github.com/coltonfike/e2c@v21.1.0+incompatible/node/config.go (about) 1 // Copyright 2014 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package node 18 19 import ( 20 "crypto/ecdsa" 21 "fmt" 22 "io/ioutil" 23 "os" 24 "path/filepath" 25 "runtime" 26 "strings" 27 "sync" 28 29 "github.com/ethereum/go-ethereum/accounts" 30 "github.com/ethereum/go-ethereum/accounts/external" 31 "github.com/ethereum/go-ethereum/accounts/keystore" 32 "github.com/ethereum/go-ethereum/accounts/pluggable" 33 "github.com/ethereum/go-ethereum/accounts/scwallet" 34 "github.com/ethereum/go-ethereum/accounts/usbwallet" 35 "github.com/ethereum/go-ethereum/common" 36 "github.com/ethereum/go-ethereum/crypto" 37 "github.com/ethereum/go-ethereum/log" 38 "github.com/ethereum/go-ethereum/p2p" 39 "github.com/ethereum/go-ethereum/p2p/enode" 40 "github.com/ethereum/go-ethereum/params" 41 "github.com/ethereum/go-ethereum/plugin" 42 "github.com/ethereum/go-ethereum/rpc" 43 ) 44 45 const ( 46 datadirPrivateKey = "nodekey" // Path within the datadir to the node's private key 47 datadirDefaultKeyStore = "keystore" // Path within the datadir to the keystore 48 datadirStaticNodes = "static-nodes.json" // Path within the datadir to the static node list 49 datadirTrustedNodes = "trusted-nodes.json" // Path within the datadir to the trusted node list 50 datadirNodeDatabase = "nodes" // Path within the datadir to store the node infos 51 ) 52 53 // Config represents a small collection of configuration values to fine tune the 54 // P2P network layer of a protocol stack. These values can be further extended by 55 // all registered services. 56 type Config struct { 57 // Name sets the instance name of the node. It must not contain the / character and is 58 // used in the devp2p node identifier. The instance name of geth is "geth". If no 59 // value is specified, the basename of the current executable is used. 60 Name string `toml:"-"` 61 62 // UserIdent, if set, is used as an additional component in the devp2p node identifier. 63 UserIdent string `toml:",omitempty"` 64 65 // Version should be set to the version number of the program. It is used 66 // in the devp2p node identifier. 67 Version string `toml:"-"` 68 69 // DataDir is the file system folder the node should use for any data storage 70 // requirements. The configured data directory will not be directly shared with 71 // registered services, instead those can use utility methods to create/access 72 // databases or flat files. This enables ephemeral nodes which can fully reside 73 // in memory. 74 DataDir string 75 76 // Configuration of peer-to-peer networking. 77 P2P p2p.Config 78 79 // KeyStoreDir is the file system folder that contains private keys. The directory can 80 // be specified as a relative path, in which case it is resolved relative to the 81 // current directory. 82 // 83 // If KeyStoreDir is empty, the default location is the "keystore" subdirectory of 84 // DataDir. If DataDir is unspecified and KeyStoreDir is empty, an ephemeral directory 85 // is created by New and destroyed when the node is stopped. 86 KeyStoreDir string `toml:",omitempty"` 87 88 // ExternalSigner specifies an external URI for a clef-type signer 89 ExternalSigner string `toml:"omitempty"` 90 91 // UseLightweightKDF lowers the memory and CPU requirements of the key store 92 // scrypt KDF at the expense of security. 93 UseLightweightKDF bool `toml:",omitempty"` 94 95 // InsecureUnlockAllowed allows user to unlock accounts in unsafe http environment. 96 InsecureUnlockAllowed bool `toml:",omitempty"` 97 98 // NoUSB disables hardware wallet monitoring and connectivity. 99 NoUSB bool `toml:",omitempty"` 100 101 // SmartCardDaemonPath is the path to the smartcard daemon's socket 102 SmartCardDaemonPath string `toml:",omitempty"` 103 104 // IPCPath is the requested location to place the IPC endpoint. If the path is 105 // a simple file name, it is placed inside the data directory (or on the root 106 // pipe path on Windows), whereas if it's a resolvable path name (absolute or 107 // relative), then that specific path is enforced. An empty path disables IPC. 108 IPCPath string `toml:",omitempty"` 109 110 // HTTPHost is the host interface on which to start the HTTP RPC server. If this 111 // field is empty, no HTTP API endpoint will be started. 112 HTTPHost string `toml:",omitempty"` 113 114 // HTTPPort is the TCP port number on which to start the HTTP RPC server. The 115 // default zero value is/ valid and will pick a port number randomly (useful 116 // for ephemeral nodes). 117 HTTPPort int `toml:",omitempty"` 118 119 // HTTPCors is the Cross-Origin Resource Sharing header to send to requesting 120 // clients. Please be aware that CORS is a browser enforced security, it's fully 121 // useless for custom HTTP clients. 122 HTTPCors []string `toml:",omitempty"` 123 124 // HTTPVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. 125 // This is by default {'localhost'}. Using this prevents attacks like 126 // DNS rebinding, which bypasses SOP by simply masquerading as being within the same 127 // origin. These attacks do not utilize CORS, since they are not cross-domain. 128 // By explicitly checking the Host-header, the server will not allow requests 129 // made against the server with a malicious host domain. 130 // Requests using ip address directly are not affected 131 HTTPVirtualHosts []string `toml:",omitempty"` 132 133 // HTTPModules is a list of API modules to expose via the HTTP RPC interface. 134 // If the module list is empty, all RPC API endpoints designated public will be 135 // exposed. 136 HTTPModules []string `toml:",omitempty"` 137 138 // HTTPTimeouts allows for customization of the timeout values used by the HTTP RPC 139 // interface. 140 HTTPTimeouts rpc.HTTPTimeouts 141 142 // WSHost is the host interface on which to start the websocket RPC server. If 143 // this field is empty, no websocket API endpoint will be started. 144 WSHost string `toml:",omitempty"` 145 146 // WSPort is the TCP port number on which to start the websocket RPC server. The 147 // default zero value is/ valid and will pick a port number randomly (useful for 148 // ephemeral nodes). 149 WSPort int `toml:",omitempty"` 150 151 // WSOrigins is the list of domain to accept websocket requests from. Please be 152 // aware that the server can only act upon the HTTP request the client sends and 153 // cannot verify the validity of the request header. 154 WSOrigins []string `toml:",omitempty"` 155 156 // WSModules is a list of API modules to expose via the websocket RPC interface. 157 // If the module list is empty, all RPC API endpoints designated public will be 158 // exposed. 159 WSModules []string `toml:",omitempty"` 160 161 // WSExposeAll exposes all API modules via the WebSocket RPC interface rather 162 // than just the public ones. 163 // 164 // *WARNING* Only set this if the node is running in a trusted network, exposing 165 // private APIs to untrusted users is a major security risk. 166 WSExposeAll bool `toml:",omitempty"` 167 168 // GraphQLHost is the host interface on which to start the GraphQL server. If this 169 // field is empty, no GraphQL API endpoint will be started. 170 GraphQLHost string `toml:",omitempty"` 171 172 // GraphQLPort is the TCP port number on which to start the GraphQL server. The 173 // default zero value is/ valid and will pick a port number randomly (useful 174 // for ephemeral nodes). 175 GraphQLPort int `toml:",omitempty"` 176 177 // GraphQLCors is the Cross-Origin Resource Sharing header to send to requesting 178 // clients. Please be aware that CORS is a browser enforced security, it's fully 179 // useless for custom HTTP clients. 180 GraphQLCors []string `toml:",omitempty"` 181 182 // GraphQLVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. 183 // This is by default {'localhost'}. Using this prevents attacks like 184 // DNS rebinding, which bypasses SOP by simply masquerading as being within the same 185 // origin. These attacks do not utilize CORS, since they are not cross-domain. 186 // By explicitly checking the Host-header, the server will not allow requests 187 // made against the server with a malicious host domain. 188 // Requests using ip address directly are not affected 189 GraphQLVirtualHosts []string `toml:",omitempty"` 190 191 // Logger is a custom logger to use with the p2p.Server. 192 Logger log.Logger `toml:",omitempty"` 193 194 staticNodesWarning bool 195 trustedNodesWarning bool 196 oldGethResourceWarning bool 197 Plugins *plugin.Settings `toml:",omitempty"` 198 // Quorum: EnableNodePermission comes from EnableNodePermissionFlag --permissioned. 199 EnableNodePermission bool `toml:",omitempty"` 200 } 201 202 // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into 203 // account the set data folders as well as the designated platform we're currently 204 // running on. 205 func (c *Config) IPCEndpoint() string { 206 // Short circuit if IPC has not been enabled 207 if c.IPCPath == "" { 208 return "" 209 } 210 // On windows we can only use plain top-level pipes 211 if runtime.GOOS == "windows" { 212 if strings.HasPrefix(c.IPCPath, `\\.\pipe\`) { 213 return c.IPCPath 214 } 215 return `\\.\pipe\` + c.IPCPath 216 } 217 // Resolve names into the data directory full paths otherwise 218 if filepath.Base(c.IPCPath) == c.IPCPath { 219 if c.DataDir == "" { 220 return filepath.Join(os.TempDir(), c.IPCPath) 221 } 222 return filepath.Join(c.DataDir, c.IPCPath) 223 } 224 return c.IPCPath 225 } 226 227 // NodeDB returns the path to the discovery node database. 228 func (c *Config) NodeDB() string { 229 if c.DataDir == "" { 230 return "" // ephemeral 231 } 232 return c.ResolvePath(datadirNodeDatabase) 233 } 234 235 // DefaultIPCEndpoint returns the IPC path used by default. 236 func DefaultIPCEndpoint(clientIdentifier string) string { 237 if clientIdentifier == "" { 238 clientIdentifier = strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") 239 if clientIdentifier == "" { 240 panic("empty executable name") 241 } 242 } 243 config := &Config{DataDir: DefaultDataDir(), IPCPath: clientIdentifier + ".ipc"} 244 return config.IPCEndpoint() 245 } 246 247 // HTTPEndpoint resolves an HTTP endpoint based on the configured host interface 248 // and port parameters. 249 func (c *Config) HTTPEndpoint() string { 250 if c.HTTPHost == "" { 251 return "" 252 } 253 return fmt.Sprintf("%s:%d", c.HTTPHost, c.HTTPPort) 254 } 255 256 // GraphQLEndpoint resolves a GraphQL endpoint based on the configured host interface 257 // and port parameters. 258 func (c *Config) GraphQLEndpoint() string { 259 if c.GraphQLHost == "" { 260 return "" 261 } 262 return fmt.Sprintf("%s:%d", c.GraphQLHost, c.GraphQLPort) 263 } 264 265 // DefaultHTTPEndpoint returns the HTTP endpoint used by default. 266 func DefaultHTTPEndpoint() string { 267 config := &Config{HTTPHost: DefaultHTTPHost, HTTPPort: DefaultHTTPPort} 268 return config.HTTPEndpoint() 269 } 270 271 // WSEndpoint resolves a websocket endpoint based on the configured host interface 272 // and port parameters. 273 func (c *Config) WSEndpoint() string { 274 if c.WSHost == "" { 275 return "" 276 } 277 return fmt.Sprintf("%s:%d", c.WSHost, c.WSPort) 278 } 279 280 // DefaultWSEndpoint returns the websocket endpoint used by default. 281 func DefaultWSEndpoint() string { 282 config := &Config{WSHost: DefaultWSHost, WSPort: DefaultWSPort} 283 return config.WSEndpoint() 284 } 285 286 // ExtRPCEnabled returns the indicator whether node enables the external 287 // RPC(http, ws or graphql). 288 func (c *Config) ExtRPCEnabled() bool { 289 return c.HTTPHost != "" || c.WSHost != "" || c.GraphQLHost != "" 290 } 291 292 // NodeName returns the devp2p node identifier. 293 func (c *Config) NodeName() string { 294 name := c.name() 295 // Backwards compatibility: previous versions used title-cased "Geth", keep that. 296 if name == "geth" || name == "geth-testnet" { 297 name = "Geth" 298 } 299 if c.UserIdent != "" { 300 name += "/" + c.UserIdent 301 } 302 if c.Version != "" { 303 name += "/v" + c.Version 304 } 305 name += "/" + runtime.GOOS + "-" + runtime.GOARCH 306 name += "/" + runtime.Version() 307 return name 308 } 309 310 func (c *Config) name() string { 311 if c.Name == "" { 312 progname := strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") 313 if progname == "" { 314 panic("empty executable name, set Config.Name") 315 } 316 return progname 317 } 318 return c.Name 319 } 320 321 // These resources are resolved differently for "geth" instances. 322 var isOldGethResource = map[string]bool{ 323 "chaindata": true, 324 "nodes": true, 325 "nodekey": true, 326 "static-nodes.json": false, // no warning for these because they have their 327 "trusted-nodes.json": false, // own separate warning. 328 } 329 330 // ResolvePath resolves path in the instance directory. 331 func (c *Config) ResolvePath(path string) string { 332 if filepath.IsAbs(path) { 333 return path 334 } 335 if c.DataDir == "" { 336 return "" 337 } 338 // Backwards-compatibility: ensure that data directory files created 339 // by geth 1.4 are used if they exist. 340 if warn, isOld := isOldGethResource[path]; isOld { 341 oldpath := "" 342 if c.name() == "geth" { 343 oldpath = filepath.Join(c.DataDir, path) 344 } 345 if oldpath != "" && common.FileExist(oldpath) { 346 if warn { 347 c.warnOnce(&c.oldGethResourceWarning, "Using deprecated resource file %s, please move this file to the 'geth' subdirectory of datadir.", oldpath) 348 } 349 return oldpath 350 } 351 } 352 return filepath.Join(c.instanceDir(), path) 353 } 354 355 func (c *Config) instanceDir() string { 356 if c.DataDir == "" { 357 return "" 358 } 359 return filepath.Join(c.DataDir, c.name()) 360 } 361 362 // NodeKey retrieves the currently configured private key of the node, checking 363 // first any manually set key, falling back to the one found in the configured 364 // data folder. If no key can be found, a new one is generated. 365 func (c *Config) NodeKey() *ecdsa.PrivateKey { 366 // Use any specifically configured key. 367 if c.P2P.PrivateKey != nil { 368 return c.P2P.PrivateKey 369 } 370 // Generate ephemeral key if no datadir is being used. 371 if c.DataDir == "" { 372 key, err := crypto.GenerateKey() 373 if err != nil { 374 log.Crit(fmt.Sprintf("Failed to generate ephemeral node key: %v", err)) 375 } 376 return key 377 } 378 379 keyfile := c.ResolvePath(datadirPrivateKey) 380 if key, err := crypto.LoadECDSA(keyfile); err == nil { 381 return key 382 } 383 // No persistent key found, generate and store a new one. 384 key, err := crypto.GenerateKey() 385 if err != nil { 386 log.Crit(fmt.Sprintf("Failed to generate node key: %v", err)) 387 } 388 instanceDir := filepath.Join(c.DataDir, c.name()) 389 if err := os.MkdirAll(instanceDir, 0700); err != nil { 390 log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) 391 return key 392 } 393 keyfile = filepath.Join(instanceDir, datadirPrivateKey) 394 if err := crypto.SaveECDSA(keyfile, key); err != nil { 395 log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) 396 } 397 return key 398 } 399 400 // StaticNodes returns a list of node enode URLs configured as static nodes. 401 func (c *Config) StaticNodes() []*enode.Node { 402 return c.parsePersistentNodes(&c.staticNodesWarning, c.ResolvePath(datadirStaticNodes)) 403 } 404 405 // TrustedNodes returns a list of node enode URLs configured as trusted nodes. 406 func (c *Config) TrustedNodes() []*enode.Node { 407 return c.parsePersistentNodes(&c.trustedNodesWarning, c.ResolvePath(datadirTrustedNodes)) 408 } 409 410 // parsePersistentNodes parses a list of discovery node URLs loaded from a .json 411 // file from within the data directory. 412 func (c *Config) parsePersistentNodes(w *bool, path string) []*enode.Node { 413 // Short circuit if no node config is present 414 if c.DataDir == "" { 415 return nil 416 } 417 if _, err := os.Stat(path); err != nil { 418 return nil 419 } 420 c.warnOnce(w, "Found deprecated node list file %s, please use the TOML config file instead.", path) 421 422 // Load the nodes from the config file. 423 var nodelist []string 424 if err := common.LoadJSON(path, &nodelist); err != nil { 425 log.Error(fmt.Sprintf("Can't load node list file: %v", err)) 426 return nil 427 } 428 // Interpret the list as a discovery node array 429 var nodes []*enode.Node 430 for _, url := range nodelist { 431 if url == "" { 432 continue 433 } 434 node, err := enode.Parse(enode.ValidSchemes, url) 435 if err != nil { 436 log.Error(fmt.Sprintf("Node URL %s: %v\n", url, err)) 437 continue 438 } 439 nodes = append(nodes, node) 440 } 441 return nodes 442 } 443 444 // AccountConfig determines the settings for scrypt and keydirectory 445 func (c *Config) AccountConfig() (int, int, string, error) { 446 scryptN := keystore.StandardScryptN 447 scryptP := keystore.StandardScryptP 448 if c.UseLightweightKDF { 449 scryptN = keystore.LightScryptN 450 scryptP = keystore.LightScryptP 451 } 452 453 var ( 454 keydir string 455 err error 456 ) 457 switch { 458 case filepath.IsAbs(c.KeyStoreDir): 459 keydir = c.KeyStoreDir 460 case c.DataDir != "": 461 if c.KeyStoreDir == "" { 462 keydir = filepath.Join(c.DataDir, datadirDefaultKeyStore) 463 } else { 464 keydir, err = filepath.Abs(c.KeyStoreDir) 465 } 466 case c.KeyStoreDir != "": 467 keydir, err = filepath.Abs(c.KeyStoreDir) 468 } 469 return scryptN, scryptP, keydir, err 470 } 471 472 // Quorum 473 // 474 // Make sure plugin base dir exists 475 func (c *Config) ResolvePluginBaseDir() error { 476 if c.Plugins == nil { 477 return nil 478 } 479 baseDir := c.Plugins.BaseDir.String() 480 if baseDir == "" { 481 baseDir = filepath.Join(c.DataDir, "plugins") 482 } 483 if !common.FileExist(baseDir) { 484 if err := os.MkdirAll(baseDir, 0755); err != nil { 485 return err 486 } 487 } 488 absBaseDir, err := filepath.Abs(baseDir) 489 if err != nil { 490 return err 491 } 492 c.Plugins.BaseDir = plugin.EnvironmentAwaredValue(absBaseDir) 493 return nil 494 } 495 496 // check if smart-contract-based permissioning is enabled by reading `--permissioned` flag and checking permission config file 497 func (c *Config) IsPermissionEnabled() bool { 498 fullPath := filepath.Join(c.DataDir, params.PERMISSION_MODEL_CONFIG) 499 if _, err := os.Stat(fullPath); err != nil { 500 log.Warn(fmt.Sprintf("%s file is missing. Smart-contract-based permission service will be disabled", params.PERMISSION_MODEL_CONFIG), "error", err) 501 return false 502 } 503 return true 504 } 505 506 func makeAccountManager(conf *Config) (*accounts.Manager, string, error) { 507 scryptN, scryptP, keydir, err := conf.AccountConfig() 508 var ephemeral string 509 if keydir == "" { 510 // There is no datadir. 511 keydir, err = ioutil.TempDir("", "go-ethereum-keystore") 512 ephemeral = keydir 513 } 514 515 if err != nil { 516 return nil, "", err 517 } 518 if err := os.MkdirAll(keydir, 0700); err != nil { 519 return nil, "", err 520 } 521 // Assemble the account manager and supported backends 522 var backends []accounts.Backend 523 if len(conf.ExternalSigner) > 0 { 524 log.Info("Using external signer", "url", conf.ExternalSigner) 525 if extapi, err := external.NewExternalBackend(conf.ExternalSigner); err == nil { 526 backends = append(backends, extapi) 527 } else { 528 return nil, "", fmt.Errorf("error connecting to external signer: %v", err) 529 } 530 } 531 if len(backends) == 0 { 532 // For now, we're using EITHER external signer OR local signers. 533 // If/when we implement some form of lockfile for USB and keystore wallets, 534 // we can have both, but it's very confusing for the user to see the same 535 // accounts in both externally and locally, plus very racey. 536 backends = append(backends, keystore.NewKeyStore(keydir, scryptN, scryptP)) 537 if !conf.NoUSB { 538 // Start a USB hub for Ledger hardware wallets 539 if ledgerhub, err := usbwallet.NewLedgerHub(); err != nil { 540 log.Warn(fmt.Sprintf("Failed to start Ledger hub, disabling: %v", err)) 541 } else { 542 backends = append(backends, ledgerhub) 543 } 544 // Start a USB hub for Trezor hardware wallets (HID version) 545 if trezorhub, err := usbwallet.NewTrezorHubWithHID(); err != nil { 546 log.Warn(fmt.Sprintf("Failed to start HID Trezor hub, disabling: %v", err)) 547 } else { 548 backends = append(backends, trezorhub) 549 } 550 // Start a USB hub for Trezor hardware wallets (WebUSB version) 551 if trezorhub, err := usbwallet.NewTrezorHubWithWebUSB(); err != nil { 552 log.Warn(fmt.Sprintf("Failed to start WebUSB Trezor hub, disabling: %v", err)) 553 } else { 554 backends = append(backends, trezorhub) 555 } 556 } 557 if len(conf.SmartCardDaemonPath) > 0 { 558 // Start a smart card hub 559 if schub, err := scwallet.NewHub(conf.SmartCardDaemonPath, scwallet.Scheme, keydir); err != nil { 560 log.Warn(fmt.Sprintf("Failed to start smart card hub, disabling: %v", err)) 561 } else { 562 backends = append(backends, schub) 563 } 564 } 565 if conf.Plugins != nil { 566 if _, ok := conf.Plugins.Providers[plugin.AccountPluginInterfaceName]; ok { 567 pluginBackend := pluggable.NewBackend() 568 backends = append(backends, pluginBackend) 569 } 570 } 571 } 572 573 return accounts.NewManager(&accounts.Config{InsecureUnlockAllowed: conf.InsecureUnlockAllowed}, backends...), ephemeral, nil 574 } 575 576 var warnLock sync.Mutex 577 578 func (c *Config) warnOnce(w *bool, format string, args ...interface{}) { 579 warnLock.Lock() 580 defer warnLock.Unlock() 581 582 if *w { 583 return 584 } 585 l := c.Logger 586 if l == nil { 587 l = log.Root() 588 } 589 l.Warn(fmt.Sprintf(format, args...)) 590 *w = true 591 }