-
Notifications
You must be signed in to change notification settings - Fork 108
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(rpc): Cookie auth system for the RPC endpoint (#8900)
* add a cookie auth system for the rpc endpoint * fix rand import * fixes based on cookie method research * add and use `cookie_dir` config, rpc client changes * add missing dependency * add a enable_cookie auth option to config and use it in all tests * get rid of the unauthenticated method * change config in qa python tests to run unauthenticated * change return types in cookie methods * change comment * fix(rpc): Refactor the cookie-based RPC authentication (#8940) * Refactor the cookie-based RPC authentication * Rephrase docs * Apply suggestions from code review Co-authored-by: Arya <[email protected]> --------- Co-authored-by: Arya <[email protected]> * clippy --------- Co-authored-by: Marek <[email protected]> Co-authored-by: Arya <[email protected]>
- Loading branch information
1 parent
47b7614
commit b1ffc89
Showing
10 changed files
with
261 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
//! Cookie-based authentication for the RPC server. | ||
use base64::{engine::general_purpose::URL_SAFE, Engine as _}; | ||
use color_eyre::Result; | ||
use rand::RngCore; | ||
|
||
use std::{ | ||
fs::{remove_file, File}, | ||
io::Write, | ||
path::Path, | ||
}; | ||
|
||
/// The name of the cookie file on the disk | ||
const FILE: &str = ".cookie"; | ||
|
||
/// If the RPC authentication is enabled, all requests must contain this cookie. | ||
#[derive(Clone, Debug)] | ||
pub struct Cookie(String); | ||
|
||
impl Cookie { | ||
/// Checks if the given passwd matches the contents of the cookie. | ||
pub fn authenticate(&self, passwd: String) -> bool { | ||
*passwd == self.0 | ||
} | ||
} | ||
|
||
impl Default for Cookie { | ||
fn default() -> Self { | ||
let mut bytes = [0u8; 32]; | ||
rand::thread_rng().fill_bytes(&mut bytes); | ||
|
||
Self(URL_SAFE.encode(bytes)) | ||
} | ||
} | ||
|
||
/// Writes the given cookie to the given dir. | ||
pub fn write_to_disk(cookie: &Cookie, dir: &Path) -> Result<()> { | ||
// Create the directory if needed. | ||
std::fs::create_dir_all(dir)?; | ||
File::create(dir.join(FILE))?.write_all(format!("__cookie__:{}", cookie.0).as_bytes())?; | ||
|
||
tracing::info!("RPC auth cookie written to disk"); | ||
|
||
Ok(()) | ||
} | ||
|
||
/// Removes a cookie from the given dir. | ||
pub fn remove_from_disk(dir: &Path) -> Result<()> { | ||
remove_file(dir.join(FILE))?; | ||
|
||
tracing::info!("RPC auth cookie removed from disk"); | ||
|
||
Ok(()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.