5733c71c50
We were ignoring quite a few error cases, and had one case where we weren't actually updating state where we wanted to. Unfortunately, if the linter doesn't pass, nobody has any reason to actually check lint failures in CI. There are three remaining XXXs marked in the code for lint.
103 lines
2.6 KiB
Go
103 lines
2.6 KiB
Go
package modules
|
|
|
|
import (
|
|
"context"
|
|
"crypto/rand"
|
|
"errors"
|
|
"io"
|
|
"io/ioutil"
|
|
"path/filepath"
|
|
|
|
"github.com/gbrlsnchs/jwt/v3"
|
|
logging "github.com/ipfs/go-log/v2"
|
|
"github.com/libp2p/go-libp2p-core/peerstore"
|
|
record "github.com/libp2p/go-libp2p-record"
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/filecoin-project/go-jsonrpc/auth"
|
|
|
|
"github.com/filecoin-project/lotus/api/apistruct"
|
|
"github.com/filecoin-project/lotus/build"
|
|
"github.com/filecoin-project/lotus/chain/types"
|
|
"github.com/filecoin-project/lotus/journal"
|
|
"github.com/filecoin-project/lotus/lib/addrutil"
|
|
"github.com/filecoin-project/lotus/node/modules/dtypes"
|
|
"github.com/filecoin-project/lotus/node/repo"
|
|
)
|
|
|
|
var log = logging.Logger("modules")
|
|
|
|
type Genesis func() (*types.BlockHeader, error)
|
|
|
|
// RecordValidator provides namesys compatible routing record validator
|
|
func RecordValidator(ps peerstore.Peerstore) record.Validator {
|
|
return record.NamespacedValidator{
|
|
"pk": record.PublicKeyValidator{},
|
|
}
|
|
}
|
|
|
|
const JWTSecretName = "auth-jwt-private" //nolint:gosec
|
|
const KTJwtHmacSecret = "jwt-hmac-secret" //nolint:gosec
|
|
|
|
type JwtPayload struct {
|
|
Allow []auth.Permission
|
|
}
|
|
|
|
func APISecret(keystore types.KeyStore, lr repo.LockedRepo) (*dtypes.APIAlg, error) {
|
|
key, err := keystore.Get(JWTSecretName)
|
|
|
|
if errors.Is(err, types.ErrKeyInfoNotFound) {
|
|
log.Warn("Generating new API secret")
|
|
|
|
sk, err := ioutil.ReadAll(io.LimitReader(rand.Reader, 32))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
key = types.KeyInfo{
|
|
Type: KTJwtHmacSecret,
|
|
PrivateKey: sk,
|
|
}
|
|
|
|
if err := keystore.Put(JWTSecretName, key); err != nil {
|
|
return nil, xerrors.Errorf("writing API secret: %w", err)
|
|
}
|
|
|
|
// TODO: make this configurable
|
|
p := JwtPayload{
|
|
Allow: apistruct.AllPermissions,
|
|
}
|
|
|
|
cliToken, err := jwt.Sign(&p, jwt.NewHS256(key.PrivateKey))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := lr.SetAPIToken(cliToken); err != nil {
|
|
return nil, err
|
|
}
|
|
} else if err != nil {
|
|
return nil, xerrors.Errorf("could not get JWT Token: %w", err)
|
|
}
|
|
|
|
return (*dtypes.APIAlg)(jwt.NewHS256(key.PrivateKey)), nil
|
|
}
|
|
|
|
func ConfigBootstrap(peers []string) func() (dtypes.BootstrapPeers, error) {
|
|
return func() (dtypes.BootstrapPeers, error) {
|
|
return addrutil.ParseAddresses(context.TODO(), peers)
|
|
}
|
|
}
|
|
|
|
func BuiltinBootstrap() (dtypes.BootstrapPeers, error) {
|
|
return build.BuiltinBootstrap()
|
|
}
|
|
|
|
func DrandBootstrap(d dtypes.DrandConfig) (dtypes.DrandBootstrap, error) {
|
|
return addrutil.ParseAddresses(context.TODO(), d.Relays)
|
|
}
|
|
|
|
func SetupJournal(lr repo.LockedRepo) error {
|
|
return journal.InitializeSystemJournal(filepath.Join(lr.Path(), "journal"))
|
|
}
|