diff --git a/itests/kit/ensemble.go b/itests/kit/ensemble.go index be6679121..fdc4b8120 100644 --- a/itests/kit/ensemble.go +++ b/itests/kit/ensemble.go @@ -432,7 +432,7 @@ func (n *Ensemble) Start() *Ensemble { cfg.Subsystems.EnableSectorStorage = m.options.subsystems.Has(SSectorStorage) if m.options.mainMiner != nil { - token, err := m.options.mainMiner.FullNode.AuthNew(ctx, api.AllPermissions[:4]) + token, err := m.options.mainMiner.FullNode.AuthNew(ctx, api.AllPermissions) require.NoError(n.t, err) cfg.Subsystems.SectorIndexApiInfo = fmt.Sprintf("%s:%s", token, m.options.mainMiner.ListenAddr) diff --git a/node/impl/storminer.go b/node/impl/storminer.go index 609b66c32..69cac4f97 100644 --- a/node/impl/storminer.go +++ b/node/impl/storminer.go @@ -8,6 +8,7 @@ import ( "strconv" "time" + "github.com/filecoin-project/go-jsonrpc/auth" "github.com/filecoin-project/lotus/chain/actors/builtin" "github.com/filecoin-project/lotus/chain/gen" @@ -23,7 +24,6 @@ import ( "github.com/filecoin-project/go-fil-markets/piecestore" retrievalmarket "github.com/filecoin-project/go-fil-markets/retrievalmarket" storagemarket "github.com/filecoin-project/go-fil-markets/storagemarket" - "github.com/filecoin-project/go-jsonrpc/auth" "github.com/filecoin-project/go-state-types/abi" sectorstorage "github.com/filecoin-project/lotus/extern/sector-storage" @@ -93,14 +93,18 @@ type StorageMinerAPI struct { SetExpectedSealDurationFunc dtypes.SetExpectedSealDurationFunc `optional:"true"` } -func (sm *StorageMinerAPI) ServeRemote(w http.ResponseWriter, r *http.Request) { - if !auth.HasPerm(r.Context(), nil, api.PermAdmin) { - w.WriteHeader(401) - _ = json.NewEncoder(w).Encode(struct{ Error string }{"unauthorized: missing write permission"}) - return - } +func (sm *StorageMinerAPI) ServeRemote(perm bool) func(w http.ResponseWriter, r *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + if perm == true { + if !auth.HasPerm(r.Context(), nil, api.PermAdmin) { + w.WriteHeader(401) + _ = json.NewEncoder(w).Encode(struct{ Error string }{"unauthorized: missing write permission"}) + return + } + } - sm.StorageMgr.ServeHTTP(w, r) + sm.StorageMgr.ServeHTTP(w, r) + } } func (sm *StorageMinerAPI) WorkerStats(context.Context) (map[uuid.UUID]storiface.WorkerStats, error) { diff --git a/node/rpc.go b/node/rpc.go index f90dfaed6..b283f6ac1 100644 --- a/node/rpc.go +++ b/node/rpc.go @@ -124,7 +124,7 @@ func MinerHandler(a api.StorageMiner, permissioned bool) (http.Handler, error) { m.Handle("/rpc/v0", rpcServer) m.Handle("/rpc/streams/v0/push/{uuid}", readerHandler) - m.PathPrefix("/remote").HandlerFunc(a.(*impl.StorageMinerAPI).ServeRemote) + m.PathPrefix("/remote").HandlerFunc(a.(*impl.StorageMinerAPI).ServeRemote(permissioned)) // debugging m.Handle("/debug/metrics", metrics.Exporter()) diff --git a/testplans/lotus-soup/testkit/role_miner.go b/testplans/lotus-soup/testkit/role_miner.go index a0248cfdd..18479b9d3 100644 --- a/testplans/lotus-soup/testkit/role_miner.go +++ b/testplans/lotus-soup/testkit/role_miner.go @@ -600,7 +600,7 @@ func startStorageMinerAPIServer(t *TestEnvironment, repo repo.Repo, minerApi api rpcServer.Register("Filecoin", minerApi) mux.Handle("/rpc/v0", rpcServer) - mux.PathPrefix("/remote").HandlerFunc(minerApi.(*impl.StorageMinerAPI).ServeRemote) + mux.PathPrefix("/remote").HandlerFunc(minerApi.(*impl.StorageMinerAPI).ServeRemote(true)) mux.PathPrefix("/").Handler(http.DefaultServeMux) // pprof exporter, err := prometheus.NewExporter(prometheus.Options{