cli option to disable SS HTTP API

2017-07-27 13:29:09 +03:00 · 2017-07-27 13:29:09 +03:00 · 7c05a906d0
parent c466def1e8
commit 7c05a906d0
10 changed files with 40 additions and 20 deletions
--- a/parity/cli/config.full.toml
+++ b/parity/cli/config.full.toml
@ -76,8 +76,9 @@ path = "$HOME/.parity/dapps"
 user = "test_user"
 pass = "test_pass"
-[secretstore]
+[secretstore]	
 disable = false
 disable_http = false
 nodes = []
 http_interface = "local"
 http_port = 8082
--- a/parity/cli/mod.rs
+++ b/parity/cli/mod.rs
@ -216,6 +216,8 @@ usage! {
 		// Secret Store
 		flag_no_secretstore: bool = false,
 			or |c: &Config| otry!(c.secretstore).disable.clone(),
 		flag_no_secretstore_http: bool = false,
 			or |c: &Config| otry!(c.secretstore).disable_http.clone(),
 		flag_secretstore_secret: Option<String> = None,
 			or |c: &Config| otry!(c.secretstore).self_secret.clone().map(Some),
 		flag_secretstore_nodes: String = "",
@ -510,6 +512,7 @@ struct Dapps {
 #[derive(Default, Debug, PartialEq, Deserialize)]
 struct SecretStore {
 	disable: Option<bool>,
 	disable_http: Option<bool>,
 	self_secret: Option<String>,
 	nodes: Option<Vec<String>>,
 	interface: Option<String>,
@ -779,6 +782,7 @@ mod tests {
 			flag_no_dapps: false,
 			flag_no_secretstore: false,
 			flag_no_secretstore_http: false,
 			flag_secretstore_secret: None,
 			flag_secretstore_nodes: "".into(),
 			flag_secretstore_interface: "local".into(),
@ -1009,6 +1013,7 @@ mod tests {
 			}),
 			secretstore: Some(SecretStore {
 				disable: None,
 				disable_http: None,
 				self_secret: None,
 				nodes: None,
 				interface: None,
--- a/parity/cli/usage.txt
+++ b/parity/cli/usage.txt
@ -228,6 +228,7 @@ API and Console Options:
 Secret Store Options:
  --no-secretstore                 Disable Secret Store functionality. (default: {flag_no_secretstore})
  --no-secretstore-http            Disable Secret Store HTTP API. (default: {flag_no_secretstore_http})
  --secretstore-secret SECRET      Hex-encoded secret key of this node.
                                   (required, default: {flag_secretstore_secret:?}).
  --secretstore-nodes NODES        Comma-separated list of other secret store cluster nodes in form
--- a/parity/configuration.rs
+++ b/parity/configuration.rs
@ -586,6 +586,7 @@ impl Configuration {
 	fn secretstore_config(&self) -> Result<SecretStoreConfiguration, String> {
 		Ok(SecretStoreConfiguration {
 			enabled: self.secretstore_enabled(),
 			http_enabled: self.secretstore_http_enabled(),
 			self_secret: self.secretstore_self_secret()?,
 			nodes: self.secretstore_nodes()?,
 			interface: self.secretstore_interface(),
@ -1050,6 +1051,10 @@ impl Configuration {
 		!self.args.flag_no_secretstore && cfg!(feature = "secretstore")
 	}
 	fn secretstore_http_enabled(&self) -> bool {
 		!self.args.flag_no_secretstore_http && cfg!(feature = "secretstore")
 	}
 	fn ui_enabled(&self) -> bool {
 		if self.args.flag_force_ui {
 			return true;
@ -1331,6 +1336,7 @@ mod tests {
 			no_persistent_txqueue: false,
 		};
 		expected.secretstore_conf.enabled = cfg!(feature = "secretstore");
 		expected.secretstore_conf.http_enabled = cfg!(feature = "secretstore");
 		assert_eq!(conf.into_command().unwrap().cmd, Cmd::Run(expected));
 	}
--- a/parity/secretstore.rs
+++ b/parity/secretstore.rs
@ -37,6 +37,8 @@ pub enum NodeSecretKey {
 pub struct Configuration {
 	/// Is secret store functionality enabled?
 	pub enabled: bool,
 	/// Is HTTP API enabled?
 	pub http_enabled: bool,
 	/// This node secret.
 	pub self_secret: Option<NodeSecretKey>,
 	/// Other nodes IDs + addresses.
@ -119,10 +121,10 @@ mod server {
 			let key_server_name = format!("{}:{}", conf.interface, conf.port);
 			let mut cconf = ethcore_secretstore::ServiceConfiguration {
-				listener_address: ethcore_secretstore::NodeAddress {
+				listener_address: if conf.http_enabled { Some(ethcore_secretstore::NodeAddress {
 					address: conf.http_interface.clone(),
 					port: conf.http_port,
-				},
+				}) } else { None },
 				data_path: conf.data_path.clone(),
 				cluster_config: ethcore_secretstore::ClusterConfiguration {
 					threads: 4,
@ -157,6 +159,7 @@ impl Default for Configuration {
 		let data_dir = default_data_path();
 		Configuration {
 			enabled: true,
 			http_enabled: true,
 			self_secret: None,
 			nodes: BTreeMap::new(),
 			interface: "127.0.0.1".to_owned(),
--- a/secret_store/src/http_listener.rs
+++ b/secret_store/src/http_listener.rs
@ -39,7 +39,7 @@ use types::all::{Error, Public, MessageHash, EncryptedMessageSignature, NodeAddr
 /// To sign message with server key:				GET			/{server_key_id}/{signature}/{message_hash}
 pub struct KeyServerHttpListener<T: KeyServer + 'static> {
-	_http_server: HttpListening,
+	http_server: Option<HttpListening>,
 	handler: Arc<KeyServerSharedHttpHandler<T>>,
 }
@ -74,19 +74,26 @@ struct KeyServerSharedHttpHandler<T: KeyServer + 'static> {
 impl<T> KeyServerHttpListener<T> where T: KeyServer + 'static {
 	/// Start KeyServer http listener
-	pub fn start(listener_address: &NodeAddress, key_server: T) -> Result<Self, Error> {
+	pub fn start(listener_address: Option<NodeAddress>, key_server: T) -> Result<Self, Error> {
 		let shared_handler = Arc::new(KeyServerSharedHttpHandler {
 			key_server: key_server,
 		});
-		let handler = KeyServerHttpHandler {
+		/*let handler = KeyServerHttpHandler {
 			handler: shared_handler.clone(),
-		};
+		};*/
-		let listener_addr: &str = &format!("{}:{}", listener_address.address, listener_address.port);
+		let http_server = listener_address
 			.map(|listener_address| format!("{}:{}", listener_address.address, listener_address.port))
 			.map(|listener_address| HttpServer::http(&listener_address).expect("cannot start HttpServer"))
 			.map(|http_server| http_server.handle(KeyServerHttpHandler {
 				handler: shared_handler.clone(),
 			}).expect("cannot start HttpServer"));
 		/*let listener_addr: &str = &format!("{}:{}", listener_address.address, listener_address.port);
 		let http_server = HttpServer::http(&listener_addr).expect("cannot start HttpServer");
-		let http_server = http_server.handle(handler).expect("cannot start HttpServer");
+		let http_server = http_server.handle(handler).expect("cannot start HttpServer");*/
 		let listener = KeyServerHttpListener {
-			_http_server: http_server,
+			http_server: http_server,
 			handler: shared_handler,
 		};
 		Ok(listener)
@ -128,7 +135,7 @@ impl <T> MessageSigner for KeyServerHttpListener<T> where T: KeyServer + 'static
 impl<T> Drop for KeyServerHttpListener<T> where T: KeyServer + 'static {
 	fn drop(&mut self) {
 		// ignore error as we are dropping anyway
-		let _ = self._http_server.close();
+		self.http_server.take().map(|mut s| { let _ = s.close(); });
 	}
 }
@ -318,7 +325,7 @@ mod tests {
 	fn http_listener_successfully_drops() {
 		let key_server = DummyKeyServer;
 		let address = NodeAddress { address: "127.0.0.1".into(), port: 9000 };
-		let listener = KeyServerHttpListener::start(&address, key_server).unwrap();
+		let listener = KeyServerHttpListener::start(Some(address), key_server).unwrap();
 		drop(listener);
 	}
--- a/secret_store/src/key_server_cluster/generation_session.rs
+++ b/secret_store/src/key_server_cluster/generation_session.rs
@ -1104,7 +1104,7 @@ pub mod tests {
 			secret1: math::generate_random_scalar().unwrap().into(),
 			secret2: math::generate_random_scalar().unwrap().into(),
 			publics: vec![math::generate_random_point().unwrap().into()],
-		}).unwrap_err(), Error::InvalidStateForRequest);
+		}).unwrap_err(), Error::TooEarlyForRequest);
 	}
 	#[test]
--- a/secret_store/src/key_storage.rs
+++ b/secret_store/src/key_storage.rs
@ -234,10 +234,7 @@ pub mod tests {
 	fn persistent_key_storage() {
 		let path = RandomTempPath::create_dir();
 		let config = ServiceConfiguration {
-			listener_address: NodeAddress {
+			listener_address: None,
 				address: "0.0.0.0".to_owned(),
 				port: 8082,
 			},
 			data_path: path.as_str().to_owned(),
 			cluster_config: ClusterConfiguration {
 				threads: 1,
--- a/secret_store/src/lib.rs
+++ b/secret_store/src/lib.rs
@ -77,6 +77,6 @@ pub fn start(client: Arc<Client>, self_key_pair: Arc<NodeKeyPair>, config: Servi
 	let key_server_set = key_server_set::OnChainKeyServerSet::new(&client, config.cluster_config.nodes.clone())?;
 	let key_storage = Arc::new(key_storage::PersistentKeyStorage::new(&config)?);
 	let key_server = key_server::KeyServerImpl::new(&config.cluster_config, key_server_set, self_key_pair, acl_storage, key_storage)?;
-	let listener = http_listener::KeyServerHttpListener::start(&config.listener_address, key_server)?;
+	let listener = http_listener::KeyServerHttpListener::start(config.listener_address, key_server)?;
 	Ok(Box::new(listener))
 }
--- a/secret_store/src/types/all.rs
+++ b/secret_store/src/types/all.rs
@ -69,8 +69,8 @@ pub struct NodeAddress {
 #[binary]
 /// Secret store configuration
 pub struct ServiceConfiguration {
-	/// HTTP listener address.
+	/// HTTP listener address. If None, HTTP API is disabled.
-	pub listener_address: NodeAddress,
+	pub listener_address: Option<NodeAddress>,
 	/// Data directory path for secret store
 	pub data_path: String,
 	/// Cluster configuration.