Backports to beta (#2068)

* Fix several RPCs (#1926) * Fix up pending receipts details. * Add support for additional params and registry over RPC. * Fix tests. * Add test, additional fix. Fixes #1932. * Fix up tests. * Fix test. * Fix test. * DB WAL size limit (#1935) * Limit WAL size * Check pruning by db modification date (#1924) * Cache address hash (#1943) * ECIES without MAC (#1948) * Use random IV for ECIES AES * ECIES encrypt/decrypt for a single message * Derive IV from shared secret * Apply settings to column families * fixed #1933 (#1979) * Fixed neighbours collection (#1996) * dapps-hosts configuration * Disabled counter check * always process trie death row on commit, add more tracing * fixed transaction addresses mapping, fixes #1971 * simplified iterator * v1.3.1 * v1.3.1
2016-09-11 14:04:17 +02:00
parent 1ccc90108c
commit 2a82fa0a47
43 changed files with 732 additions and 181 deletions
--- a/dapps/src/lib.rs
+++ b/dapps/src/lib.rs
@@ -100,14 +100,26 @@ impl ServerBuilder {

 	/// Asynchronously start server with no authentication,
 	/// returns result with `Server` handle on success or an error.
-	pub fn start_unsecure_http(&self, addr: &SocketAddr) -> Result<Server, ServerError> {
-		Server::start_http(addr, NoAuth, self.handler.clone(), self.dapps_path.clone())
+	pub fn start_unsecured_http(&self, addr: &SocketAddr, hosts: Option<Vec<String>>) -> Result<Server, ServerError> {
+		Server::start_http(
+			addr,
+			hosts,
+			NoAuth,
+			self.handler.clone(),
+			self.dapps_path.clone(),
+		)
 	}

 	/// Asynchronously start server with `HTTP Basic Authentication`,
 	/// return result with `Server` handle on success or an error.
-	pub fn start_basic_auth_http(&self, addr: &SocketAddr, username: &str, password: &str) -> Result<Server, ServerError> {
-		Server::start_http(addr, HttpBasicAuth::single_user(username, password), self.handler.clone(), self.dapps_path.clone())
+	pub fn start_basic_auth_http(&self, addr: &SocketAddr, hosts: Option<Vec<String>>, username: &str, password: &str) -> Result<Server, ServerError> {
+		Server::start_http(
+			addr,
+			hosts,
+			HttpBasicAuth::single_user(username, password),
+			self.handler.clone(),
+			self.dapps_path.clone(),
+		)
 	}
 }

@@ -118,7 +130,28 @@ pub struct Server {
 }

 impl Server {
-	fn start_http<A: Authorization + 'static>(addr: &SocketAddr, authorization: A, handler: Arc<IoHandler>, dapps_path: String) -> Result<Server, ServerError> {
+	/// Returns a list of allowed hosts or `None` if all hosts are allowed.
+	fn allowed_hosts(hosts: Option<Vec<String>>, bind_address: String) -> Option<Vec<String>> {
+		let mut allowed = Vec::new();
+
+		match hosts {
+			Some(hosts) => allowed.extend_from_slice(&hosts),
+			None => return None,
+		}
+
+		// Add localhost domain as valid too if listening on loopback interface.
+		allowed.push(bind_address.replace("127.0.0.1", "localhost").into());
+		allowed.push(bind_address.into());
+		Some(allowed)
+	}
+
+	fn start_http<A: Authorization + 'static>(
+		addr: &SocketAddr,
+		hosts: Option<Vec<String>>,
+		authorization: A,
+		handler: Arc<IoHandler>,
+		dapps_path: String,
+	) -> Result<Server, ServerError> {
 		let panic_handler = Arc::new(Mutex::new(None));
 		let authorization = Arc::new(authorization);
 		let endpoints = Arc::new(apps::all_endpoints(dapps_path));
@@ -129,7 +162,7 @@ impl Server {
 			special.insert(router::SpecialEndpoint::Utils, apps::utils());
 			special
 		});
-		let bind_address = format!("{}", addr);
+		let hosts = Self::allowed_hosts(hosts, format!("{}", addr));

 		try!(hyper::Server::http(addr))
 			.handle(move |_| router::Router::new(
@@ -137,7 +170,7 @@ impl Server {
 				endpoints.clone(),
 				special.clone(),
 				authorization.clone(),
-				bind_address.clone(),
+				hosts.clone(),
 			))
 			.map(|(l, srv)| {

@@ -182,3 +215,24 @@ impl From<hyper::error::Error> for ServerError {
 		}
 	}
 }
+
+#[cfg(test)]
+mod tests {
+	use super::Server;
+
+	#[test]
+	fn should_return_allowed_hosts() {
+		// given
+		let bind_address = "127.0.0.1".to_owned();
+
+		// when
+		let all = Server::allowed_hosts(None, bind_address.clone());
+		let address = Server::allowed_hosts(Some(Vec::new()), bind_address.clone());
+		let some = Server::allowed_hosts(Some(vec!["ethcore.io".into()]), bind_address.clone());
+
+		// then
+		assert_eq!(all, None);
+		assert_eq!(address, Some(vec!["localhost".into(), "127.0.0.1".into()]));
+		assert_eq!(some, Some(vec!["ethcore.io".into(), "localhost".into(), "127.0.0.1".into()]));
+	}
+}