X-Git-Url: https://repo.jachan.dev/VerusCoin.git/blobdiff_plain/d1f9f6070a9732ba6171a55040ebfbc21357c267..1236e3c686ba98d5e58bc9b8ec6d24fdbc861bac:/src/httprpc.cpp

diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 98ac750bb..e8dca1c6f 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -1,10 +1,10 @@
 #include "httprpc.h"
 
-#include "base58.h"
 #include "chainparams.h"
 #include "httpserver.h"
-#include "rpcprotocol.h"
-#include "rpcserver.h"
+#include "key_io.h"
+#include "rpc/protocol.h"
+#include "rpc/server.h"
 #include "random.h"
 #include "sync.h"
 #include "util.h"
@@ -13,8 +13,11 @@
 
 #include <boost/algorithm/string.hpp> // boost::trim
 
+// WWW-Authenticate to present with 401 Unauthorized response
+static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+
 /** Simple one-shot callback timer to be used by the RPC mechanism to e.g.
- * re-lock the wellet.
+ * re-lock the wallet.
  */
 class HTTPRPCTimer : public RPCTimerBase
 {
@@ -94,6 +97,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
     // Check authorization
     std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
     if (!authHeader.first) {
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
         req->WriteReply(HTTP_UNAUTHORIZED);
         return false;
     }
@@ -106,6 +110,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
            shouldn't have their RPC port exposed. */
         MilliSleep(250);
 
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
         req->WriteReply(HTTP_UNAUTHORIZED);
         return false;
     }
@@ -121,6 +126,21 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
         // singleton request
         if (valRequest.isObject()) {
             jreq.parse(valRequest);
+            
+            if (!RPCAuthorized(authHeader.second)) {
+                LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
+                MilliSleep(250);
+                
+                req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
+                req->WriteReply(HTTP_UNAUTHORIZED);
+                return false;
+            }
+
+            extern bool printoutAPI;
+            if (printoutAPI ==  true)
+            {
+                printf("%s %s\n", jreq.strMethod.c_str(), jreq.params.write().c_str());
+            }
 
             UniValue result = tableRPC.execute(jreq.strMethod, jreq.params);