From 0449ff557faed2906b36cdecf3c2cc07191f67b9 Mon Sep 17 00:00:00 2001 From: Marius van der Wijden Date: Thu, 10 Mar 2022 09:49:16 +0100 Subject: [PATCH] node: implement --authrpc.vhosts flag --- cmd/geth/main.go | 1 + cmd/geth/usage.go | 1 + cmd/utils/flags.go | 10 ++++++++++ node/config.go | 4 ++++ node/defaults.go | 1 + node/node.go | 2 +- 6 files changed, 18 insertions(+), 1 deletion(-) diff --git a/cmd/geth/main.go b/cmd/geth/main.go index f08e9a25206ed..24012167cdbe9 100644 --- a/cmd/geth/main.go +++ b/cmd/geth/main.go @@ -167,6 +167,7 @@ var ( utils.HTTPCORSDomainFlag, utils.AuthHostFlag, utils.AuthPortFlag, + utils.AuthVirtualHostsFlag, utils.JWTSecretFlag, utils.HTTPVirtualHostsFlag, utils.GraphQLEnabledFlag, diff --git a/cmd/geth/usage.go b/cmd/geth/usage.go index 9da36dcf0f81f..ad0f9401957d9 100644 --- a/cmd/geth/usage.go +++ b/cmd/geth/usage.go @@ -152,6 +152,7 @@ var AppHelpFlagGroups = []flags.FlagGroup{ utils.JWTSecretFlag, utils.AuthHostFlag, utils.AuthPortFlag, + utils.AuthVirtualHostsFlag, utils.GraphQLEnabledFlag, utils.GraphQLCORSDomainFlag, utils.GraphQLVirtualHostsFlag, diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go index 527a6c26f026e..5294404e0ce31 100644 --- a/cmd/utils/flags.go +++ b/cmd/utils/flags.go @@ -533,6 +533,11 @@ var ( Usage: "Listening port for authenticated APIs", Value: node.DefaultConfig.AuthPort, } + AuthVirtualHostsFlag = cli.StringFlag{ + Name: "authrpc.vhosts", + Usage: "Comma separated list of virtual hostnames from which to accept requests (server enforced). Accepts '*' wildcard.", + Value: strings.Join(node.DefaultConfig.AuthVirtualHosts, ","), + } JWTSecretFlag = cli.StringFlag{ Name: "authrpc.jwtsecret", Usage: "JWT secret (or path to a jwt secret) to use for authenticated RPC endpoints", @@ -973,10 +978,15 @@ func setHTTP(ctx *cli.Context, cfg *node.Config) { if ctx.GlobalIsSet(AuthHostFlag.Name) { cfg.AuthHost = ctx.GlobalString(AuthHostFlag.Name) } + if ctx.GlobalIsSet(AuthPortFlag.Name) { cfg.AuthPort = ctx.GlobalInt(AuthPortFlag.Name) } + if ctx.GlobalIsSet(AuthVirtualHostsFlag.Name) { + cfg.AuthVirtualHosts = SplitAndTrim(ctx.GlobalString(AuthVirtualHostsFlag.Name)) + } + if ctx.GlobalIsSet(HTTPCORSDomainFlag.Name) { cfg.HTTPCors = SplitAndTrim(ctx.GlobalString(HTTPCORSDomainFlag.Name)) } diff --git a/node/config.go b/node/config.go index 54c55dfa015a5..0502db94c9b3d 100644 --- a/node/config.go +++ b/node/config.go @@ -145,6 +145,10 @@ type Config struct { // AuthPort is the port number on which authenticated APIs are provided. AuthPort int `toml:",omitempty"` + // AuthVirtualHosts is the list of virtual hostnames which are allowed on incoming requests + // for the authenticated api. This is by default {'localhost'}. + AuthVirtualHosts []string `toml:",omitempty"` + // WSHost is the host interface on which to start the websocket RPC server. If // this field is empty, no websocket API endpoint will be started. WSHost string diff --git a/node/defaults.go b/node/defaults.go index ca23f07611320..2ad982316590d 100644 --- a/node/defaults.go +++ b/node/defaults.go @@ -52,6 +52,7 @@ var DefaultConfig = Config{ HTTPPort: DefaultHTTPPort, AuthHost: DefaultAuthHost, AuthPort: DefaultAuthPort, + AuthVirtualHosts: DefaultAuthVhosts, HTTPModules: []string{"net", "web3"}, HTTPVirtualHosts: []string{"localhost"}, HTTPTimeouts: rpc.DefaultHTTPTimeouts, diff --git a/node/node.go b/node/node.go index 9368b3b8257f6..06d6a39cea527 100644 --- a/node/node.go +++ b/node/node.go @@ -444,7 +444,7 @@ func (n *Node) startRPC() error { } if err := server.enableRPC(apis, httpConfig{ CorsAllowedOrigins: DefaultAuthCors, - Vhosts: DefaultAuthVhosts, + Vhosts: n.config.AuthVirtualHosts, Modules: DefaultAuthModules, prefix: DefaultAuthPrefix, jwtSecret: secret,