lotus-wallet: Support permissioned api
This commit is contained in:
Łukasz Magiera
parent
47608c1937
commit
7d1ae7daf5
@ -35,13 +35,13 @@ type MsgMeta struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type Wallet interface {
|
type Wallet interface {
|
||||||
WalletNew(context.Context, types.KeyType) (address.Address, error)
|
WalletNew(context.Context, types.KeyType) (address.Address, error) //perm:admin
|
||||||
WalletHas(context.Context, address.Address) (bool, error)
|
WalletHas(context.Context, address.Address) (bool, error) //perm:admin
|
||||||
WalletList(context.Context) ([]address.Address, error)
|
WalletList(context.Context) ([]address.Address, error) //perm:admin
|
||||||
|
|
||||||
WalletSign(ctx context.Context, signer address.Address, toSign []byte, meta MsgMeta) (*crypto.Signature, error)
|
WalletSign(ctx context.Context, signer address.Address, toSign []byte, meta MsgMeta) (*crypto.Signature, error) //perm:admin
|
||||||
|
|
||||||
WalletExport(context.Context, address.Address) (*types.KeyInfo, error)
|
WalletExport(context.Context, address.Address) (*types.KeyInfo, error) //perm:admin
|
||||||
WalletImport(context.Context, *types.KeyInfo) (address.Address, error)
|
WalletImport(context.Context, *types.KeyInfo) (address.Address, error) //perm:admin
|
||||||
WalletDelete(context.Context, address.Address) error
|
WalletDelete(context.Context, address.Address) error //perm:admin
|
||||||
}
|
}
|
||||||
|
|||||||
@ -731,19 +731,19 @@ type StorageMinerStub struct {
|
|||||||
|
|
||||||
type WalletStruct struct {
|
type WalletStruct struct {
|
||||||
Internal struct {
|
Internal struct {
|
||||||
WalletDelete func(p0 context.Context, p1 address.Address) error ``
|
WalletDelete func(p0 context.Context, p1 address.Address) error `perm:"admin"`
|
||||||
|
|
||||||
WalletExport func(p0 context.Context, p1 address.Address) (*types.KeyInfo, error) ``
|
WalletExport func(p0 context.Context, p1 address.Address) (*types.KeyInfo, error) `perm:"admin"`
|
||||||
|
|
||||||
WalletHas func(p0 context.Context, p1 address.Address) (bool, error) ``
|
WalletHas func(p0 context.Context, p1 address.Address) (bool, error) `perm:"admin"`
|
||||||
|
|
||||||
WalletImport func(p0 context.Context, p1 *types.KeyInfo) (address.Address, error) ``
|
WalletImport func(p0 context.Context, p1 *types.KeyInfo) (address.Address, error) `perm:"admin"`
|
||||||
|
|
||||||
WalletList func(p0 context.Context) ([]address.Address, error) ``
|
WalletList func(p0 context.Context) ([]address.Address, error) `perm:"admin"`
|
||||||
|
|
||||||
WalletNew func(p0 context.Context, p1 types.KeyType) (address.Address, error) ``
|
WalletNew func(p0 context.Context, p1 types.KeyType) (address.Address, error) `perm:"admin"`
|
||||||
|
|
||||||
WalletSign func(p0 context.Context, p1 address.Address, p2 []byte, p3 MsgMeta) (*crypto.Signature, error) ``
|
WalletSign func(p0 context.Context, p1 address.Address, p2 []byte, p3 MsgMeta) (*crypto.Signature, error) `perm:"admin"`
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -127,8 +127,8 @@ var runCmd = &cli.Command{
|
|||||||
Usage: "don't query chain state in interactive mode",
|
Usage: "don't query chain state in interactive mode",
|
||||||
},
|
},
|
||||||
&cli.BoolFlag{
|
&cli.BoolFlag{
|
||||||
Name: "disable-auth",
|
Name: "disable-auth",
|
||||||
Usage: "(insecure) disable api auth",
|
Usage: "(insecure) disable api auth",
|
||||||
Hidden: true,
|
Hidden: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -192,16 +192,20 @@ var runCmd = &cli.Command{
|
|||||||
w = &LoggedWallet{under: w}
|
w = &LoggedWallet{under: w}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rpcApi := metrics.MetricedWalletAPI(w)
|
||||||
|
if !cctx.Bool("disable-auth") {
|
||||||
|
rpcApi = api.PermissionedWalletAPI(rpcApi)
|
||||||
|
}
|
||||||
|
|
||||||
rpcServer := jsonrpc.NewServer()
|
rpcServer := jsonrpc.NewServer()
|
||||||
rpcServer.Register("Filecoin", metrics.MetricedWalletAPI(w))
|
rpcServer.Register("Filecoin", rpcApi)
|
||||||
|
|
||||||
mux.Handle("/rpc/v0", rpcServer)
|
mux.Handle("/rpc/v0", rpcServer)
|
||||||
mux.PathPrefix("/").Handler(http.DefaultServeMux) // pprof
|
mux.PathPrefix("/").Handler(http.DefaultServeMux) // pprof
|
||||||
|
|
||||||
var handler http.Handler = mux
|
var handler http.Handler = mux
|
||||||
|
|
||||||
if cctx.Bool("disable-auth") {
|
if !cctx.Bool("disable-auth") {
|
||||||
log.Info("API auth enabled, use 'lotus wallet get-api-key' to get API key")
|
|
||||||
authKey, err := modules.APISecret(ks, lr)
|
authKey, err := modules.APISecret(ks, lr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return xerrors.Errorf("setting up api secret: %w", err)
|
return xerrors.Errorf("setting up api secret: %w", err)
|
||||||
@ -216,6 +220,7 @@ var runCmd = &cli.Command{
|
|||||||
return payload.Allow, nil
|
return payload.Allow, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Info("API auth enabled, use 'lotus-wallet get-api-key' to get API key")
|
||||||
handler = &auth.Handler{
|
handler = &auth.Handler{
|
||||||
Verify: authVerify,
|
Verify: authVerify,
|
||||||
Next: mux.ServeHTTP,
|
Next: mux.ServeHTTP,
|
||||||
@ -248,7 +253,7 @@ var runCmd = &cli.Command{
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
func openRepo(cctx *cli.Context) (repo.LockedRepo, types.KeyStore ,error) {
|
func openRepo(cctx *cli.Context) (repo.LockedRepo, types.KeyStore, error) {
|
||||||
repoPath := cctx.String(FlagWalletRepo)
|
repoPath := cctx.String(FlagWalletRepo)
|
||||||
r, err := repo.NewFS(repoPath)
|
r, err := repo.NewFS(repoPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user