github.com/benorgera/go-ethereum@v1.10.18-0.20220401011646-b3f57b1a73ba/node/config.go (about) 1 // Copyright 2014 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package node 18 19 import ( 20 "crypto/ecdsa" 21 "fmt" 22 "io/ioutil" 23 "os" 24 "path/filepath" 25 "runtime" 26 "strings" 27 "sync" 28 29 "github.com/ethereum/go-ethereum/common" 30 "github.com/ethereum/go-ethereum/crypto" 31 "github.com/ethereum/go-ethereum/log" 32 "github.com/ethereum/go-ethereum/p2p" 33 "github.com/ethereum/go-ethereum/p2p/enode" 34 "github.com/ethereum/go-ethereum/rpc" 35 ) 36 37 const ( 38 datadirPrivateKey = "nodekey" // Path within the datadir to the node's private key 39 datadirJWTKey = "jwtsecret" // Path within the datadir to the node's jwt secret 40 datadirDefaultKeyStore = "keystore" // Path within the datadir to the keystore 41 datadirStaticNodes = "static-nodes.json" // Path within the datadir to the static node list 42 datadirTrustedNodes = "trusted-nodes.json" // Path within the datadir to the trusted node list 43 datadirNodeDatabase = "nodes" // Path within the datadir to store the node infos 44 ) 45 46 // Config represents a small collection of configuration values to fine tune the 47 // P2P network layer of a protocol stack. These values can be further extended by 48 // all registered services. 49 type Config struct { 50 // Name sets the instance name of the node. It must not contain the / character and is 51 // used in the devp2p node identifier. The instance name of geth is "geth". If no 52 // value is specified, the basename of the current executable is used. 53 Name string `toml:"-"` 54 55 // UserIdent, if set, is used as an additional component in the devp2p node identifier. 56 UserIdent string `toml:",omitempty"` 57 58 // Version should be set to the version number of the program. It is used 59 // in the devp2p node identifier. 60 Version string `toml:"-"` 61 62 // DataDir is the file system folder the node should use for any data storage 63 // requirements. The configured data directory will not be directly shared with 64 // registered services, instead those can use utility methods to create/access 65 // databases or flat files. This enables ephemeral nodes which can fully reside 66 // in memory. 67 DataDir string 68 69 // Configuration of peer-to-peer networking. 70 P2P p2p.Config 71 72 // KeyStoreDir is the file system folder that contains private keys. The directory can 73 // be specified as a relative path, in which case it is resolved relative to the 74 // current directory. 75 // 76 // If KeyStoreDir is empty, the default location is the "keystore" subdirectory of 77 // DataDir. If DataDir is unspecified and KeyStoreDir is empty, an ephemeral directory 78 // is created by New and destroyed when the node is stopped. 79 KeyStoreDir string `toml:",omitempty"` 80 81 // ExternalSigner specifies an external URI for a clef-type signer 82 ExternalSigner string `toml:",omitempty"` 83 84 // UseLightweightKDF lowers the memory and CPU requirements of the key store 85 // scrypt KDF at the expense of security. 86 UseLightweightKDF bool `toml:",omitempty"` 87 88 // InsecureUnlockAllowed allows user to unlock accounts in unsafe http environment. 89 InsecureUnlockAllowed bool `toml:",omitempty"` 90 91 // NoUSB disables hardware wallet monitoring and connectivity. 92 // Deprecated: USB monitoring is disabled by default and must be enabled explicitly. 93 NoUSB bool `toml:",omitempty"` 94 95 // USB enables hardware wallet monitoring and connectivity. 96 USB bool `toml:",omitempty"` 97 98 // SmartCardDaemonPath is the path to the smartcard daemon's socket 99 SmartCardDaemonPath string `toml:",omitempty"` 100 101 // IPCPath is the requested location to place the IPC endpoint. If the path is 102 // a simple file name, it is placed inside the data directory (or on the root 103 // pipe path on Windows), whereas if it's a resolvable path name (absolute or 104 // relative), then that specific path is enforced. An empty path disables IPC. 105 IPCPath string 106 107 // HTTPHost is the host interface on which to start the HTTP RPC server. If this 108 // field is empty, no HTTP API endpoint will be started. 109 HTTPHost string 110 111 // HTTPPort is the TCP port number on which to start the HTTP RPC server. The 112 // default zero value is/ valid and will pick a port number randomly (useful 113 // for ephemeral nodes). 114 HTTPPort int `toml:",omitempty"` 115 116 // HTTPCors is the Cross-Origin Resource Sharing header to send to requesting 117 // clients. Please be aware that CORS is a browser enforced security, it's fully 118 // useless for custom HTTP clients. 119 HTTPCors []string `toml:",omitempty"` 120 121 // HTTPVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. 122 // This is by default {'localhost'}. Using this prevents attacks like 123 // DNS rebinding, which bypasses SOP by simply masquerading as being within the same 124 // origin. These attacks do not utilize CORS, since they are not cross-domain. 125 // By explicitly checking the Host-header, the server will not allow requests 126 // made against the server with a malicious host domain. 127 // Requests using ip address directly are not affected 128 HTTPVirtualHosts []string `toml:",omitempty"` 129 130 // HTTPModules is a list of API modules to expose via the HTTP RPC interface. 131 // If the module list is empty, all RPC API endpoints designated public will be 132 // exposed. 133 HTTPModules []string 134 135 // HTTPTimeouts allows for customization of the timeout values used by the HTTP RPC 136 // interface. 137 HTTPTimeouts rpc.HTTPTimeouts 138 139 // HTTPPathPrefix specifies a path prefix on which http-rpc is to be served. 140 HTTPPathPrefix string `toml:",omitempty"` 141 142 // AuthAddr is the listening address on which authenticated APIs are provided. 143 AuthAddr string `toml:",omitempty"` 144 145 // AuthPort is the port number on which authenticated APIs are provided. 146 AuthPort int `toml:",omitempty"` 147 148 // AuthVirtualHosts is the list of virtual hostnames which are allowed on incoming requests 149 // for the authenticated api. This is by default {'localhost'}. 150 AuthVirtualHosts []string `toml:",omitempty"` 151 152 // WSHost is the host interface on which to start the websocket RPC server. If 153 // this field is empty, no websocket API endpoint will be started. 154 WSHost string 155 156 // WSPort is the TCP port number on which to start the websocket RPC server. The 157 // default zero value is/ valid and will pick a port number randomly (useful for 158 // ephemeral nodes). 159 WSPort int `toml:",omitempty"` 160 161 // WSPathPrefix specifies a path prefix on which ws-rpc is to be served. 162 WSPathPrefix string `toml:",omitempty"` 163 164 // WSOrigins is the list of domain to accept websocket requests from. Please be 165 // aware that the server can only act upon the HTTP request the client sends and 166 // cannot verify the validity of the request header. 167 WSOrigins []string `toml:",omitempty"` 168 169 // WSModules is a list of API modules to expose via the websocket RPC interface. 170 // If the module list is empty, all RPC API endpoints designated public will be 171 // exposed. 172 WSModules []string 173 174 // WSExposeAll exposes all API modules via the WebSocket RPC interface rather 175 // than just the public ones. 176 // 177 // *WARNING* Only set this if the node is running in a trusted network, exposing 178 // private APIs to untrusted users is a major security risk. 179 WSExposeAll bool `toml:",omitempty"` 180 181 // GraphQLCors is the Cross-Origin Resource Sharing header to send to requesting 182 // clients. Please be aware that CORS is a browser enforced security, it's fully 183 // useless for custom HTTP clients. 184 GraphQLCors []string `toml:",omitempty"` 185 186 // GraphQLVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. 187 // This is by default {'localhost'}. Using this prevents attacks like 188 // DNS rebinding, which bypasses SOP by simply masquerading as being within the same 189 // origin. These attacks do not utilize CORS, since they are not cross-domain. 190 // By explicitly checking the Host-header, the server will not allow requests 191 // made against the server with a malicious host domain. 192 // Requests using ip address directly are not affected 193 GraphQLVirtualHosts []string `toml:",omitempty"` 194 195 // Logger is a custom logger to use with the p2p.Server. 196 Logger log.Logger `toml:",omitempty"` 197 198 staticNodesWarning bool 199 trustedNodesWarning bool 200 oldGethResourceWarning bool 201 202 // AllowUnprotectedTxs allows non EIP-155 protected transactions to be send over RPC. 203 AllowUnprotectedTxs bool `toml:",omitempty"` 204 205 // JWTSecret is the hex-encoded jwt secret. 206 JWTSecret string `toml:",omitempty"` 207 } 208 209 // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into 210 // account the set data folders as well as the designated platform we're currently 211 // running on. 212 func (c *Config) IPCEndpoint() string { 213 // Short circuit if IPC has not been enabled 214 if c.IPCPath == "" { 215 return "" 216 } 217 // On windows we can only use plain top-level pipes 218 if runtime.GOOS == "windows" { 219 if strings.HasPrefix(c.IPCPath, `\\.\pipe\`) { 220 return c.IPCPath 221 } 222 return `\\.\pipe\` + c.IPCPath 223 } 224 // Resolve names into the data directory full paths otherwise 225 if filepath.Base(c.IPCPath) == c.IPCPath { 226 if c.DataDir == "" { 227 return filepath.Join(os.TempDir(), c.IPCPath) 228 } 229 return filepath.Join(c.DataDir, c.IPCPath) 230 } 231 return c.IPCPath 232 } 233 234 // NodeDB returns the path to the discovery node database. 235 func (c *Config) NodeDB() string { 236 if c.DataDir == "" { 237 return "" // ephemeral 238 } 239 return c.ResolvePath(datadirNodeDatabase) 240 } 241 242 // DefaultIPCEndpoint returns the IPC path used by default. 243 func DefaultIPCEndpoint(clientIdentifier string) string { 244 if clientIdentifier == "" { 245 clientIdentifier = strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") 246 if clientIdentifier == "" { 247 panic("empty executable name") 248 } 249 } 250 config := &Config{DataDir: DefaultDataDir(), IPCPath: clientIdentifier + ".ipc"} 251 return config.IPCEndpoint() 252 } 253 254 // HTTPEndpoint resolves an HTTP endpoint based on the configured host interface 255 // and port parameters. 256 func (c *Config) HTTPEndpoint() string { 257 if c.HTTPHost == "" { 258 return "" 259 } 260 return fmt.Sprintf("%s:%d", c.HTTPHost, c.HTTPPort) 261 } 262 263 // DefaultHTTPEndpoint returns the HTTP endpoint used by default. 264 func DefaultHTTPEndpoint() string { 265 config := &Config{HTTPHost: DefaultHTTPHost, HTTPPort: DefaultHTTPPort, AuthPort: DefaultAuthPort} 266 return config.HTTPEndpoint() 267 } 268 269 // WSEndpoint resolves a websocket endpoint based on the configured host interface 270 // and port parameters. 271 func (c *Config) WSEndpoint() string { 272 if c.WSHost == "" { 273 return "" 274 } 275 return fmt.Sprintf("%s:%d", c.WSHost, c.WSPort) 276 } 277 278 // DefaultWSEndpoint returns the websocket endpoint used by default. 279 func DefaultWSEndpoint() string { 280 config := &Config{WSHost: DefaultWSHost, WSPort: DefaultWSPort} 281 return config.WSEndpoint() 282 } 283 284 // ExtRPCEnabled returns the indicator whether node enables the external 285 // RPC(http, ws or graphql). 286 func (c *Config) ExtRPCEnabled() bool { 287 return c.HTTPHost != "" || c.WSHost != "" 288 } 289 290 // NodeName returns the devp2p node identifier. 291 func (c *Config) NodeName() string { 292 name := c.name() 293 // Backwards compatibility: previous versions used title-cased "Geth", keep that. 294 if name == "geth" || name == "geth-testnet" { 295 name = "Geth" 296 } 297 if c.UserIdent != "" { 298 name += "/" + c.UserIdent 299 } 300 if c.Version != "" { 301 name += "/v" + c.Version 302 } 303 name += "/" + runtime.GOOS + "-" + runtime.GOARCH 304 name += "/" + runtime.Version() 305 return name 306 } 307 308 func (c *Config) name() string { 309 if c.Name == "" { 310 progname := strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") 311 if progname == "" { 312 panic("empty executable name, set Config.Name") 313 } 314 return progname 315 } 316 return c.Name 317 } 318 319 // These resources are resolved differently for "geth" instances. 320 var isOldGethResource = map[string]bool{ 321 "chaindata": true, 322 "nodes": true, 323 "nodekey": true, 324 "static-nodes.json": false, // no warning for these because they have their 325 "trusted-nodes.json": false, // own separate warning. 326 } 327 328 // ResolvePath resolves path in the instance directory. 329 func (c *Config) ResolvePath(path string) string { 330 if filepath.IsAbs(path) { 331 return path 332 } 333 if c.DataDir == "" { 334 return "" 335 } 336 // Backwards-compatibility: ensure that data directory files created 337 // by geth 1.4 are used if they exist. 338 if warn, isOld := isOldGethResource[path]; isOld { 339 oldpath := "" 340 if c.name() == "geth" { 341 oldpath = filepath.Join(c.DataDir, path) 342 } 343 if oldpath != "" && common.FileExist(oldpath) { 344 if warn { 345 c.warnOnce(&c.oldGethResourceWarning, "Using deprecated resource file %s, please move this file to the 'geth' subdirectory of datadir.", oldpath) 346 } 347 return oldpath 348 } 349 } 350 return filepath.Join(c.instanceDir(), path) 351 } 352 353 func (c *Config) instanceDir() string { 354 if c.DataDir == "" { 355 return "" 356 } 357 return filepath.Join(c.DataDir, c.name()) 358 } 359 360 // NodeKey retrieves the currently configured private key of the node, checking 361 // first any manually set key, falling back to the one found in the configured 362 // data folder. If no key can be found, a new one is generated. 363 func (c *Config) NodeKey() *ecdsa.PrivateKey { 364 // Use any specifically configured key. 365 if c.P2P.PrivateKey != nil { 366 return c.P2P.PrivateKey 367 } 368 // Generate ephemeral key if no datadir is being used. 369 if c.DataDir == "" { 370 key, err := crypto.GenerateKey() 371 if err != nil { 372 log.Crit(fmt.Sprintf("Failed to generate ephemeral node key: %v", err)) 373 } 374 return key 375 } 376 377 keyfile := c.ResolvePath(datadirPrivateKey) 378 if key, err := crypto.LoadECDSA(keyfile); err == nil { 379 return key 380 } 381 // No persistent key found, generate and store a new one. 382 key, err := crypto.GenerateKey() 383 if err != nil { 384 log.Crit(fmt.Sprintf("Failed to generate node key: %v", err)) 385 } 386 instanceDir := filepath.Join(c.DataDir, c.name()) 387 if err := os.MkdirAll(instanceDir, 0700); err != nil { 388 log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) 389 return key 390 } 391 keyfile = filepath.Join(instanceDir, datadirPrivateKey) 392 if err := crypto.SaveECDSA(keyfile, key); err != nil { 393 log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) 394 } 395 return key 396 } 397 398 // StaticNodes returns a list of node enode URLs configured as static nodes. 399 func (c *Config) StaticNodes() []*enode.Node { 400 return c.parsePersistentNodes(&c.staticNodesWarning, c.ResolvePath(datadirStaticNodes)) 401 } 402 403 // TrustedNodes returns a list of node enode URLs configured as trusted nodes. 404 func (c *Config) TrustedNodes() []*enode.Node { 405 return c.parsePersistentNodes(&c.trustedNodesWarning, c.ResolvePath(datadirTrustedNodes)) 406 } 407 408 // parsePersistentNodes parses a list of discovery node URLs loaded from a .json 409 // file from within the data directory. 410 func (c *Config) parsePersistentNodes(w *bool, path string) []*enode.Node { 411 // Short circuit if no node config is present 412 if c.DataDir == "" { 413 return nil 414 } 415 if _, err := os.Stat(path); err != nil { 416 return nil 417 } 418 c.warnOnce(w, "Found deprecated node list file %s, please use the TOML config file instead.", path) 419 420 // Load the nodes from the config file. 421 var nodelist []string 422 if err := common.LoadJSON(path, &nodelist); err != nil { 423 log.Error(fmt.Sprintf("Can't load node list file: %v", err)) 424 return nil 425 } 426 // Interpret the list as a discovery node array 427 var nodes []*enode.Node 428 for _, url := range nodelist { 429 if url == "" { 430 continue 431 } 432 node, err := enode.Parse(enode.ValidSchemes, url) 433 if err != nil { 434 log.Error(fmt.Sprintf("Node URL %s: %v\n", url, err)) 435 continue 436 } 437 nodes = append(nodes, node) 438 } 439 return nodes 440 } 441 442 // KeyDirConfig determines the settings for keydirectory 443 func (c *Config) KeyDirConfig() (string, error) { 444 var ( 445 keydir string 446 err error 447 ) 448 switch { 449 case filepath.IsAbs(c.KeyStoreDir): 450 keydir = c.KeyStoreDir 451 case c.DataDir != "": 452 if c.KeyStoreDir == "" { 453 keydir = filepath.Join(c.DataDir, datadirDefaultKeyStore) 454 } else { 455 keydir, err = filepath.Abs(c.KeyStoreDir) 456 } 457 case c.KeyStoreDir != "": 458 keydir, err = filepath.Abs(c.KeyStoreDir) 459 } 460 return keydir, err 461 } 462 463 // getKeyStoreDir retrieves the key directory and will create 464 // and ephemeral one if necessary. 465 func getKeyStoreDir(conf *Config) (string, bool, error) { 466 keydir, err := conf.KeyDirConfig() 467 if err != nil { 468 return "", false, err 469 } 470 isEphemeral := false 471 if keydir == "" { 472 // There is no datadir. 473 keydir, err = ioutil.TempDir("", "go-ethereum-keystore") 474 isEphemeral = true 475 } 476 477 if err != nil { 478 return "", false, err 479 } 480 if err := os.MkdirAll(keydir, 0700); err != nil { 481 return "", false, err 482 } 483 484 return keydir, isEphemeral, nil 485 } 486 487 var warnLock sync.Mutex 488 489 func (c *Config) warnOnce(w *bool, format string, args ...interface{}) { 490 warnLock.Lock() 491 defer warnLock.Unlock() 492 493 if *w { 494 return 495 } 496 l := c.Logger 497 if l == nil { 498 l = log.Root() 499 } 500 l.Warn(fmt.Sprintf(format, args...)) 501 *w = true 502 }