gitlab.com/jokerrs1/Sia@v1.3.2/node/api/routes.go (about) 1 package api 2 3 import ( 4 "net/http" 5 "strings" 6 "time" 7 8 "github.com/NebulousLabs/Sia/build" 9 "github.com/julienschmidt/httprouter" 10 ) 11 12 // buildHttpRoutes sets up and returns an * httprouter.Router. 13 // it connected the Router to the given api using the required 14 // parameters: requiredUserAgent and requiredPassword 15 func (api *API) buildHTTPRoutes(requiredUserAgent string, requiredPassword string) { 16 router := httprouter.New() 17 18 router.NotFound = http.HandlerFunc(UnrecognizedCallHandler) 19 router.RedirectTrailingSlash = false 20 21 // Consensus API Calls 22 if api.cs != nil { 23 router.GET("/consensus", api.consensusHandler) 24 router.POST("/consensus/validate/transactionset", api.consensusValidateTransactionsetHandler) 25 } 26 27 // Explorer API Calls 28 if api.explorer != nil { 29 router.GET("/explorer", api.explorerHandler) 30 router.GET("/explorer/blocks/:height", api.explorerBlocksHandler) 31 router.GET("/explorer/hashes/:hash", api.explorerHashHandler) 32 } 33 34 // Gateway API Calls 35 if api.gateway != nil { 36 router.GET("/gateway", api.gatewayHandler) 37 router.POST("/gateway/connect/:netaddress", RequirePassword(api.gatewayConnectHandler, requiredPassword)) 38 router.POST("/gateway/disconnect/:netaddress", RequirePassword(api.gatewayDisconnectHandler, requiredPassword)) 39 } 40 41 // Host API Calls 42 if api.host != nil { 43 // Calls directly pertaining to the host. 44 router.GET("/host", api.hostHandlerGET) // Get the host status. 45 router.POST("/host", RequirePassword(api.hostHandlerPOST, requiredPassword)) // Change the settings of the host. 46 router.POST("/host/announce", RequirePassword(api.hostAnnounceHandler, requiredPassword)) // Announce the host to the network. 47 router.GET("/host/estimatescore", api.hostEstimateScoreGET) 48 49 // Calls pertaining to the storage manager that the host uses. 50 router.GET("/host/storage", api.storageHandler) 51 router.POST("/host/storage/folders/add", RequirePassword(api.storageFoldersAddHandler, requiredPassword)) 52 router.POST("/host/storage/folders/remove", RequirePassword(api.storageFoldersRemoveHandler, requiredPassword)) 53 router.POST("/host/storage/folders/resize", RequirePassword(api.storageFoldersResizeHandler, requiredPassword)) 54 router.POST("/host/storage/sectors/delete/:merkleroot", RequirePassword(api.storageSectorsDeleteHandler, requiredPassword)) 55 } 56 57 // Miner API Calls 58 if api.miner != nil { 59 router.GET("/miner", api.minerHandler) 60 router.GET("/miner/header", RequirePassword(api.minerHeaderHandlerGET, requiredPassword)) 61 router.POST("/miner/header", RequirePassword(api.minerHeaderHandlerPOST, requiredPassword)) 62 router.GET("/miner/start", RequirePassword(api.minerStartHandler, requiredPassword)) 63 router.GET("/miner/stop", RequirePassword(api.minerStopHandler, requiredPassword)) 64 } 65 66 // Renter API Calls 67 if api.renter != nil { 68 router.GET("/renter", api.renterHandlerGET) 69 router.POST("/renter", RequirePassword(api.renterHandlerPOST, requiredPassword)) 70 router.GET("/renter/contracts", api.renterContractsHandler) 71 router.GET("/renter/downloads", api.renterDownloadsHandler) 72 router.GET("/renter/files", api.renterFilesHandler) 73 router.GET("/renter/prices", api.renterPricesHandler) 74 75 // TODO: re-enable these routes once the new .sia format has been 76 // standardized and implemented. 77 // router.POST("/renter/load", RequirePassword(api.renterLoadHandler, requiredPassword)) 78 // router.POST("/renter/loadascii", RequirePassword(api.renterLoadAsciiHandler, requiredPassword)) 79 // router.GET("/renter/share", RequirePassword(api.renterShareHandler, requiredPassword)) 80 // router.GET("/renter/shareascii", RequirePassword(api.renterShareAsciiHandler, requiredPassword)) 81 82 router.POST("/renter/delete/*siapath", RequirePassword(api.renterDeleteHandler, requiredPassword)) 83 router.GET("/renter/download/*siapath", RequirePassword(api.renterDownloadHandler, requiredPassword)) 84 router.GET("/renter/downloadasync/*siapath", RequirePassword(api.renterDownloadAsyncHandler, requiredPassword)) 85 router.POST("/renter/rename/*siapath", RequirePassword(api.renterRenameHandler, requiredPassword)) 86 router.POST("/renter/upload/*siapath", RequirePassword(api.renterUploadHandler, requiredPassword)) 87 88 // HostDB endpoints. 89 router.GET("/hostdb/active", api.hostdbActiveHandler) 90 router.GET("/hostdb/all", api.hostdbAllHandler) 91 router.GET("/hostdb/hosts/:pubkey", api.hostdbHostsHandler) 92 } 93 94 // Transaction pool API Calls 95 if api.tpool != nil { 96 router.GET("/tpool/fee", api.tpoolFeeHandlerGET) 97 router.GET("/tpool/raw/:id", api.tpoolRawHandlerGET) 98 router.POST("/tpool/raw", api.tpoolRawHandlerPOST) 99 router.GET("/tpool/confirmed/:id", api.tpoolConfirmedGET) 100 101 // TODO: re-enable this route once the transaction pool API has been finalized 102 //router.GET("/transactionpool/transactions", api.transactionpoolTransactionsHandler) 103 } 104 105 // Wallet API Calls 106 if api.wallet != nil { 107 router.GET("/wallet", api.walletHandler) 108 router.POST("/wallet/033x", RequirePassword(api.wallet033xHandler, requiredPassword)) 109 router.GET("/wallet/address", RequirePassword(api.walletAddressHandler, requiredPassword)) 110 router.GET("/wallet/addresses", api.walletAddressesHandler) 111 router.GET("/wallet/backup", RequirePassword(api.walletBackupHandler, requiredPassword)) 112 router.POST("/wallet/init", RequirePassword(api.walletInitHandler, requiredPassword)) 113 router.POST("/wallet/init/seed", RequirePassword(api.walletInitSeedHandler, requiredPassword)) 114 router.POST("/wallet/lock", RequirePassword(api.walletLockHandler, requiredPassword)) 115 router.POST("/wallet/seed", RequirePassword(api.walletSeedHandler, requiredPassword)) 116 router.GET("/wallet/seeds", RequirePassword(api.walletSeedsHandler, requiredPassword)) 117 router.POST("/wallet/siacoins", RequirePassword(api.walletSiacoinsHandler, requiredPassword)) 118 router.POST("/wallet/siafunds", RequirePassword(api.walletSiafundsHandler, requiredPassword)) 119 router.POST("/wallet/siagkey", RequirePassword(api.walletSiagkeyHandler, requiredPassword)) 120 router.POST("/wallet/sweep/seed", RequirePassword(api.walletSweepSeedHandler, requiredPassword)) 121 router.GET("/wallet/transaction/:id", api.walletTransactionHandler) 122 router.GET("/wallet/transactions", api.walletTransactionsHandler) 123 router.GET("/wallet/transactions/:addr", api.walletTransactionsAddrHandler) 124 router.GET("/wallet/verify/address/:addr", api.walletVerifyAddressHandler) 125 router.POST("/wallet/unlock", RequirePassword(api.walletUnlockHandler, requiredPassword)) 126 router.POST("/wallet/changepassword", RequirePassword(api.walletChangePasswordHandler, requiredPassword)) 127 } 128 129 // Apply UserAgent middleware and return the Router 130 api.router = cleanCloseHandler(RequireUserAgent(router, requiredUserAgent)) 131 return 132 } 133 134 // cleanCloseHandler wraps the entire API, ensuring that underlying conns are 135 // not leaked if the remote end closes the connection before the underlying 136 // handler finishes. 137 func cleanCloseHandler(next http.Handler) http.Handler { 138 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 139 // Close this file handle either when the function completes or when the 140 // connection is done. 141 done := make(chan struct{}) 142 go func(w http.ResponseWriter, r *http.Request) { 143 defer close(done) 144 next.ServeHTTP(w, r) 145 }(w, r) 146 select { 147 case <-done: 148 } 149 150 // Sanity check - thread should not take more than an hour to return. This 151 // must be done in a goroutine, otherwise the server will not close the 152 // underlying socket for this API call. 153 timer := time.NewTimer(time.Minute * 60) 154 go func() { 155 select { 156 case <-done: 157 timer.Stop() 158 case <-timer.C: 159 build.Severe("api call is taking more than 60 minutes to return:", r.URL.Path) 160 } 161 }() 162 }) 163 } 164 165 // RequireUserAgent is middleware that requires all requests to set a 166 // UserAgent that contains the specified string. 167 func RequireUserAgent(h http.Handler, ua string) http.Handler { 168 return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { 169 if !strings.Contains(req.UserAgent(), ua) { 170 WriteError(w, Error{"Browser access disabled due to security vulnerability. Use Sia-UI or siac."}, http.StatusBadRequest) 171 return 172 } 173 h.ServeHTTP(w, req) 174 }) 175 } 176 177 // RequirePassword is middleware that requires a request to authenticate with a 178 // password using HTTP basic auth. Usernames are ignored. Empty passwords 179 // indicate no authentication is required. 180 func RequirePassword(h httprouter.Handle, password string) httprouter.Handle { 181 // An empty password is equivalent to no password. 182 if password == "" { 183 return h 184 } 185 return func(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { 186 _, pass, ok := req.BasicAuth() 187 if !ok || pass != password { 188 w.Header().Set("WWW-Authenticate", "Basic realm=\"SiaAPI\"") 189 WriteError(w, Error{"API authentication failed."}, http.StatusUnauthorized) 190 return 191 } 192 h(w, req, ps) 193 } 194 }