC dialing (#15836)
* rpc: Support specifying HTTP client in RPC dialing

Adds a minimal interface that captures http.Client and adds a new method
rpc.DialHTTPClient that takes a client using that interface. The existing
rpc.DialHTTP method is then alternatively implemented by using the new
rpc.DialHTTPClient method provided with a standard *http.Client.

* rpc: fix minor doc typos
2018-01-24 10:59:15 +02:00
Sorin Neacsu
5369a5c54d rpc: allow OPTIONS requests without Content-Type (#15759)
Fixes #15740
2017-12-28 14:15:33 +01:00
Vitaly V
f258a21a63 rpc: use method constants instead of literal strings (#15652) 2017-12-12 19:12:32 +01:00
Péter Szilágyi
3c6b9c5d72
rpc: minor cleanups to RPC PR 2017-11-17 14:25:02 +02:00
Armani Ferrante
c5b8569707 rpc: disallow PUT and DELETE on HTTP (#15501)
Fixes #15493
2017-11-17 13:07:11 +01:00
Péter Szilágyi
4013e23312
rpc: allow dumb empty requests for AWS health checks 2017-11-16 13:51:06 +02:00
bas-vk
4fe30bf5ad rpc: check content-type for HTTP requests (#15220) 2017-11-09 10:54:58 +01:00
bloonfield
413dc1d265 rpc: fix closure problem in batch processing (#14688)
Demo of the issue: https://play.golang.org/p/EeTLFfppqC
2017-06-26 12:26:22 +03:00
Bas van Kervel
a6af56fa4d
rpc: disable CORS if user has not specified custom config 2017-05-02 11:14:40 +02:00
bas-vk
5e29f4be93 cmd/utils, node: remove unused solc references and improve RPC config (#14324)
Currently http cors and websocket origins are a comma separated string in the
config object. These are replaced with string arrays that are more expressive in
case of a config file.
2017-04-12 23:04:14 +02:00
Felix Lange
c213fd1fd8 all: import "context" instead of "golang.org/x/net/context"
There is no need to depend on the old context package now that the
minimum Go version is 1.7. The move to "context" eliminates our weird
vendoring setup. Some vendored code still uses golang.org/x/net/context
and it is now vendored in the normal way.

This change triggered new vet checks around context.WithTimeout which
didn't fire with golang.org/x/net/context.
2017-03-22 20:49:15 +01:00
Micah Zoltu
4e4e5fca54 rpc: add support for extended headers in CORS requests (#3783)
Fixes #3762.  Details about parameter:
a62a804a8a/cors.go (L50-L54)
2017-03-16 04:34:08 +01:00
Kenji Siu
d85d3c74db internal/debug, internal/ethapi, rpc, swarm/storage: Ran "go fmt" 2016-11-01 18:40:36 +08:00
Jonathan Brown
ae341b31c8 rpc: set CORS Max-Age to reduce preflight OPTIONS requests 2016-10-03 20:24:58 +07:00
Felix Lange
91b7690428 rpc: add new client, use it everywhere
The new client implementation supports concurrent requests,
subscriptions and replaces the various ad hoc RPC clients
throughout go-ethereum.
2016-07-22 23:21:27 +02:00
Bas van Kervel
aa9fff3e68 rpc: various fixes/enhancements
rpc: be less restrictive on the request id
rpc: improved documentation
console: upgrade web3.js to version 0.16.0
rpc: cache http connections
rpc: rename wsDomains parameter to wsOrigins
2016-04-12 11:02:39 +02:00
Bas van Kervel
f7328c5ecb rpc: add pub/sub support 2016-04-01 18:26:35 +02:00
Bas van Kervel
a7bae3b2a6 rpc/http: improve request handling 2016-03-23 11:27:08 +01:00
Péter Szilágyi
df75dbfd68 cmd, node, rpc: readd inproc RPC client, expose via node 2016-02-09 14:10:40 +02:00
Péter Szilágyi
a13bc9d7a1 cmd, common, node, rpc: move HTTP RPC into node, drop singletone aspect 2016-02-05 13:45:36 +02:00
Péter Szilágyi
72c255caef rpc: allow RPC requests on GET too 2016-02-03 00:50:02 +02:00
Bas van Kervel
19b2640e89 rpc: migrated the RPC insterface to a new reflection based RPC layer 2016-01-26 13:51:50 +01:00
Bas van Kervel
a4a4e9fcf8 removed old rpc structure and added new inproc api client 2015-06-22 09:17:09 +02:00
Taylor Gerring
a2598e649d Permit multiple CORS domains
Separated by spaces
2015-05-18 10:31:03 -05:00
Taylor Gerring
44a7f997c3 Unreverse ordering 2015-05-14 15:50:39 -05:00
Taylor Gerring
5c6540452a Omit replies for notification requests
When Id is missing, the client does not want a response
2015-05-14 12:39:57 -05:00
Péter Szilágyi
0ad5898c0f rpc, xeth: fix #881, gracefully handle offline whisper 2015-05-11 11:53:53 +03:00
Taylor Gerring
b071e7f4db Remove old logger from RPC pkg 2015-04-27 09:18:55 -05:00
Bas van Kervel
61885aa965 Don't export types/functions 2015-04-19 10:01:50 +02:00
Bas van Kervel
2c229bac00 Replaced channel pointer field with non pointer channel 2015-04-19 09:55:41 +02:00
Bas van Kervel
ead3dd9759 Stop accepted and alive connections (http keep-alive) when the rpc service is stopped 2015-04-16 19:23:57 +02:00
Bas van Kervel
57f93d25bd admin.stopRPC support added which stops the RPC HTTP listener 2015-04-16 12:56:51 +02:00
obscuren
d82aaf617c rpc: changed logging to use glog 2015-04-15 00:09:13 +02:00
Taylor Gerring
b6fde73ef1 Add settable domain to CORS handler #331 2015-03-29 21:56:04 +02:00
Taylor Gerring
04a7c4ae1e Abstract http into rpc package
New RpcConfig object to pass growing config
2015-03-29 21:26:47 +02:00
Taylor Gerring
d9f8b1e0c1 Report InvalidTypeError as -32602 to JSON RPC 2015-03-28 21:42:44 +01:00
Taylor Gerring
e29396b691 Use ExtraDB for storage. Fixes #577 2015-03-27 09:36:18 +01:00
Taylor Gerring
abc3d8d50a Make send internal 2015-03-19 18:06:26 -04:00