src/httprpc.cpp

   1 #include "httprpc.h"
   2
   3 #include "chainparams.h"
   4 #include "httpserver.h"
   5 #include "key_io.h"
   6 #include "rpc/protocol.h"
   7 #include "rpc/server.h"
   8 #include "random.h"
   9 #include "sync.h"
  10 #include "util.h"
  11 #include "utilstrencodings.h"
  12 #include "ui_interface.h"
  13
  14 #include <boost/algorithm/string.hpp> // boost::trim
  15
  16 // WWW-Authenticate to present with 401 Unauthorized response
  17 static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
  18
  19 /** Simple one-shot callback timer to be used by the RPC mechanism to e.g.
  20  * re-lock the wallet.
  21  */
  22 class HTTPRPCTimer : public RPCTimerBase
  23 {
  24 public:
  25     HTTPRPCTimer(struct event_base* eventBase, boost::function<void(void)>& func, int64_t millis) :
  26         ev(eventBase, false, func)
  27     {
  28         struct timeval tv;
  29         tv.tv_sec = millis/1000;
  30         tv.tv_usec = (millis%1000)*1000;
  31         ev.trigger(&tv);
  32     }
  33 private:
  34     HTTPEvent ev;
  35 };
  36
  37 class HTTPRPCTimerInterface : public RPCTimerInterface
  38 {
  39 public:
  40     HTTPRPCTimerInterface(struct event_base* base) : base(base)
  41     {
  42     }
  43     const char* Name()
  44     {
  45         return "HTTP";
  46     }
  47     RPCTimerBase* NewTimer(boost::function<void(void)>& func, int64_t millis)
  48     {
  49         return new HTTPRPCTimer(base, func, millis);
  50     }
  51 private:
  52     struct event_base* base;
  53 };
  54
  55
  56 /* Pre-base64-encoded authentication token */
  57 static std::string strRPCUserColonPass;
  58 /* Stored RPC timer interface (for unregistration) */
  59 static HTTPRPCTimerInterface* httpRPCTimerInterface = 0;
  60
  61 static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const UniValue& id)
  62 {
  63     // Send error reply from json-rpc error object
  64     int nStatus = HTTP_INTERNAL_SERVER_ERROR;
  65     int code = find_value(objError, "code").get_int();
  66
  67     if (code == RPC_INVALID_REQUEST)
  68         nStatus = HTTP_BAD_REQUEST;
  69     else if (code == RPC_METHOD_NOT_FOUND)
  70         nStatus = HTTP_NOT_FOUND;
  71
  72     std::string strReply = JSONRPCReply(NullUniValue, objError, id);
  73
  74     req->WriteHeader("Content-Type", "application/json");
  75     req->WriteReply(nStatus, strReply);
  76 }
  77
  78 static bool RPCAuthorized(const std::string& strAuth)
  79 {
  80     if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
  81         return false;
  82     if (strAuth.substr(0, 6) != "Basic ")
  83         return false;
  84     std::string strUserPass64 = strAuth.substr(6);
  85     boost::trim(strUserPass64);
  86     std::string strUserPass = DecodeBase64(strUserPass64);
  87     return TimingResistantEqual(strUserPass, strRPCUserColonPass);
  88 }
  89
  90 static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
  91 {
  92     // JSONRPC handles only POST
  93     if (req->GetRequestMethod() != HTTPRequest::POST) {
  94         req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests");
  95         return false;
  96     }
  97     // Check authorization
  98     std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
  99     if (!authHeader.first) {
 100         req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
 101         req->WriteReply(HTTP_UNAUTHORIZED);
 102         return false;
 103     }
 104
 105     if (!RPCAuthorized(authHeader.second)) {
 106         LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
 107
 108         /* Deter brute-forcing
 109            If this results in a DoS the user really
 110            shouldn't have their RPC port exposed. */
 111         MilliSleep(250);
 112
 113         req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
 114         req->WriteReply(HTTP_UNAUTHORIZED);
 115         return false;
 116     }
 117
 118     JSONRequest jreq;
 119     try {
 120         // Parse request
 121         UniValue valRequest;
 122         if (!valRequest.read(req->ReadBody()))
 123             throw JSONRPCError(RPC_PARSE_ERROR, "Parse error");
 124
 125         std::string strReply;
 126         // singleton request
 127         if (valRequest.isObject()) {
 128             jreq.parse(valRequest);
 129
 130             if (!RPCAuthorized(authHeader.second)) {
 131                 LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
 132                 MilliSleep(250);
 133
 134                 req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
 135                 req->WriteReply(HTTP_UNAUTHORIZED);
 136                 return false;
 137             }
 138
 139             UniValue result = tableRPC.execute(jreq.strMethod, jreq.params);
 140
 141             // Send reply
 142             strReply = JSONRPCReply(result, NullUniValue, jreq.id);
 143
 144         // array of requests
 145         } else if (valRequest.isArray())
 146             strReply = JSONRPCExecBatch(valRequest.get_array());
 147         else
 148             throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error");
 149
 150         req->WriteHeader("Content-Type", "application/json");
 151         req->WriteReply(HTTP_OK, strReply);
 152     } catch (const UniValue& objError) {
 153         JSONErrorReply(req, objError, jreq.id);
 154         return false;
 155     } catch (const std::exception& e) {
 156         JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id);
 157         return false;
 158     }
 159     return true;
 160 }
 161
 162 static bool InitRPCAuthentication()
 163 {
 164     if (mapArgs["-rpcpassword"] == "")
 165     {
 166         LogPrintf("No rpcpassword set - using random cookie authentication\n");
 167         if (!GenerateAuthCookie(&strRPCUserColonPass)) {
 168             uiInterface.ThreadSafeMessageBox(
 169                 _("Error: A fatal internal error occurred, see debug.log for details"), // Same message as AbortNode
 170                 "", CClientUIInterface::MSG_ERROR);
 171             return false;
 172         }
 173     } else {
 174         strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
 175     }
 176     return true;
 177 }
 178
 179 bool StartHTTPRPC()
 180 {
 181     LogPrint("rpc", "Starting HTTP RPC server\n");
 182     if (!InitRPCAuthentication())
 183         return false;
 184
 185     RegisterHTTPHandler("/", true, HTTPReq_JSONRPC);
 186
 187     assert(EventBase());
 188     httpRPCTimerInterface = new HTTPRPCTimerInterface(EventBase());
 189     RPCRegisterTimerInterface(httpRPCTimerInterface);
 190     return true;
 191 }
 192
 193 void InterruptHTTPRPC()
 194 {
 195     LogPrint("rpc", "Interrupting HTTP RPC server\n");
 196 }
 197
 198 void StopHTTPRPC()
 199 {
 200     LogPrint("rpc", "Stopping HTTP RPC server\n");
 201     UnregisterHTTPHandler("/", true);
 202     if (httpRPCTimerInterface) {
 203         RPCUnregisterTimerInterface(httpRPCTimerInterface);
 204         delete httpRPCTimerInterface;
 205         httpRPCTimerInterface = 0;
 206     }
 207 }