jsonrpc security, cors headers, fixed #359

This commit is contained in:
debris 2016-02-22 13:41:38 +01:00
parent 38ccc24577
commit 90184658a7
4 changed files with 15 additions and 12 deletions

5
Cargo.lock generated
View File

@ -206,7 +206,7 @@ dependencies = [
"ethcore-util 0.9.99",
"ethsync 0.9.99",
"jsonrpc-core 1.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
"jsonrpc-http-server 1.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"jsonrpc-http-server 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.3.18 (registry+https://github.com/rust-lang/crates.io-index)",
"serde 0.6.14 (registry+https://github.com/rust-lang/crates.io-index)",
"serde_codegen 0.6.14 (registry+https://github.com/rust-lang/crates.io-index)",
@ -373,11 +373,12 @@ dependencies = [
[[package]]
name = "jsonrpc-http-server"
version = "1.1.2"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"hyper 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
"jsonrpc-core 1.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
"unicase 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]

View File

@ -52,7 +52,7 @@ use ethsync::EthSync;
use docopt::Docopt;
use daemonize::Daemonize;
const USAGE: &'static str = "
const USAGE: &'static str = r#"
Parity. Ethereum Client.
By Wood/Paronyan/Kotewicz/Drwięga/Volf.
Copyright 2015, 2016 Ethcore (UK) Limited
@ -81,11 +81,12 @@ Options:
-j --jsonrpc Enable the JSON-RPC API sever.
--jsonrpc-url URL Specify URL for JSON-RPC API server [default: 127.0.0.1:8545].
--jsonrpc-cors URL Specify CORS header for JSON-RPC API responses [default: null].
-l --logging LOGGING Specify the logging level.
-v --version Show information about version.
-h --help Show this screen.
";
"#;
#[derive(Debug, RustcDecodable)]
struct Args {
@ -107,6 +108,7 @@ struct Args {
flag_cache_max_size: usize,
flag_jsonrpc: bool,
flag_jsonrpc_url: String,
flag_jsonrpc_cors: String,
flag_logging: Option<String>,
flag_version: bool,
}
@ -127,7 +129,7 @@ fn setup_log(init: &Option<String>) {
}
#[cfg(feature = "rpc")]
fn setup_rpc_server(client: Arc<Client>, sync: Arc<EthSync>, url: &str) {
fn setup_rpc_server(client: Arc<Client>, sync: Arc<EthSync>, url: &str, cors_domain: &str) {
use rpc::v1::*;
let mut server = rpc::HttpServer::new(1);
@ -135,7 +137,7 @@ fn setup_rpc_server(client: Arc<Client>, sync: Arc<EthSync>, url: &str) {
server.add_delegate(EthClient::new(client.clone(), sync.clone()).to_delegate());
server.add_delegate(EthFilterClient::new(client).to_delegate());
server.add_delegate(NetClient::new(sync).to_delegate());
server.start_async(url);
server.start_async(url, cors_domain);
}
#[cfg(not(feature = "rpc"))]
@ -279,7 +281,7 @@ impl Configuration {
// Setup rpc
if self.args.flag_jsonrpc {
setup_rpc_server(service.client(), sync.clone(), &self.args.flag_jsonrpc_url);
setup_rpc_server(service.client(), sync.clone(), &self.args.flag_jsonrpc_url, &self.args.flag_jsonrpc_cors);
}
// Register IO handler

View File

@ -12,7 +12,7 @@ build = "build.rs"
serde = "0.6.7"
serde_json = "0.6.0"
jsonrpc-core = "1.1"
jsonrpc-http-server = "1.1"
jsonrpc-http-server = "2.0"
ethcore-util = { path = "../util" }
ethcore = { path = "../ethcore" }
ethsync = { path = "../sync" }

View File

@ -23,8 +23,8 @@ impl HttpServer {
}
/// Start server asynchronously in new thread
pub fn start_async(self, addr: &str) {
pub fn start_async(self, addr: &str, cors_domain: &str) {
let server = jsonrpc_http_server::Server::new(self.handler, self.threads);
server.start_async(addr)
server.start_async(addr, jsonrpc_http_server::AccessControlAllowOrigin::Value(cors_domain.to_owned()))
}
}