Esempio n. 1
0
func checkAuthHeader(state interfaces.IState, r *http.Request) error {
	if "" == state.GetRpcUser() {
		//no username was specified in the config file or command line, meaning factomd API is open access
		return nil
	}

	authhdr := r.Header["Authorization"]
	if len(authhdr) == 0 {
		return errors.New("no auth")
	}

	correctAuth := state.GetRpcAuthHash()

	h := sha256.New()
	h.Write([]byte(authhdr[0]))
	presentedPassHash := h.Sum(nil)

	cmp := subtle.ConstantTimeCompare(presentedPassHash, correctAuth) //compare hashes because ConstantTimeCompare takes a constant time based on the slice size.  hashing gives a constant slice size.
	if cmp != 1 {
		return errors.New("bad auth")
	}
	return nil
}
Esempio n. 2
0
func Start(state interfaces.IState) {
	var server *web.Server

	ServersMutex.Lock()
	defer ServersMutex.Unlock()

	if Servers == nil {
		Servers = make(map[int]*web.Server)
	}

	rpcUser := state.GetRpcUser()
	rpcPass := state.GetRpcPass()
	h := sha256.New()
	h.Write(httpBasicAuth(rpcUser, rpcPass))
	state.SetRpcAuthHash(h.Sum(nil)) //set this in the beginning to prevent timing attacks

	if Servers[state.GetPort()] == nil {
		server = web.NewServer()

		Servers[state.GetPort()] = server
		server.Env["state"] = state

		server.Post("/v1/factoid-submit/?", HandleFactoidSubmit)
		server.Post("/v1/commit-chain/?", HandleCommitChain)
		server.Post("/v1/reveal-chain/?", HandleRevealChain)
		server.Post("/v1/commit-entry/?", HandleCommitEntry)
		server.Post("/v1/reveal-entry/?", HandleRevealEntry)
		server.Get("/v1/directory-block-head/?", HandleDirectoryBlockHead)
		server.Get("/v1/get-raw-data/([^/]+)", HandleGetRaw)
		server.Get("/v1/get-receipt/([^/]+)", HandleGetReceipt)
		server.Get("/v1/directory-block-by-keymr/([^/]+)", HandleDirectoryBlock)
		server.Get("/v1/directory-block-height/?", HandleDirectoryBlockHeight)
		server.Get("/v1/entry-block-by-keymr/([^/]+)", HandleEntryBlock)
		server.Get("/v1/entry-by-hash/([^/]+)", HandleEntry)
		server.Get("/v1/chain-head/([^/]+)", HandleChainHead)
		server.Get("/v1/entry-credit-balance/([^/]+)", HandleEntryCreditBalance)
		server.Get("/v1/factoid-balance/([^/]+)", HandleFactoidBalance)
		server.Get("/v1/factoid-get-fee/", HandleGetFee)
		server.Get("/v1/properties/", HandleProperties)
		server.Get("/v1/heights/", HandleHeights)

		server.Post("/v2", HandleV2)
		server.Get("/v2", HandleV2)

		tlsIsEnabled, tlsPrivate, tlsPublic := state.GetTlsInfo()
		if tlsIsEnabled {
			log.Print("Starting encrypted API server")
			if !fileExists(tlsPrivate) && !fileExists(tlsPublic) {
				err := genCertPair(tlsPublic, tlsPrivate, state.GetFactomdLocations())
				if err != nil {
					panic(fmt.Sprintf("could not start encrypted API server with error: %v", err))
				}
			}
			keypair, err := tls.LoadX509KeyPair(tlsPublic, tlsPrivate)
			if err != nil {
				panic(fmt.Sprintf("could not create TLS keypair with error: %v", err))
			}
			tlsConfig := &tls.Config{
				Certificates: []tls.Certificate{keypair},
				MinVersion:   tls.VersionTLS12,
			}
			go server.RunTLS(fmt.Sprintf(":%d", state.GetPort()), tlsConfig)

		} else {
			log.Print("Starting API server")
			go server.Run(fmt.Sprintf(":%d", state.GetPort()))
		}
	}
}