From 3502b36232aa1748f633aaccba8ef0a0efb1d297 Mon Sep 17 00:00:00 2001 From: Axel Chalon Date: Fri, 8 Feb 2019 14:11:55 +0100 Subject: [PATCH] Secure WS-RPC: grant access to all apis (#10246) --- parity/rpc.rs | 2 +- parity/rpc_apis.rs | 41 +---------------------------------------- 2 files changed, 2 insertions(+), 41 deletions(-) diff --git a/parity/rpc.rs b/parity/rpc.rs index 57bb58477..b07ca3f3e 100644 --- a/parity/rpc.rs +++ b/parity/rpc.rs @@ -151,7 +151,7 @@ pub fn new_ws( let url = format!("{}:{}", conf.interface, conf.port); let addr = url.parse().map_err(|_| format!("Invalid WebSockets listen host/port given: {}", url))?; - let full_handler = setup_apis(rpc_apis::ApiSet::SafeContext, deps); + let full_handler = setup_apis(rpc_apis::ApiSet::All, deps); let handler = { let mut handler = MetaIoHandler::with_middleware(( rpc::WsDispatcher::new(full_handler), diff --git a/parity/rpc_apis.rs b/parity/rpc_apis.rs index 951a4dec4..4413e6a77 100644 --- a/parity/rpc_apis.rs +++ b/parity/rpc_apis.rs @@ -113,11 +113,9 @@ impl FromStr for Api { #[derive(Debug, Clone)] pub enum ApiSet { - // Safe context (like token-protected WS interface) - SafeContext, // Unsafe context (like jsonrpc over http) UnsafeContext, - // All possible APIs + // All possible APIs (safe context like token-protected WS interface) All, // Local "unsafe" context and accounts access IpcContext, @@ -723,16 +721,6 @@ impl ApiSet { public_list.insert(Api::ParityAccounts); public_list } - ApiSet::SafeContext => { - public_list.insert(Api::Debug); - public_list.insert(Api::Traces); - public_list.insert(Api::ParityPubSub); - public_list.insert(Api::ParityAccounts); - public_list.insert(Api::ParitySet); - public_list.insert(Api::Signer); - public_list.insert(Api::SecretStore); - public_list - } ApiSet::All => { public_list.insert(Api::Debug); public_list.insert(Api::Traces); @@ -838,33 +826,6 @@ mod test { assert_eq!(ApiSet::IpcContext.list_apis(), expected); } - #[test] - fn test_api_set_safe_context() { - let expected = vec![ - // safe - Api::Web3, - Api::Net, - Api::Eth, - Api::EthPubSub, - Api::Parity, - Api::ParityPubSub, - Api::Traces, - Api::Rpc, - Api::SecretStore, - Api::Whisper, - Api::WhisperPubSub, - Api::Private, - // semi-safe - Api::ParityAccounts, - // Unsafe - Api::ParitySet, - Api::Signer, - Api::Debug, - ].into_iter() - .collect(); - assert_eq!(ApiSet::SafeContext.list_apis(), expected); - } - #[test] fn test_all_apis() { assert_eq!(