make auth on remote rpc server optional

2021-06-23 13:27:03 +02:00 · 2021-06-23 13:27:03 +02:00 · 4217ec5308
commit 4217ec5308
parent 21b51328f9
4 changed files with 15 additions and 11 deletions
--- a/itests/kit/ensemble.go
+++ b/itests/kit/ensemble.go
@ -432,7 +432,7 @@ func (n *Ensemble) Start() *Ensemble {
 		cfg.Subsystems.EnableSectorStorage = m.options.subsystems.Has(SSectorStorage)

 		if m.options.mainMiner != nil {
-			token, err := m.options.mainMiner.FullNode.AuthNew(ctx, api.AllPermissions[:4])
+			token, err := m.options.mainMiner.FullNode.AuthNew(ctx, api.AllPermissions)
 			require.NoError(n.t, err)

 			cfg.Subsystems.SectorIndexApiInfo = fmt.Sprintf("%s:%s", token, m.options.mainMiner.ListenAddr)
--- a/node/impl/storminer.go
+++ b/node/impl/storminer.go
@ -8,6 +8,7 @@ import (
 	"strconv"
 	"time"

+	"github.com/filecoin-project/go-jsonrpc/auth"
 	"github.com/filecoin-project/lotus/chain/actors/builtin"
 	"github.com/filecoin-project/lotus/chain/gen"

@ -23,7 +24,6 @@ import (
 	"github.com/filecoin-project/go-fil-markets/piecestore"
 	retrievalmarket "github.com/filecoin-project/go-fil-markets/retrievalmarket"
 	storagemarket "github.com/filecoin-project/go-fil-markets/storagemarket"
-	"github.com/filecoin-project/go-jsonrpc/auth"
 	"github.com/filecoin-project/go-state-types/abi"

 	sectorstorage "github.com/filecoin-project/lotus/extern/sector-storage"
@ -93,14 +93,18 @@ type StorageMinerAPI struct {
 	SetExpectedSealDurationFunc                 dtypes.SetExpectedSealDurationFunc                 `optional:"true"`
 }

-func (sm *StorageMinerAPI) ServeRemote(w http.ResponseWriter, r *http.Request) {
-	if !auth.HasPerm(r.Context(), nil, api.PermAdmin) {
-		w.WriteHeader(401)
-		_ = json.NewEncoder(w).Encode(struct{ Error string }{"unauthorized: missing write permission"})
-		return
-	}
+func (sm *StorageMinerAPI) ServeRemote(perm bool) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if perm == true {
+			if !auth.HasPerm(r.Context(), nil, api.PermAdmin) {
+				w.WriteHeader(401)
+				_ = json.NewEncoder(w).Encode(struct{ Error string }{"unauthorized: missing write permission"})
+				return
+			}
+		}

-	sm.StorageMgr.ServeHTTP(w, r)
+		sm.StorageMgr.ServeHTTP(w, r)
+	}
 }

 func (sm *StorageMinerAPI) WorkerStats(context.Context) (map[uuid.UUID]storiface.WorkerStats, error) {
--- a/node/rpc.go
+++ b/node/rpc.go
@ -124,7 +124,7 @@ func MinerHandler(a api.StorageMiner, permissioned bool) (http.Handler, error) {

 	m.Handle("/rpc/v0", rpcServer)
 	m.Handle("/rpc/streams/v0/push/{uuid}", readerHandler)
-	m.PathPrefix("/remote").HandlerFunc(a.(*impl.StorageMinerAPI).ServeRemote)
+	m.PathPrefix("/remote").HandlerFunc(a.(*impl.StorageMinerAPI).ServeRemote(permissioned))

 	// debugging
 	m.Handle("/debug/metrics", metrics.Exporter())
--- a/testplans/lotus-soup/testkit/role_miner.go
+++ b/testplans/lotus-soup/testkit/role_miner.go
@ -600,7 +600,7 @@ func startStorageMinerAPIServer(t *TestEnvironment, repo repo.Repo, minerApi api
 	rpcServer.Register("Filecoin", minerApi)

 	mux.Handle("/rpc/v0", rpcServer)
-	mux.PathPrefix("/remote").HandlerFunc(minerApi.(*impl.StorageMinerAPI).ServeRemote)
+	mux.PathPrefix("/remote").HandlerFunc(minerApi.(*impl.StorageMinerAPI).ServeRemote(true))
 	mux.PathPrefix("/").Handler(http.DefaultServeMux) // pprof

 	exporter, err := prometheus.NewExporter(prometheus.Options{