pivx/doxygen/httprpc_8cpp_source.html

 // Copyright (c) 2015-2017 The Bitcoin Core developers

 // Copyright (c) 2017-2021 The PIVX Core developers

 // Distributed under the MIT software license, see the accompanying

 // file COPYING or http://www.opensource.org/licenses/mit-license.php.


 #include "httprpc.h"


 #include "chainparams.h"

 #include "crypto/hmac_sha256.h"

 #include "guiinterface.h"

 #include "httpserver.h"

 #include "key_io.h"

 #include "rpc/protocol.h"

 #include "rpc/server.h"

 #include "random.h"

 #include "sync.h"

 #include "util/system.h"

 #include "utilstrencodings.h"


 #include <boost/algorithm/string.hpp> // boost::trim


 class HTTPRPCTimer : public RPCTimerBase

 {

 public:

     HTTPRPCTimer(struct event_base* eventBase, std::function<void(void)>& func, int64_t millis) :

         ev(eventBase, false, func)

     {

         struct timeval tv;

         tv.tv_sec = millis/1000;

         tv.tv_usec = (millis%1000)*1000;

         ev.trigger(&tv);

     }

 private:

     HTTPEvent ev;

 };


 class HTTPRPCTimerInterface : public RPCTimerInterface

 {

 public:

     explicit HTTPRPCTimerInterface(struct event_base* base) : base(base)

     {

     }

     const char* Name()

     {

         return "HTTP";

     }

     RPCTimerBase* NewTimer(std::function<void(void)>& func, int64_t millis)

     {

         return new HTTPRPCTimer(base, func, millis);

     }

 private:

     struct event_base* base;

 };


 /* Pre-base64-encoded authentication token */

 static std::string strRPCUserColonPass;

 /* Stored RPC timer interface (for unregistration) */

 static std::unique_ptr<HTTPRPCTimerInterface> httpRPCTimerInterface;


 static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const UniValue& id)

 {

     // Send error reply from json-rpc error object

     int nStatus = HTTP_INTERNAL_SERVER_ERROR;

     int code = find_value(objError, "code").get_int();


     if (code == RPC_INVALID_REQUEST)

         nStatus = HTTP_BAD_REQUEST;

     else if (code == RPC_METHOD_NOT_FOUND)

         nStatus = HTTP_NOT_FOUND;


     std::string strReply = JSONRPCReply(NullUniValue, objError, id);


     req->WriteHeader("Content-Type", "application/json");

     req->WriteReply(nStatus, strReply);

 }


 //This function checks username and password against -rpcauth

 //entries from config file.

 static bool multiUserAuthorized(std::string strUserPass)

 {

     if (strUserPass.find(':') == std::string::npos) {

         return false;

     }

     std::string strUser = strUserPass.substr(0, strUserPass.find(':'));

     std::string strPass = strUserPass.substr(strUserPass.find(':') + 1);


     for (const std::string& strRPCAuth : gArgs.GetArgs("-rpcauth")) {

         //Search for multi-user login/pass "rpcauth" from config

         std::vector<std::string> vFields;

         boost::split(vFields, strRPCAuth, boost::is_any_of(":$"));

         if (vFields.size() != 3) {

             //Incorrect formatting in config file

             continue;

         }


         std::string strName = vFields[0];

         if (!TimingResistantEqual(strName, strUser)) {

             continue;

         }


         std::string strSalt = vFields[1];

         std::string strHash = vFields[2];


         static const unsigned int KEY_SIZE = 32;

         unsigned char out[KEY_SIZE];


         CHMAC_SHA256(reinterpret_cast<const unsigned char*>(strSalt.c_str()), strSalt.size()).Write(reinterpret_cast<const unsigned char*>(strPass.c_str()), strPass.size()).Finalize(out);

         std::vector<unsigned char> hexvec(out, out+KEY_SIZE);

         std::string strHashFromPass = HexStr(hexvec);


         if (TimingResistantEqual(strHashFromPass, strHash)) {

             return true;

         }

     }

     return false;

 }


 static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)

 {

     if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called

         return false;

     if (strAuth.substr(0, 6) != "Basic ")

         return false;

     std::string strUserPass64 = strAuth.substr(6);

     boost::trim(strUserPass64);

     std::string strUserPass = DecodeBase64(strUserPass64);


     if (strUserPass.find(':') != std::string::npos)

         strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(':'));


     //Check if authorized under single-user field

     if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) {

         return true;

     }

     return multiUserAuthorized(strUserPass);

 }


 static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)

 {

     // JSONRPC handles only POST

     if (req->GetRequestMethod() != HTTPRequest::POST) {

         req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests");

         return false;

     }

     // Check authorization

     std::pair<bool, std::string> authHeader = req->GetHeader("authorization");

     if (!authHeader.first) {

         req->WriteReply(HTTP_UNAUTHORIZED);

         return false;

     }


     JSONRPCRequest jreq;

     if (!RPCAuthorized(authHeader.second, jreq.authUser)) {

         LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());


         /* Deter brute-forcing

            If this results in a DoS the user really

            shouldn't have their RPC port exposed. */

         MilliSleep(250);


         req->WriteReply(HTTP_UNAUTHORIZED);

         return false;

     }


     try {

         // Parse request

         UniValue valRequest;

         if (!valRequest.read(req->ReadBody()))

             throw JSONRPCError(RPC_PARSE_ERROR, "Parse error");


         // Set the URI

         jreq.URI = req->GetURI();


         std::string strReply;

         // singleton request

         if (valRequest.isObject()) {

             jreq.parse(valRequest);


             UniValue result = tableRPC.execute(jreq);


             // Send reply

             strReply = JSONRPCReply(result, NullUniValue, jreq.id);


         // array of requests

         } else if (valRequest.isArray())

             strReply = JSONRPCExecBatch(valRequest.get_array());

         else

             throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error");


         req->WriteHeader("Content-Type", "application/json");

         req->WriteReply(HTTP_OK, strReply);

     } catch (const UniValue& objError) {

         JSONErrorReply(req, objError, jreq.id);

         return false;

     } catch (const std::exception& e) {

         JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id);

         return false;

     }

     return true;

 }


 static bool InitRPCAuthentication()

 {

     if (gArgs.GetArg("-rpcpassword", "") == "")

     {

         LogPrintf("No rpcpassword set - using random cookie authentication\n");

         if (!GenerateAuthCookie(&strRPCUserColonPass)) {

             uiInterface.ThreadSafeMessageBox(

                 _("Error: A fatal internal error occurred, see debug.log for details"), // Same message as AbortNode

                 "", CClientUIInterface::MSG_ERROR);

             return false;

         }

     } else {

         LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation.\n");

         strRPCUserColonPass = gArgs.GetArg("-rpcuser", "") + ":" + gArgs.GetArg("-rpcpassword", "");

     }

     return true;

 }


 bool StartHTTPRPC()

 {

     LogPrint(BCLog::RPC, "Starting HTTP RPC server\n");

     if (!InitRPCAuthentication())

         return false;


     RegisterHTTPHandler("/", true, HTTPReq_JSONRPC);

 #ifdef ENABLE_WALLET

     // ifdef can be removed once we switch to better endpoint support and API versioning

     RegisterHTTPHandler("/wallet/", false, HTTPReq_JSONRPC);

 #endif

     assert(EventBase());

     httpRPCTimerInterface = std::make_unique<HTTPRPCTimerInterface>(EventBase());

     RPCSetTimerInterface(httpRPCTimerInterface.get());

     return true;

 }


 void InterruptHTTPRPC()

 {

     LogPrint(BCLog::RPC, "Interrupting HTTP RPC server\n");

 }


 void StopHTTPRPC()

 {

     LogPrint(BCLog::RPC, "Stopping HTTP RPC server\n");

     UnregisterHTTPHandler("/", true);

     if (httpRPCTimerInterface) {

         RPCUnsetTimerInterface(httpRPCTimerInterface.get());

         httpRPCTimerInterface.reset();

     }

 }

false
false
Definition: bls_dkg.cpp:151

chainparams.h

ArgsManager::GetArgs
std::vector< std::string > GetArgs(const std::string &strArg) const
Return a vector of strings of the given argument.
Definition: system.cpp:406

ArgsManager::GetArg
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
Definition: system.cpp:449

CClientUIInterface::MSG_ERROR
@ MSG_ERROR
Definition: guiinterface.h:79

CClientUIInterface::ThreadSafeMessageBox
boost::signals2::signal< bool(const std::string &message, const std::string &caption, unsigned int style), boost::signals2::last_value< bool > > ThreadSafeMessageBox
Show message box.
Definition: guiinterface.h:84

CHMAC_SHA256
A hasher class for HMAC-SHA-256.
Definition: hmac_sha256.h:15

CHMAC_SHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: hmac_sha256.cpp:29

CHMAC_SHA256::Write
CHMAC_SHA256 & Write(const unsigned char *data, size_t len)
Definition: hmac_sha256.h:24

CRPCTable::execute
UniValue execute(const JSONRPCRequest &request) const
Execute a method.
Definition: server.cpp:493

CService::ToString
std::string ToString() const
Definition: netaddress.cpp:954

HTTPEvent
Event class.
Definition: httpserver.h:132

HTTPEvent::trigger
void trigger(struct timeval *tv)
Trigger the event.
Definition: httpserver.cpp:525

HTTPRPCTimer
Simple one-shot callback timer to be used by the RPC mechanism to e.g.
Definition: httprpc.cpp:26

HTTPRPCTimer::ev
HTTPEvent ev
Definition: httprpc.cpp:37

HTTPRPCTimer::HTTPRPCTimer
HTTPRPCTimer(struct event_base *eventBase, std::function< void(void)> &func, int64_t millis)
Definition: httprpc.cpp:28

HTTPRPCTimerInterface
Definition: httprpc.cpp:41

HTTPRPCTimerInterface::NewTimer
RPCTimerBase * NewTimer(std::function< void(void)> &func, int64_t millis)
Factory function for timers.
Definition: httprpc.cpp:50

HTTPRPCTimerInterface::Name
const char * Name()
Implementation name.
Definition: httprpc.cpp:46

HTTPRPCTimerInterface::HTTPRPCTimerInterface
HTTPRPCTimerInterface(struct event_base *base)
Definition: httprpc.cpp:43

HTTPRPCTimerInterface::base
struct event_base * base
Definition: httprpc.cpp:55

HTTPRequest
In-flight HTTP request.
Definition: httpserver.h:59

HTTPRequest::POST
@ POST
Definition: httpserver.h:71

HTTPRequest::WriteReply
void WriteReply(int nStatus, const std::string &strReply="")
Write HTTP reply.
Definition: httpserver.cpp:589

HTTPRequest::GetURI
std::string GetURI()
Get requested URI.
Definition: httpserver.cpp:633

HTTPRequest::GetPeer
CService GetPeer()
Get CService (address:ip) for the origin of the http request.
Definition: httpserver.cpp:619

HTTPRequest::GetHeader
std::pair< bool, std::string > GetHeader(const std::string &hdr)
Get the request header specified by hdr, or an empty string.
Definition: httpserver.cpp:546

HTTPRequest::WriteHeader
void WriteHeader(const std::string &hdr, const std::string &value)
Write output header.
Definition: httpserver.cpp:577

HTTPRequest::ReadBody
std::string ReadBody()
Read request body.
Definition: httpserver.cpp:557

HTTPRequest::GetRequestMethod
RequestMethod GetRequestMethod()
Get request method.
Definition: httpserver.cpp:638

JSONRPCRequest
Definition: server.h:43

JSONRPCRequest::id
UniValue id
Definition: server.h:45

JSONRPCRequest::parse
void parse(const UniValue &valRequest)
Definition: server.cpp:377

JSONRPCRequest::URI
std::string URI
Definition: server.h:49

JSONRPCRequest::authUser
std::string authUser
Definition: server.h:50

RPCTimerBase
Opaque base class for timers returned by NewTimerFunc.
Definition: server.h:95

RPCTimerInterface
RPC timer "driver".
Definition: server.h:104

UniValue
Definition: univalue.h:19

UniValue::isArray
bool isArray() const
Definition: univalue.h:83

UniValue::get_array
const UniValue & get_array() const
Definition: univalue_get.cpp:141

UniValue::read
bool read(const char *raw, size_t len)
Definition: univalue_read.cpp:259

UniValue::isObject
bool isObject() const
Definition: univalue.h:84

UniValue::get_int
int get_int() const
Definition: univalue_get.cpp:104

guiinterface.h

uiInterface
CClientUIInterface uiInterface
Definition: init.cpp:109

hmac_sha256.h

InterruptHTTPRPC
void InterruptHTTPRPC()
Interrupt HTTP RPC subsystem.
Definition: httprpc.cpp:241

StopHTTPRPC
void StopHTTPRPC()
Stop HTTP RPC subsystem.
Definition: httprpc.cpp:246

StartHTTPRPC
bool StartHTTPRPC()
Start HTTP RPC subsystem.
Definition: httprpc.cpp:224

httprpc.h

UnregisterHTTPHandler
void UnregisterHTTPHandler(const std::string &prefix, bool exactMatch)
Unregister handler for prefix.
Definition: httpserver.cpp:665

RegisterHTTPHandler
void RegisterHTTPHandler(const std::string &prefix, bool exactMatch, const HTTPRequestHandler &handler)
Register handler for prefix.
Definition: httpserver.cpp:659

EventBase
struct event_base * EventBase()
Return evhttp event base.
Definition: httpserver.cpp:501

httpserver.h

key_io.h

LogPrint
#define LogPrint(category,...)
Definition: logging.h:163

BCLog::RPC
@ RPC
Definition: logging.h:48

random.h

JSONRPCReply
std::string JSONRPCReply(const UniValue &result, const UniValue &error, const UniValue &id)
Definition: protocol.cpp:47

JSONRPCError
UniValue JSONRPCError(int code, const std::string &message)
Definition: protocol.cpp:53

GenerateAuthCookie
bool GenerateAuthCookie(std::string *cookie_out)
Generate a new RPC authentication cookie and write it to disk.
Definition: protocol.cpp:74

protocol.h

HTTP_BAD_REQUEST
@ HTTP_BAD_REQUEST
Definition: protocol.h:22

HTTP_BAD_METHOD
@ HTTP_BAD_METHOD
Definition: protocol.h:26

HTTP_OK
@ HTTP_OK
Definition: protocol.h:21

HTTP_UNAUTHORIZED
@ HTTP_UNAUTHORIZED
Definition: protocol.h:23

HTTP_NOT_FOUND
@ HTTP_NOT_FOUND
Definition: protocol.h:25

HTTP_INTERNAL_SERVER_ERROR
@ HTTP_INTERNAL_SERVER_ERROR
Definition: protocol.h:27

RPC_PARSE_ERROR
@ RPC_PARSE_ERROR
Definition: protocol.h:38

RPC_METHOD_NOT_FOUND
@ RPC_METHOD_NOT_FOUND
Definition: protocol.h:35

RPC_INVALID_REQUEST
@ RPC_INVALID_REQUEST
Standard JSON-RPC 2.0 errors.
Definition: protocol.h:34

RPCUnsetTimerInterface
void RPCUnsetTimerInterface(RPCTimerInterface *iface)
Unset factory function for timers.
Definition: server.cpp:550

JSONRPCExecBatch
std::string JSONRPCExecBatch(const UniValue &vReq)
Definition: server.cpp:434

tableRPC
CRPCTable tableRPC
Definition: server.cpp:565

RPCSetTimerInterface
void RPCSetTimerInterface(RPCTimerInterface *iface)
Set factory function for timers.
Definition: server.cpp:545

server.h

sync.h

gArgs
ArgsManager gArgs
Definition: system.cpp:89

system.h

_
std::string _(const char *psz)
Translation function: Call Translate signal on UI interface, which returns a Optional result.
Definition: system.h:65

find_value
const UniValue & find_value(const UniValue &obj, const std::string &name)
Definition: univalue.cpp:234

NullUniValue
const UniValue NullUniValue
Definition: univalue.cpp:13

HexStr
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: utilstrencodings.cpp:563

DecodeBase64
std::vector< unsigned char > DecodeBase64(const char *p, bool *pfInvalid)
Definition: utilstrencodings.cpp:140

utilstrencodings.h

TimingResistantEqual
bool TimingResistantEqual(const T &a, const T &b)
Timing-attack-resistant comparison.
Definition: utilstrencodings.h:168

MilliSleep
void MilliSleep(int64_t n)
Definition: utiltime.cpp:82