github.com/livepeer/go-ethereum@v1.9.7/node/config.go (about)

     1  // Copyright 2014 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package node
    18  
    19  import (
    20  	"crypto/ecdsa"
    21  	"fmt"
    22  	"io/ioutil"
    23  	"os"
    24  	"path/filepath"
    25  	"runtime"
    26  	"strings"
    27  	"sync"
    28  
    29  	"github.com/ethereum/go-ethereum/accounts"
    30  	"github.com/ethereum/go-ethereum/accounts/external"
    31  	"github.com/ethereum/go-ethereum/accounts/keystore"
    32  	"github.com/ethereum/go-ethereum/accounts/scwallet"
    33  	"github.com/ethereum/go-ethereum/accounts/usbwallet"
    34  	"github.com/ethereum/go-ethereum/common"
    35  	"github.com/ethereum/go-ethereum/crypto"
    36  	"github.com/ethereum/go-ethereum/log"
    37  	"github.com/ethereum/go-ethereum/p2p"
    38  	"github.com/ethereum/go-ethereum/p2p/enode"
    39  	"github.com/ethereum/go-ethereum/rpc"
    40  )
    41  
    42  const (
    43  	datadirPrivateKey      = "nodekey"            // Path within the datadir to the node's private key
    44  	datadirDefaultKeyStore = "keystore"           // Path within the datadir to the keystore
    45  	datadirStaticNodes     = "static-nodes.json"  // Path within the datadir to the static node list
    46  	datadirTrustedNodes    = "trusted-nodes.json" // Path within the datadir to the trusted node list
    47  	datadirNodeDatabase    = "nodes"              // Path within the datadir to store the node infos
    48  )
    49  
    50  // Config represents a small collection of configuration values to fine tune the
    51  // P2P network layer of a protocol stack. These values can be further extended by
    52  // all registered services.
    53  type Config struct {
    54  	// Name sets the instance name of the node. It must not contain the / character and is
    55  	// used in the devp2p node identifier. The instance name of geth is "geth". If no
    56  	// value is specified, the basename of the current executable is used.
    57  	Name string `toml:"-"`
    58  
    59  	// UserIdent, if set, is used as an additional component in the devp2p node identifier.
    60  	UserIdent string `toml:",omitempty"`
    61  
    62  	// Version should be set to the version number of the program. It is used
    63  	// in the devp2p node identifier.
    64  	Version string `toml:"-"`
    65  
    66  	// DataDir is the file system folder the node should use for any data storage
    67  	// requirements. The configured data directory will not be directly shared with
    68  	// registered services, instead those can use utility methods to create/access
    69  	// databases or flat files. This enables ephemeral nodes which can fully reside
    70  	// in memory.
    71  	DataDir string
    72  
    73  	// Configuration of peer-to-peer networking.
    74  	P2P p2p.Config
    75  
    76  	// KeyStoreDir is the file system folder that contains private keys. The directory can
    77  	// be specified as a relative path, in which case it is resolved relative to the
    78  	// current directory.
    79  	//
    80  	// If KeyStoreDir is empty, the default location is the "keystore" subdirectory of
    81  	// DataDir. If DataDir is unspecified and KeyStoreDir is empty, an ephemeral directory
    82  	// is created by New and destroyed when the node is stopped.
    83  	KeyStoreDir string `toml:",omitempty"`
    84  
    85  	// ExternalSigner specifies an external URI for a clef-type signer
    86  	ExternalSigner string `toml:"omitempty"`
    87  
    88  	// UseLightweightKDF lowers the memory and CPU requirements of the key store
    89  	// scrypt KDF at the expense of security.
    90  	UseLightweightKDF bool `toml:",omitempty"`
    91  
    92  	// InsecureUnlockAllowed allows user to unlock accounts in unsafe http environment.
    93  	InsecureUnlockAllowed bool `toml:",omitempty"`
    94  
    95  	// NoUSB disables hardware wallet monitoring and connectivity.
    96  	NoUSB bool `toml:",omitempty"`
    97  
    98  	// SmartCardDaemonPath is the path to the smartcard daemon's socket
    99  	SmartCardDaemonPath string `toml:",omitempty"`
   100  
   101  	// IPCPath is the requested location to place the IPC endpoint. If the path is
   102  	// a simple file name, it is placed inside the data directory (or on the root
   103  	// pipe path on Windows), whereas if it's a resolvable path name (absolute or
   104  	// relative), then that specific path is enforced. An empty path disables IPC.
   105  	IPCPath string `toml:",omitempty"`
   106  
   107  	// HTTPHost is the host interface on which to start the HTTP RPC server. If this
   108  	// field is empty, no HTTP API endpoint will be started.
   109  	HTTPHost string `toml:",omitempty"`
   110  
   111  	// HTTPPort is the TCP port number on which to start the HTTP RPC server. The
   112  	// default zero value is/ valid and will pick a port number randomly (useful
   113  	// for ephemeral nodes).
   114  	HTTPPort int `toml:",omitempty"`
   115  
   116  	// HTTPCors is the Cross-Origin Resource Sharing header to send to requesting
   117  	// clients. Please be aware that CORS is a browser enforced security, it's fully
   118  	// useless for custom HTTP clients.
   119  	HTTPCors []string `toml:",omitempty"`
   120  
   121  	// HTTPVirtualHosts is the list of virtual hostnames which are allowed on incoming requests.
   122  	// This is by default {'localhost'}. Using this prevents attacks like
   123  	// DNS rebinding, which bypasses SOP by simply masquerading as being within the same
   124  	// origin. These attacks do not utilize CORS, since they are not cross-domain.
   125  	// By explicitly checking the Host-header, the server will not allow requests
   126  	// made against the server with a malicious host domain.
   127  	// Requests using ip address directly are not affected
   128  	HTTPVirtualHosts []string `toml:",omitempty"`
   129  
   130  	// HTTPModules is a list of API modules to expose via the HTTP RPC interface.
   131  	// If the module list is empty, all RPC API endpoints designated public will be
   132  	// exposed.
   133  	HTTPModules []string `toml:",omitempty"`
   134  
   135  	// HTTPTimeouts allows for customization of the timeout values used by the HTTP RPC
   136  	// interface.
   137  	HTTPTimeouts rpc.HTTPTimeouts
   138  
   139  	// WSHost is the host interface on which to start the websocket RPC server. If
   140  	// this field is empty, no websocket API endpoint will be started.
   141  	WSHost string `toml:",omitempty"`
   142  
   143  	// WSPort is the TCP port number on which to start the websocket RPC server. The
   144  	// default zero value is/ valid and will pick a port number randomly (useful for
   145  	// ephemeral nodes).
   146  	WSPort int `toml:",omitempty"`
   147  
   148  	// WSOrigins is the list of domain to accept websocket requests from. Please be
   149  	// aware that the server can only act upon the HTTP request the client sends and
   150  	// cannot verify the validity of the request header.
   151  	WSOrigins []string `toml:",omitempty"`
   152  
   153  	// WSModules is a list of API modules to expose via the websocket RPC interface.
   154  	// If the module list is empty, all RPC API endpoints designated public will be
   155  	// exposed.
   156  	WSModules []string `toml:",omitempty"`
   157  
   158  	// WSExposeAll exposes all API modules via the WebSocket RPC interface rather
   159  	// than just the public ones.
   160  	//
   161  	// *WARNING* Only set this if the node is running in a trusted network, exposing
   162  	// private APIs to untrusted users is a major security risk.
   163  	WSExposeAll bool `toml:",omitempty"`
   164  
   165  	// GraphQLHost is the host interface on which to start the GraphQL server. If this
   166  	// field is empty, no GraphQL API endpoint will be started.
   167  	GraphQLHost string `toml:",omitempty"`
   168  
   169  	// GraphQLPort is the TCP port number on which to start the GraphQL server. The
   170  	// default zero value is/ valid and will pick a port number randomly (useful
   171  	// for ephemeral nodes).
   172  	GraphQLPort int `toml:",omitempty"`
   173  
   174  	// GraphQLCors is the Cross-Origin Resource Sharing header to send to requesting
   175  	// clients. Please be aware that CORS is a browser enforced security, it's fully
   176  	// useless for custom HTTP clients.
   177  	GraphQLCors []string `toml:",omitempty"`
   178  
   179  	// GraphQLVirtualHosts is the list of virtual hostnames which are allowed on incoming requests.
   180  	// This is by default {'localhost'}. Using this prevents attacks like
   181  	// DNS rebinding, which bypasses SOP by simply masquerading as being within the same
   182  	// origin. These attacks do not utilize CORS, since they are not cross-domain.
   183  	// By explicitly checking the Host-header, the server will not allow requests
   184  	// made against the server with a malicious host domain.
   185  	// Requests using ip address directly are not affected
   186  	GraphQLVirtualHosts []string `toml:",omitempty"`
   187  
   188  	// Logger is a custom logger to use with the p2p.Server.
   189  	Logger log.Logger `toml:",omitempty"`
   190  
   191  	staticNodesWarning     bool
   192  	trustedNodesWarning    bool
   193  	oldGethResourceWarning bool
   194  }
   195  
   196  // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into
   197  // account the set data folders as well as the designated platform we're currently
   198  // running on.
   199  func (c *Config) IPCEndpoint() string {
   200  	// Short circuit if IPC has not been enabled
   201  	if c.IPCPath == "" {
   202  		return ""
   203  	}
   204  	// On windows we can only use plain top-level pipes
   205  	if runtime.GOOS == "windows" {
   206  		if strings.HasPrefix(c.IPCPath, `\\.\pipe\`) {
   207  			return c.IPCPath
   208  		}
   209  		return `\\.\pipe\` + c.IPCPath
   210  	}
   211  	// Resolve names into the data directory full paths otherwise
   212  	if filepath.Base(c.IPCPath) == c.IPCPath {
   213  		if c.DataDir == "" {
   214  			return filepath.Join(os.TempDir(), c.IPCPath)
   215  		}
   216  		return filepath.Join(c.DataDir, c.IPCPath)
   217  	}
   218  	return c.IPCPath
   219  }
   220  
   221  // NodeDB returns the path to the discovery node database.
   222  func (c *Config) NodeDB() string {
   223  	if c.DataDir == "" {
   224  		return "" // ephemeral
   225  	}
   226  	return c.ResolvePath(datadirNodeDatabase)
   227  }
   228  
   229  // DefaultIPCEndpoint returns the IPC path used by default.
   230  func DefaultIPCEndpoint(clientIdentifier string) string {
   231  	if clientIdentifier == "" {
   232  		clientIdentifier = strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe")
   233  		if clientIdentifier == "" {
   234  			panic("empty executable name")
   235  		}
   236  	}
   237  	config := &Config{DataDir: DefaultDataDir(), IPCPath: clientIdentifier + ".ipc"}
   238  	return config.IPCEndpoint()
   239  }
   240  
   241  // HTTPEndpoint resolves an HTTP endpoint based on the configured host interface
   242  // and port parameters.
   243  func (c *Config) HTTPEndpoint() string {
   244  	if c.HTTPHost == "" {
   245  		return ""
   246  	}
   247  	return fmt.Sprintf("%s:%d", c.HTTPHost, c.HTTPPort)
   248  }
   249  
   250  // GraphQLEndpoint resolves a GraphQL endpoint based on the configured host interface
   251  // and port parameters.
   252  func (c *Config) GraphQLEndpoint() string {
   253  	if c.GraphQLHost == "" {
   254  		return ""
   255  	}
   256  	return fmt.Sprintf("%s:%d", c.GraphQLHost, c.GraphQLPort)
   257  }
   258  
   259  // DefaultHTTPEndpoint returns the HTTP endpoint used by default.
   260  func DefaultHTTPEndpoint() string {
   261  	config := &Config{HTTPHost: DefaultHTTPHost, HTTPPort: DefaultHTTPPort}
   262  	return config.HTTPEndpoint()
   263  }
   264  
   265  // WSEndpoint resolves a websocket endpoint based on the configured host interface
   266  // and port parameters.
   267  func (c *Config) WSEndpoint() string {
   268  	if c.WSHost == "" {
   269  		return ""
   270  	}
   271  	return fmt.Sprintf("%s:%d", c.WSHost, c.WSPort)
   272  }
   273  
   274  // DefaultWSEndpoint returns the websocket endpoint used by default.
   275  func DefaultWSEndpoint() string {
   276  	config := &Config{WSHost: DefaultWSHost, WSPort: DefaultWSPort}
   277  	return config.WSEndpoint()
   278  }
   279  
   280  // ExtRPCEnabled returns the indicator whether node enables the external
   281  // RPC(http, ws or graphql).
   282  func (c *Config) ExtRPCEnabled() bool {
   283  	return c.HTTPHost != "" || c.WSHost != "" || c.GraphQLHost != ""
   284  }
   285  
   286  // NodeName returns the devp2p node identifier.
   287  func (c *Config) NodeName() string {
   288  	name := c.name()
   289  	// Backwards compatibility: previous versions used title-cased "Geth", keep that.
   290  	if name == "geth" || name == "geth-testnet" {
   291  		name = "Geth"
   292  	}
   293  	if c.UserIdent != "" {
   294  		name += "/" + c.UserIdent
   295  	}
   296  	if c.Version != "" {
   297  		name += "/v" + c.Version
   298  	}
   299  	name += "/" + runtime.GOOS + "-" + runtime.GOARCH
   300  	name += "/" + runtime.Version()
   301  	return name
   302  }
   303  
   304  func (c *Config) name() string {
   305  	if c.Name == "" {
   306  		progname := strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe")
   307  		if progname == "" {
   308  			panic("empty executable name, set Config.Name")
   309  		}
   310  		return progname
   311  	}
   312  	return c.Name
   313  }
   314  
   315  // These resources are resolved differently for "geth" instances.
   316  var isOldGethResource = map[string]bool{
   317  	"chaindata":          true,
   318  	"nodes":              true,
   319  	"nodekey":            true,
   320  	"static-nodes.json":  false, // no warning for these because they have their
   321  	"trusted-nodes.json": false, // own separate warning.
   322  }
   323  
   324  // ResolvePath resolves path in the instance directory.
   325  func (c *Config) ResolvePath(path string) string {
   326  	if filepath.IsAbs(path) {
   327  		return path
   328  	}
   329  	if c.DataDir == "" {
   330  		return ""
   331  	}
   332  	// Backwards-compatibility: ensure that data directory files created
   333  	// by geth 1.4 are used if they exist.
   334  	if warn, isOld := isOldGethResource[path]; isOld {
   335  		oldpath := ""
   336  		if c.name() == "geth" {
   337  			oldpath = filepath.Join(c.DataDir, path)
   338  		}
   339  		if oldpath != "" && common.FileExist(oldpath) {
   340  			if warn {
   341  				c.warnOnce(&c.oldGethResourceWarning, "Using deprecated resource file %s, please move this file to the 'geth' subdirectory of datadir.", oldpath)
   342  			}
   343  			return oldpath
   344  		}
   345  	}
   346  	return filepath.Join(c.instanceDir(), path)
   347  }
   348  
   349  func (c *Config) instanceDir() string {
   350  	if c.DataDir == "" {
   351  		return ""
   352  	}
   353  	return filepath.Join(c.DataDir, c.name())
   354  }
   355  
   356  // NodeKey retrieves the currently configured private key of the node, checking
   357  // first any manually set key, falling back to the one found in the configured
   358  // data folder. If no key can be found, a new one is generated.
   359  func (c *Config) NodeKey() *ecdsa.PrivateKey {
   360  	// Use any specifically configured key.
   361  	if c.P2P.PrivateKey != nil {
   362  		return c.P2P.PrivateKey
   363  	}
   364  	// Generate ephemeral key if no datadir is being used.
   365  	if c.DataDir == "" {
   366  		key, err := crypto.GenerateKey()
   367  		if err != nil {
   368  			log.Crit(fmt.Sprintf("Failed to generate ephemeral node key: %v", err))
   369  		}
   370  		return key
   371  	}
   372  
   373  	keyfile := c.ResolvePath(datadirPrivateKey)
   374  	if key, err := crypto.LoadECDSA(keyfile); err == nil {
   375  		return key
   376  	}
   377  	// No persistent key found, generate and store a new one.
   378  	key, err := crypto.GenerateKey()
   379  	if err != nil {
   380  		log.Crit(fmt.Sprintf("Failed to generate node key: %v", err))
   381  	}
   382  	instanceDir := filepath.Join(c.DataDir, c.name())
   383  	if err := os.MkdirAll(instanceDir, 0700); err != nil {
   384  		log.Error(fmt.Sprintf("Failed to persist node key: %v", err))
   385  		return key
   386  	}
   387  	keyfile = filepath.Join(instanceDir, datadirPrivateKey)
   388  	if err := crypto.SaveECDSA(keyfile, key); err != nil {
   389  		log.Error(fmt.Sprintf("Failed to persist node key: %v", err))
   390  	}
   391  	return key
   392  }
   393  
   394  // StaticNodes returns a list of node enode URLs configured as static nodes.
   395  func (c *Config) StaticNodes() []*enode.Node {
   396  	return c.parsePersistentNodes(&c.staticNodesWarning, c.ResolvePath(datadirStaticNodes))
   397  }
   398  
   399  // TrustedNodes returns a list of node enode URLs configured as trusted nodes.
   400  func (c *Config) TrustedNodes() []*enode.Node {
   401  	return c.parsePersistentNodes(&c.trustedNodesWarning, c.ResolvePath(datadirTrustedNodes))
   402  }
   403  
   404  // parsePersistentNodes parses a list of discovery node URLs loaded from a .json
   405  // file from within the data directory.
   406  func (c *Config) parsePersistentNodes(w *bool, path string) []*enode.Node {
   407  	// Short circuit if no node config is present
   408  	if c.DataDir == "" {
   409  		return nil
   410  	}
   411  	if _, err := os.Stat(path); err != nil {
   412  		return nil
   413  	}
   414  	c.warnOnce(w, "Found deprecated node list file %s, please use the TOML config file instead.", path)
   415  
   416  	// Load the nodes from the config file.
   417  	var nodelist []string
   418  	if err := common.LoadJSON(path, &nodelist); err != nil {
   419  		log.Error(fmt.Sprintf("Can't load node list file: %v", err))
   420  		return nil
   421  	}
   422  	// Interpret the list as a discovery node array
   423  	var nodes []*enode.Node
   424  	for _, url := range nodelist {
   425  		if url == "" {
   426  			continue
   427  		}
   428  		node, err := enode.Parse(enode.ValidSchemes, url)
   429  		if err != nil {
   430  			log.Error(fmt.Sprintf("Node URL %s: %v\n", url, err))
   431  			continue
   432  		}
   433  		nodes = append(nodes, node)
   434  	}
   435  	return nodes
   436  }
   437  
   438  // AccountConfig determines the settings for scrypt and keydirectory
   439  func (c *Config) AccountConfig() (int, int, string, error) {
   440  	scryptN := keystore.StandardScryptN
   441  	scryptP := keystore.StandardScryptP
   442  	if c.UseLightweightKDF {
   443  		scryptN = keystore.LightScryptN
   444  		scryptP = keystore.LightScryptP
   445  	}
   446  
   447  	var (
   448  		keydir string
   449  		err    error
   450  	)
   451  	switch {
   452  	case filepath.IsAbs(c.KeyStoreDir):
   453  		keydir = c.KeyStoreDir
   454  	case c.DataDir != "":
   455  		if c.KeyStoreDir == "" {
   456  			keydir = filepath.Join(c.DataDir, datadirDefaultKeyStore)
   457  		} else {
   458  			keydir, err = filepath.Abs(c.KeyStoreDir)
   459  		}
   460  	case c.KeyStoreDir != "":
   461  		keydir, err = filepath.Abs(c.KeyStoreDir)
   462  	}
   463  	return scryptN, scryptP, keydir, err
   464  }
   465  
   466  func makeAccountManager(conf *Config) (*accounts.Manager, string, error) {
   467  	scryptN, scryptP, keydir, err := conf.AccountConfig()
   468  	var ephemeral string
   469  	if keydir == "" {
   470  		// There is no datadir.
   471  		keydir, err = ioutil.TempDir("", "go-ethereum-keystore")
   472  		ephemeral = keydir
   473  	}
   474  
   475  	if err != nil {
   476  		return nil, "", err
   477  	}
   478  	if err := os.MkdirAll(keydir, 0700); err != nil {
   479  		return nil, "", err
   480  	}
   481  	// Assemble the account manager and supported backends
   482  	var backends []accounts.Backend
   483  	if len(conf.ExternalSigner) > 0 {
   484  		log.Info("Using external signer", "url", conf.ExternalSigner)
   485  		if extapi, err := external.NewExternalBackend(conf.ExternalSigner); err == nil {
   486  			backends = append(backends, extapi)
   487  		} else {
   488  			return nil, "", fmt.Errorf("error connecting to external signer: %v", err)
   489  		}
   490  	}
   491  	if len(backends) == 0 {
   492  		// For now, we're using EITHER external signer OR local signers.
   493  		// If/when we implement some form of lockfile for USB and keystore wallets,
   494  		// we can have both, but it's very confusing for the user to see the same
   495  		// accounts in both externally and locally, plus very racey.
   496  		backends = append(backends, keystore.NewKeyStore(keydir, scryptN, scryptP))
   497  		if !conf.NoUSB {
   498  			// Start a USB hub for Ledger hardware wallets
   499  			if ledgerhub, err := usbwallet.NewLedgerHub(); err != nil {
   500  				log.Warn(fmt.Sprintf("Failed to start Ledger hub, disabling: %v", err))
   501  			} else {
   502  				backends = append(backends, ledgerhub)
   503  			}
   504  			// Start a USB hub for Trezor hardware wallets (HID version)
   505  			if trezorhub, err := usbwallet.NewTrezorHubWithHID(); err != nil {
   506  				log.Warn(fmt.Sprintf("Failed to start HID Trezor hub, disabling: %v", err))
   507  			} else {
   508  				backends = append(backends, trezorhub)
   509  			}
   510  			// Start a USB hub for Trezor hardware wallets (WebUSB version)
   511  			if trezorhub, err := usbwallet.NewTrezorHubWithWebUSB(); err != nil {
   512  				log.Warn(fmt.Sprintf("Failed to start WebUSB Trezor hub, disabling: %v", err))
   513  			} else {
   514  				backends = append(backends, trezorhub)
   515  			}
   516  		}
   517  		if len(conf.SmartCardDaemonPath) > 0 {
   518  			// Start a smart card hub
   519  			if schub, err := scwallet.NewHub(conf.SmartCardDaemonPath, scwallet.Scheme, keydir); err != nil {
   520  				log.Warn(fmt.Sprintf("Failed to start smart card hub, disabling: %v", err))
   521  			} else {
   522  				backends = append(backends, schub)
   523  			}
   524  		}
   525  	}
   526  
   527  	return accounts.NewManager(&accounts.Config{InsecureUnlockAllowed: conf.InsecureUnlockAllowed}, backends...), ephemeral, nil
   528  }
   529  
   530  var warnLock sync.Mutex
   531  
   532  func (c *Config) warnOnce(w *bool, format string, args ...interface{}) {
   533  	warnLock.Lock()
   534  	defer warnLock.Unlock()
   535  
   536  	if *w {
   537  		return
   538  	}
   539  	l := c.Logger
   540  	if l == nil {
   541  		l = log.Root()
   542  	}
   543  	l.Warn(fmt.Sprintf(format, args...))
   544  	*w = true
   545  }