github.com/jimmyx0x/go-ethereum@v1.10.28/node/config.go (about) 1 // Copyright 2014 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package node 18 19 import ( 20 "crypto/ecdsa" 21 "fmt" 22 "os" 23 "path/filepath" 24 "runtime" 25 "strings" 26 27 "github.com/ethereum/go-ethereum/common" 28 "github.com/ethereum/go-ethereum/crypto" 29 "github.com/ethereum/go-ethereum/log" 30 "github.com/ethereum/go-ethereum/p2p" 31 "github.com/ethereum/go-ethereum/rpc" 32 ) 33 34 const ( 35 datadirPrivateKey = "nodekey" // Path within the datadir to the node's private key 36 datadirJWTKey = "jwtsecret" // Path within the datadir to the node's jwt secret 37 datadirDefaultKeyStore = "keystore" // Path within the datadir to the keystore 38 datadirStaticNodes = "static-nodes.json" // Path within the datadir to the static node list 39 datadirTrustedNodes = "trusted-nodes.json" // Path within the datadir to the trusted node list 40 datadirNodeDatabase = "nodes" // Path within the datadir to store the node infos 41 ) 42 43 // Config represents a small collection of configuration values to fine tune the 44 // P2P network layer of a protocol stack. These values can be further extended by 45 // all registered services. 46 type Config struct { 47 // Name sets the instance name of the node. It must not contain the / character and is 48 // used in the devp2p node identifier. The instance name of geth is "geth". If no 49 // value is specified, the basename of the current executable is used. 50 Name string `toml:"-"` 51 52 // UserIdent, if set, is used as an additional component in the devp2p node identifier. 53 UserIdent string `toml:",omitempty"` 54 55 // Version should be set to the version number of the program. It is used 56 // in the devp2p node identifier. 57 Version string `toml:"-"` 58 59 // DataDir is the file system folder the node should use for any data storage 60 // requirements. The configured data directory will not be directly shared with 61 // registered services, instead those can use utility methods to create/access 62 // databases or flat files. This enables ephemeral nodes which can fully reside 63 // in memory. 64 DataDir string 65 66 // Configuration of peer-to-peer networking. 67 P2P p2p.Config 68 69 // KeyStoreDir is the file system folder that contains private keys. The directory can 70 // be specified as a relative path, in which case it is resolved relative to the 71 // current directory. 72 // 73 // If KeyStoreDir is empty, the default location is the "keystore" subdirectory of 74 // DataDir. If DataDir is unspecified and KeyStoreDir is empty, an ephemeral directory 75 // is created by New and destroyed when the node is stopped. 76 KeyStoreDir string `toml:",omitempty"` 77 78 // ExternalSigner specifies an external URI for a clef-type signer 79 ExternalSigner string `toml:",omitempty"` 80 81 // UseLightweightKDF lowers the memory and CPU requirements of the key store 82 // scrypt KDF at the expense of security. 83 UseLightweightKDF bool `toml:",omitempty"` 84 85 // InsecureUnlockAllowed allows user to unlock accounts in unsafe http environment. 86 InsecureUnlockAllowed bool `toml:",omitempty"` 87 88 // NoUSB disables hardware wallet monitoring and connectivity. 89 // Deprecated: USB monitoring is disabled by default and must be enabled explicitly. 90 NoUSB bool `toml:",omitempty"` 91 92 // USB enables hardware wallet monitoring and connectivity. 93 USB bool `toml:",omitempty"` 94 95 // SmartCardDaemonPath is the path to the smartcard daemon's socket 96 SmartCardDaemonPath string `toml:",omitempty"` 97 98 // IPCPath is the requested location to place the IPC endpoint. If the path is 99 // a simple file name, it is placed inside the data directory (or on the root 100 // pipe path on Windows), whereas if it's a resolvable path name (absolute or 101 // relative), then that specific path is enforced. An empty path disables IPC. 102 IPCPath string 103 104 // HTTPHost is the host interface on which to start the HTTP RPC server. If this 105 // field is empty, no HTTP API endpoint will be started. 106 HTTPHost string 107 108 // HTTPPort is the TCP port number on which to start the HTTP RPC server. The 109 // default zero value is/ valid and will pick a port number randomly (useful 110 // for ephemeral nodes). 111 HTTPPort int `toml:",omitempty"` 112 113 // HTTPCors is the Cross-Origin Resource Sharing header to send to requesting 114 // clients. Please be aware that CORS is a browser enforced security, it's fully 115 // useless for custom HTTP clients. 116 HTTPCors []string `toml:",omitempty"` 117 118 // HTTPVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. 119 // This is by default {'localhost'}. Using this prevents attacks like 120 // DNS rebinding, which bypasses SOP by simply masquerading as being within the same 121 // origin. These attacks do not utilize CORS, since they are not cross-domain. 122 // By explicitly checking the Host-header, the server will not allow requests 123 // made against the server with a malicious host domain. 124 // Requests using ip address directly are not affected 125 HTTPVirtualHosts []string `toml:",omitempty"` 126 127 // HTTPModules is a list of API modules to expose via the HTTP RPC interface. 128 // If the module list is empty, all RPC API endpoints designated public will be 129 // exposed. 130 HTTPModules []string 131 132 // HTTPTimeouts allows for customization of the timeout values used by the HTTP RPC 133 // interface. 134 HTTPTimeouts rpc.HTTPTimeouts 135 136 // HTTPPathPrefix specifies a path prefix on which http-rpc is to be served. 137 HTTPPathPrefix string `toml:",omitempty"` 138 139 // AuthAddr is the listening address on which authenticated APIs are provided. 140 AuthAddr string `toml:",omitempty"` 141 142 // AuthPort is the port number on which authenticated APIs are provided. 143 AuthPort int `toml:",omitempty"` 144 145 // AuthVirtualHosts is the list of virtual hostnames which are allowed on incoming requests 146 // for the authenticated api. This is by default {'localhost'}. 147 AuthVirtualHosts []string `toml:",omitempty"` 148 149 // WSHost is the host interface on which to start the websocket RPC server. If 150 // this field is empty, no websocket API endpoint will be started. 151 WSHost string 152 153 // WSPort is the TCP port number on which to start the websocket RPC server. The 154 // default zero value is/ valid and will pick a port number randomly (useful for 155 // ephemeral nodes). 156 WSPort int `toml:",omitempty"` 157 158 // WSPathPrefix specifies a path prefix on which ws-rpc is to be served. 159 WSPathPrefix string `toml:",omitempty"` 160 161 // WSOrigins is the list of domain to accept websocket requests from. Please be 162 // aware that the server can only act upon the HTTP request the client sends and 163 // cannot verify the validity of the request header. 164 WSOrigins []string `toml:",omitempty"` 165 166 // WSModules is a list of API modules to expose via the websocket RPC interface. 167 // If the module list is empty, all RPC API endpoints designated public will be 168 // exposed. 169 WSModules []string 170 171 // WSExposeAll exposes all API modules via the WebSocket RPC interface rather 172 // than just the public ones. 173 // 174 // *WARNING* Only set this if the node is running in a trusted network, exposing 175 // private APIs to untrusted users is a major security risk. 176 WSExposeAll bool `toml:",omitempty"` 177 178 // GraphQLCors is the Cross-Origin Resource Sharing header to send to requesting 179 // clients. Please be aware that CORS is a browser enforced security, it's fully 180 // useless for custom HTTP clients. 181 GraphQLCors []string `toml:",omitempty"` 182 183 // GraphQLVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. 184 // This is by default {'localhost'}. Using this prevents attacks like 185 // DNS rebinding, which bypasses SOP by simply masquerading as being within the same 186 // origin. These attacks do not utilize CORS, since they are not cross-domain. 187 // By explicitly checking the Host-header, the server will not allow requests 188 // made against the server with a malicious host domain. 189 // Requests using ip address directly are not affected 190 GraphQLVirtualHosts []string `toml:",omitempty"` 191 192 // Logger is a custom logger to use with the p2p.Server. 193 Logger log.Logger `toml:",omitempty"` 194 195 oldGethResourceWarning bool 196 197 // AllowUnprotectedTxs allows non EIP-155 protected transactions to be send over RPC. 198 AllowUnprotectedTxs bool `toml:",omitempty"` 199 200 // JWTSecret is the path to the hex-encoded jwt secret. 201 JWTSecret string `toml:",omitempty"` 202 } 203 204 // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into 205 // account the set data folders as well as the designated platform we're currently 206 // running on. 207 func (c *Config) IPCEndpoint() string { 208 // Short circuit if IPC has not been enabled 209 if c.IPCPath == "" { 210 return "" 211 } 212 // On windows we can only use plain top-level pipes 213 if runtime.GOOS == "windows" { 214 if strings.HasPrefix(c.IPCPath, `\\.\pipe\`) { 215 return c.IPCPath 216 } 217 return `\\.\pipe\` + c.IPCPath 218 } 219 // Resolve names into the data directory full paths otherwise 220 if filepath.Base(c.IPCPath) == c.IPCPath { 221 if c.DataDir == "" { 222 return filepath.Join(os.TempDir(), c.IPCPath) 223 } 224 return filepath.Join(c.DataDir, c.IPCPath) 225 } 226 return c.IPCPath 227 } 228 229 // NodeDB returns the path to the discovery node database. 230 func (c *Config) NodeDB() string { 231 if c.DataDir == "" { 232 return "" // ephemeral 233 } 234 return c.ResolvePath(datadirNodeDatabase) 235 } 236 237 // DefaultIPCEndpoint returns the IPC path used by default. 238 func DefaultIPCEndpoint(clientIdentifier string) string { 239 if clientIdentifier == "" { 240 clientIdentifier = strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") 241 if clientIdentifier == "" { 242 panic("empty executable name") 243 } 244 } 245 config := &Config{DataDir: DefaultDataDir(), IPCPath: clientIdentifier + ".ipc"} 246 return config.IPCEndpoint() 247 } 248 249 // HTTPEndpoint resolves an HTTP endpoint based on the configured host interface 250 // and port parameters. 251 func (c *Config) HTTPEndpoint() string { 252 if c.HTTPHost == "" { 253 return "" 254 } 255 return fmt.Sprintf("%s:%d", c.HTTPHost, c.HTTPPort) 256 } 257 258 // DefaultHTTPEndpoint returns the HTTP endpoint used by default. 259 func DefaultHTTPEndpoint() string { 260 config := &Config{HTTPHost: DefaultHTTPHost, HTTPPort: DefaultHTTPPort, AuthPort: DefaultAuthPort} 261 return config.HTTPEndpoint() 262 } 263 264 // WSEndpoint resolves a websocket endpoint based on the configured host interface 265 // and port parameters. 266 func (c *Config) WSEndpoint() string { 267 if c.WSHost == "" { 268 return "" 269 } 270 return fmt.Sprintf("%s:%d", c.WSHost, c.WSPort) 271 } 272 273 // DefaultWSEndpoint returns the websocket endpoint used by default. 274 func DefaultWSEndpoint() string { 275 config := &Config{WSHost: DefaultWSHost, WSPort: DefaultWSPort} 276 return config.WSEndpoint() 277 } 278 279 // ExtRPCEnabled returns the indicator whether node enables the external 280 // RPC(http, ws or graphql). 281 func (c *Config) ExtRPCEnabled() bool { 282 return c.HTTPHost != "" || c.WSHost != "" 283 } 284 285 // NodeName returns the devp2p node identifier. 286 func (c *Config) NodeName() string { 287 name := c.name() 288 // Backwards compatibility: previous versions used title-cased "Geth", keep that. 289 if name == "geth" || name == "geth-testnet" { 290 name = "Geth" 291 } 292 if c.UserIdent != "" { 293 name += "/" + c.UserIdent 294 } 295 if c.Version != "" { 296 name += "/v" + c.Version 297 } 298 name += "/" + runtime.GOOS + "-" + runtime.GOARCH 299 name += "/" + runtime.Version() 300 return name 301 } 302 303 func (c *Config) name() string { 304 if c.Name == "" { 305 progname := strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") 306 if progname == "" { 307 panic("empty executable name, set Config.Name") 308 } 309 return progname 310 } 311 return c.Name 312 } 313 314 // These resources are resolved differently for "geth" instances. 315 var isOldGethResource = map[string]bool{ 316 "chaindata": true, 317 "nodes": true, 318 "nodekey": true, 319 "static-nodes.json": false, // no warning for these because they have their 320 "trusted-nodes.json": false, // own separate warning. 321 } 322 323 // ResolvePath resolves path in the instance directory. 324 func (c *Config) ResolvePath(path string) string { 325 if filepath.IsAbs(path) { 326 return path 327 } 328 if c.DataDir == "" { 329 return "" 330 } 331 // Backwards-compatibility: ensure that data directory files created 332 // by geth 1.4 are used if they exist. 333 if warn, isOld := isOldGethResource[path]; isOld { 334 oldpath := "" 335 if c.name() == "geth" { 336 oldpath = filepath.Join(c.DataDir, path) 337 } 338 if oldpath != "" && common.FileExist(oldpath) { 339 if warn && !c.oldGethResourceWarning { 340 c.oldGethResourceWarning = true 341 log.Warn("Using deprecated resource file, please move this file to the 'geth' subdirectory of datadir.", "file", oldpath) 342 } 343 return oldpath 344 } 345 } 346 return filepath.Join(c.instanceDir(), path) 347 } 348 349 func (c *Config) instanceDir() string { 350 if c.DataDir == "" { 351 return "" 352 } 353 return filepath.Join(c.DataDir, c.name()) 354 } 355 356 // NodeKey retrieves the currently configured private key of the node, checking 357 // first any manually set key, falling back to the one found in the configured 358 // data folder. If no key can be found, a new one is generated. 359 func (c *Config) NodeKey() *ecdsa.PrivateKey { 360 // Use any specifically configured key. 361 if c.P2P.PrivateKey != nil { 362 return c.P2P.PrivateKey 363 } 364 // Generate ephemeral key if no datadir is being used. 365 if c.DataDir == "" { 366 key, err := crypto.GenerateKey() 367 if err != nil { 368 log.Crit(fmt.Sprintf("Failed to generate ephemeral node key: %v", err)) 369 } 370 return key 371 } 372 373 keyfile := c.ResolvePath(datadirPrivateKey) 374 if key, err := crypto.LoadECDSA(keyfile); err == nil { 375 return key 376 } 377 // No persistent key found, generate and store a new one. 378 key, err := crypto.GenerateKey() 379 if err != nil { 380 log.Crit(fmt.Sprintf("Failed to generate node key: %v", err)) 381 } 382 instanceDir := filepath.Join(c.DataDir, c.name()) 383 if err := os.MkdirAll(instanceDir, 0700); err != nil { 384 log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) 385 return key 386 } 387 keyfile = filepath.Join(instanceDir, datadirPrivateKey) 388 if err := crypto.SaveECDSA(keyfile, key); err != nil { 389 log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) 390 } 391 return key 392 } 393 394 // CheckLegacyFiles inspects the datadir for signs of legacy static-nodes 395 // and trusted-nodes files. If they exist it raises an error. 396 func (c *Config) checkLegacyFiles() { 397 c.checkLegacyFile(c.ResolvePath(datadirStaticNodes)) 398 c.checkLegacyFile(c.ResolvePath(datadirTrustedNodes)) 399 } 400 401 // checkLegacyFile will only raise an error if a file at the given path exists. 402 func (c *Config) checkLegacyFile(path string) { 403 // Short circuit if no node config is present 404 if c.DataDir == "" { 405 return 406 } 407 if _, err := os.Stat(path); err != nil { 408 return 409 } 410 logger := c.Logger 411 if logger == nil { 412 logger = log.Root() 413 } 414 switch fname := filepath.Base(path); fname { 415 case "static-nodes.json": 416 logger.Error("The static-nodes.json file is deprecated and ignored. Use P2P.StaticNodes in config.toml instead.") 417 case "trusted-nodes.json": 418 logger.Error("The trusted-nodes.json file is deprecated and ignored. Use P2P.TrustedNodes in config.toml instead.") 419 default: 420 // We shouldn't wind up here, but better print something just in case. 421 logger.Error("Ignoring deprecated file.", "file", path) 422 } 423 } 424 425 // KeyDirConfig determines the settings for keydirectory 426 func (c *Config) KeyDirConfig() (string, error) { 427 var ( 428 keydir string 429 err error 430 ) 431 switch { 432 case filepath.IsAbs(c.KeyStoreDir): 433 keydir = c.KeyStoreDir 434 case c.DataDir != "": 435 if c.KeyStoreDir == "" { 436 keydir = filepath.Join(c.DataDir, datadirDefaultKeyStore) 437 } else { 438 keydir, err = filepath.Abs(c.KeyStoreDir) 439 } 440 case c.KeyStoreDir != "": 441 keydir, err = filepath.Abs(c.KeyStoreDir) 442 } 443 return keydir, err 444 } 445 446 // getKeyStoreDir retrieves the key directory and will create 447 // and ephemeral one if necessary. 448 func getKeyStoreDir(conf *Config) (string, bool, error) { 449 keydir, err := conf.KeyDirConfig() 450 if err != nil { 451 return "", false, err 452 } 453 isEphemeral := false 454 if keydir == "" { 455 // There is no datadir. 456 keydir, err = os.MkdirTemp("", "go-ethereum-keystore") 457 isEphemeral = true 458 } 459 460 if err != nil { 461 return "", false, err 462 } 463 if err := os.MkdirAll(keydir, 0700); err != nil { 464 return "", false, err 465 } 466 467 return keydir, isEphemeral, nil 468 }