func checkAuthHeader(state interfaces.IState, r *http.Request) error {
if "" == state.GetRpcUser() {
//no username was specified in the config file or command line, meaning factomd API is open access
return nil
}
authhdr := r.Header["Authorization"]
if len(authhdr) == 0 {
return errors.New("no auth")
}
correctAuth := state.GetRpcAuthHash()
h := sha256.New()
h.Write([]byte(authhdr[0]))
presentedPassHash := h.Sum(nil)
cmp := subtle.ConstantTimeCompare(presentedPassHash, correctAuth) //compare hashes because ConstantTimeCompare takes a constant time based on the slice size. hashing gives a constant slice size.
if cmp != 1 {
return errors.New("bad auth")
}
return nil
}
func Start(state interfaces.IState) {
var server *web.Server
ServersMutex.Lock()
defer ServersMutex.Unlock()
if Servers == nil {
Servers = make(map[int]*web.Server)
}
rpcUser := state.GetRpcUser()
rpcPass := state.GetRpcPass()
h := sha256.New()
h.Write(httpBasicAuth(rpcUser, rpcPass))
state.SetRpcAuthHash(h.Sum(nil)) //set this in the beginning to prevent timing attacks
if Servers[state.GetPort()] == nil {
server = web.NewServer()
Servers[state.GetPort()] = server
server.Env["state"] = state
server.Post("/v1/factoid-submit/?", HandleFactoidSubmit)
server.Post("/v1/commit-chain/?", HandleCommitChain)
server.Post("/v1/reveal-chain/?", HandleRevealChain)
server.Post("/v1/commit-entry/?", HandleCommitEntry)
server.Post("/v1/reveal-entry/?", HandleRevealEntry)
server.Get("/v1/directory-block-head/?", HandleDirectoryBlockHead)
server.Get("/v1/get-raw-data/([^/]+)", HandleGetRaw)
server.Get("/v1/get-receipt/([^/]+)", HandleGetReceipt)
server.Get("/v1/directory-block-by-keymr/([^/]+)", HandleDirectoryBlock)
server.Get("/v1/directory-block-height/?", HandleDirectoryBlockHeight)
server.Get("/v1/entry-block-by-keymr/([^/]+)", HandleEntryBlock)
server.Get("/v1/entry-by-hash/([^/]+)", HandleEntry)
server.Get("/v1/chain-head/([^/]+)", HandleChainHead)
server.Get("/v1/entry-credit-balance/([^/]+)", HandleEntryCreditBalance)
server.Get("/v1/factoid-balance/([^/]+)", HandleFactoidBalance)
server.Get("/v1/factoid-get-fee/", HandleGetFee)
server.Get("/v1/properties/", HandleProperties)
server.Get("/v1/heights/", HandleHeights)
server.Post("/v2", HandleV2)
server.Get("/v2", HandleV2)
tlsIsEnabled, tlsPrivate, tlsPublic := state.GetTlsInfo()
if tlsIsEnabled {
log.Print("Starting encrypted API server")
if !fileExists(tlsPrivate) && !fileExists(tlsPublic) {
err := genCertPair(tlsPublic, tlsPrivate, state.GetFactomdLocations())
if err != nil {
panic(fmt.Sprintf("could not start encrypted API server with error: %v", err))
}
}
keypair, err := tls.LoadX509KeyPair(tlsPublic, tlsPrivate)
if err != nil {
panic(fmt.Sprintf("could not create TLS keypair with error: %v", err))
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{keypair},
MinVersion: tls.VersionTLS12,
}
go server.RunTLS(fmt.Sprintf(":%d", state.GetPort()), tlsConfig)
} else {
log.Print("Starting API server")
go server.Run(fmt.Sprintf(":%d", state.GetPort()))
}
}
}