lotus-wallet: Support permissioned api

api/api_wallet.go

@@ -35,13 +35,13 @@ type MsgMeta struct {
 }
 
 type Wallet interface {
-	WalletNew(context.Context, types.KeyType) (address.Address, error)
-	WalletHas(context.Context, address.Address) (bool, error)
-	WalletList(context.Context) ([]address.Address, error)
+	WalletNew(context.Context, types.KeyType) (address.Address, error) //perm:admin
+	WalletHas(context.Context, address.Address) (bool, error)          //perm:admin
+	WalletList(context.Context) ([]address.Address, error)             //perm:admin
 
-	WalletSign(ctx context.Context, signer address.Address, toSign []byte, meta MsgMeta) (*crypto.Signature, error)
+	WalletSign(ctx context.Context, signer address.Address, toSign []byte, meta MsgMeta) (*crypto.Signature, error) //perm:admin
 
-	WalletExport(context.Context, address.Address) (*types.KeyInfo, error)
-	WalletImport(context.Context, *types.KeyInfo) (address.Address, error)
-	WalletDelete(context.Context, address.Address) error
+	WalletExport(context.Context, address.Address) (*types.KeyInfo, error) //perm:admin
+	WalletImport(context.Context, *types.KeyInfo) (address.Address, error) //perm:admin
+	WalletDelete(context.Context, address.Address) error                   //perm:admin
 }

api/proxy_gen.go

@@ -731,19 +731,19 @@ type StorageMinerStub struct {
 
 type WalletStruct struct {
 	Internal struct {
-		WalletDelete func(p0 context.Context, p1 address.Address) error ``
+		WalletDelete func(p0 context.Context, p1 address.Address) error `perm:"admin"`
 
-		WalletExport func(p0 context.Context, p1 address.Address) (*types.KeyInfo, error) ``
+		WalletExport func(p0 context.Context, p1 address.Address) (*types.KeyInfo, error) `perm:"admin"`
 
-		WalletHas func(p0 context.Context, p1 address.Address) (bool, error) ``
+		WalletHas func(p0 context.Context, p1 address.Address) (bool, error) `perm:"admin"`
 
-		WalletImport func(p0 context.Context, p1 *types.KeyInfo) (address.Address, error) ``
+		WalletImport func(p0 context.Context, p1 *types.KeyInfo) (address.Address, error) `perm:"admin"`
 
-		WalletList func(p0 context.Context) ([]address.Address, error) ``
+		WalletList func(p0 context.Context) ([]address.Address, error) `perm:"admin"`
 
-		WalletNew func(p0 context.Context, p1 types.KeyType) (address.Address, error) ``
+		WalletNew func(p0 context.Context, p1 types.KeyType) (address.Address, error) `perm:"admin"`
 
-		WalletSign func(p0 context.Context, p1 address.Address, p2 []byte, p3 MsgMeta) (*crypto.Signature, error) ``
+		WalletSign func(p0 context.Context, p1 address.Address, p2 []byte, p3 MsgMeta) (*crypto.Signature, error) `perm:"admin"`
 	}
 }
 

cmd/lotus-wallet/main.go

@@ -192,16 +192,20 @@ var runCmd = &cli.Command{
 			w = &LoggedWallet{under: w}
 		}
 
+		rpcApi := metrics.MetricedWalletAPI(w)
+		if !cctx.Bool("disable-auth") {
+			rpcApi = api.PermissionedWalletAPI(rpcApi)
+		}
+
 		rpcServer := jsonrpc.NewServer()
-		rpcServer.Register("Filecoin", metrics.MetricedWalletAPI(w))
+		rpcServer.Register("Filecoin", rpcApi)
 
 		mux.Handle("/rpc/v0", rpcServer)
 		mux.PathPrefix("/").Handler(http.DefaultServeMux) // pprof
 
 		var handler http.Handler = mux
 
-		if cctx.Bool("disable-auth") {
-			log.Info("API auth enabled, use 'lotus wallet get-api-key' to get API key")
+		if !cctx.Bool("disable-auth") {
 			authKey, err := modules.APISecret(ks, lr)
 			if err != nil {
 				return xerrors.Errorf("setting up api secret: %w", err)
@@ -216,6 +220,7 @@ var runCmd = &cli.Command{
 				return payload.Allow, nil
 			}
 
+			log.Info("API auth enabled, use 'lotus-wallet get-api-key' to get API key")
 			handler = &auth.Handler{
 				Verify: authVerify,
 				Next:   mux.ServeHTTP,