epee: optionally restrict HTTP service to a configurable user agent

This is intended to catch traffic coming from a web browser, so we avoid issues with a web page sending a transfer RPC to the wallet. Requiring a particular user agent can act as a simple password scheme, while we wait for 0MQ and proper authentication to be merged.
2025-07-24 16:35:22 -04:00 · 2016-09-07 21:38:41 +01:00 · 2016-09-07 21:38:41 +01:00 · eeb2bbc0fc
commit eeb2bbc0fc
parent 68e6678ab7
19 changed files with 60 additions and 18 deletions
--- a/src/daemon/command_parser_executor.cpp
+++ b/src/daemon/command_parser_executor.cpp
@ -34,10 +34,11 @@ namespace daemonize {
 t_command_parser_executor::t_command_parser_executor(
    uint32_t ip
  , uint16_t port
+  , const std::string &user_agent
  , bool is_rpc
  , cryptonote::core_rpc_server* rpc_server
  )
-  : m_executor(ip, port, is_rpc, rpc_server)
+  : m_executor(ip, port, user_agent, is_rpc, rpc_server)
 {}

 bool t_command_parser_executor::print_peer_list(const std::vector<std::string>& args)
--- a/src/daemon/command_parser_executor.h
+++ b/src/daemon/command_parser_executor.h
@ -49,6 +49,7 @@ public:
  t_command_parser_executor(
      uint32_t ip
    , uint16_t port
+    , const std::string &user_agent
    , bool is_rpc
    , cryptonote::core_rpc_server* rpc_server = NULL
    );
--- a/src/daemon/command_server.cpp
+++ b/src/daemon/command_server.cpp
@ -37,10 +37,11 @@ namespace p = std::placeholders;
 t_command_server::t_command_server(
    uint32_t ip
  , uint16_t port
+  , const std::string &user_agent
  , bool is_rpc
  , cryptonote::core_rpc_server* rpc_server
  )
-  : m_parser(ip, port, is_rpc, rpc_server)
+  : m_parser(ip, port, user_agent, is_rpc, rpc_server)
  , m_command_lookup()
  , m_is_rpc(is_rpc)
 {
--- a/src/daemon/command_server.h
+++ b/src/daemon/command_server.h
@ -54,6 +54,7 @@ public:
  t_command_server(
      uint32_t ip
    , uint16_t port
+    , const std::string &user_agent
    , bool is_rpc = true
    , cryptonote::core_rpc_server* rpc_server = NULL
    );
--- a/src/daemon/daemon.cpp
+++ b/src/daemon/daemon.cpp
@ -124,7 +124,7 @@ bool t_daemon::run(bool interactive)

    if (interactive)
    {
-      rpc_commands = new daemonize::t_command_server(0, 0, false, mp_internals->rpc.get_server());
+      rpc_commands = new daemonize::t_command_server(0, 0, "", false, mp_internals->rpc.get_server());
      rpc_commands->start_handling(std::bind(&daemonize::t_daemon::stop_p2p, this));
    }

--- a/src/daemon/main.cpp
+++ b/src/daemon/main.cpp
@ -208,6 +208,7 @@ int main(int argc, char const * argv[])
        {
          rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_testnet_rpc_bind_port);
        }
+        auto user_agent = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_user_agent);

        uint32_t rpc_ip;
        uint16_t rpc_port;
@ -222,7 +223,7 @@ int main(int argc, char const * argv[])
          return 1;
        }

-        daemonize::t_command_server rpc_commands{rpc_ip, rpc_port};
+        daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, user_agent};
        if (rpc_commands.process_command_vec(command))
        {
          return 0;
--- a/src/daemon/rpc_command_executor.cpp
+++ b/src/daemon/rpc_command_executor.cpp
@ -92,6 +92,7 @@ namespace {
 t_rpc_command_executor::t_rpc_command_executor(
    uint32_t ip
  , uint16_t port
+  , const std::string &user_agent
  , bool is_rpc
  , cryptonote::core_rpc_server* rpc_server
  )
--- a/src/daemon/rpc_command_executor.h
+++ b/src/daemon/rpc_command_executor.h
@ -57,6 +57,7 @@ public:
  t_rpc_command_executor(
      uint32_t ip
    , uint16_t port
+    , const std::string &user_agent
    , bool is_rpc = true
    , cryptonote::core_rpc_server* rpc_server = NULL
    );