diff --git a/client/lib.go b/client/lib.go
index 85084f5ae440cadddfcb3699944327339d81ad9f..a3d7a3c0eac872b2c11e561b5a56f88ba9f74f2d 100644
--- a/client/lib.go
+++ b/client/lib.go
@@ -1,4 +1,4 @@
-// Implements a very simple wrapper for GoShimmer's HTTP API .
+// Implements a very simple wrapper for GoShimmer's web API .
package goshimmer
import (
@@ -6,16 +6,18 @@ import (
"encoding/json"
"errors"
"fmt"
+ "io"
"io/ioutil"
"net/http"
webapi_broadcastData "github.com/iotaledger/goshimmer/plugins/webapi/broadcastData"
- webapi_findTransactions "github.com/iotaledger/goshimmer/plugins/webapi/findTransactionHashes"
+ webapi_findTransactionHashes "github.com/iotaledger/goshimmer/plugins/webapi/findTransactionHashes"
webapi_getNeighbors "github.com/iotaledger/goshimmer/plugins/webapi/getNeighbors"
- webapi_getTransactions "github.com/iotaledger/goshimmer/plugins/webapi/getTransactionObjectsByHash"
- webapi_getTrytes "github.com/iotaledger/goshimmer/plugins/webapi/getTransactionTrytesByHash"
+ webapi_getTransactionObjectsByHash "github.com/iotaledger/goshimmer/plugins/webapi/getTransactionObjectsByHash"
+ webapi_getTransactionTrytesByHash "github.com/iotaledger/goshimmer/plugins/webapi/getTransactionTrytesByHash"
webapi_gtta "github.com/iotaledger/goshimmer/plugins/webapi/gtta"
webapi_spammer "github.com/iotaledger/goshimmer/plugins/webapi/spammer"
+ webapi_auth "github.com/iotaledger/goshimmer/plugins/webauth"
"github.com/iotaledger/iota.go/consts"
"github.com/iotaledger/iota.go/guards"
"github.com/iotaledger/iota.go/trinary"
@@ -25,17 +27,19 @@ var (
ErrBadRequest = errors.New("bad request")
ErrInternalServerError = errors.New("internal server error")
ErrNotFound = errors.New("not found")
+ ErrUnauthorized = errors.New("unauthorized")
ErrUnknownError = errors.New("unknown error")
)
const (
- routeBroadcastData = "broadcastData"
- routeGetTrytes = "getTransactionTrytesByHash"
- routeGetTransactions = "getTransactionObjectsByHash"
- routeFindTransactions = "findTransactionHashes"
- routeGetNeighbors = "getNeighbors"
- routeGetTransactionsToApprove = "getTransactionsToApprove"
- routeSpammer = "spammer"
+ routeBroadcastData = "broadcastData"
+ routeGetTransactionTrytesByHash = "getTransactionTrytesByHash"
+ routeGetTransactionObjectsByHash = "getTransactionObjectsByHash"
+ routeFindTransactionsHashes = "findTransactionHashes"
+ routeGetNeighbors = "getNeighbors"
+ routeGetTransactionsToApprove = "getTransactionsToApprove"
+ routeSpammer = "spammer"
+ routeLogin = "login"
contentTypeJSON = "application/json"
)
@@ -47,9 +51,11 @@ func NewGoShimmerAPI(node string, httpClient ...http.Client) *GoShimmerAPI {
return &GoShimmerAPI{node: node}
}
+// GoShimmerAPI is an API wrapper over the web API of GoShimmer.
type GoShimmerAPI struct {
httpClient http.Client
node string
+ jwt string
}
type errorresponse struct {
@@ -79,34 +85,85 @@ func interpretBody(res *http.Response, decodeTo interface{}) error {
return fmt.Errorf("%w: %s", ErrNotFound, errRes.Error)
case http.StatusBadRequest:
return fmt.Errorf("%w: %s", ErrBadRequest, errRes.Error)
+ case http.StatusUnauthorized:
+ return fmt.Errorf("%w: %s", ErrUnauthorized, errRes.Error)
}
return fmt.Errorf("%w: %s", ErrUnknownError, errRes.Error)
}
-func (api *GoShimmerAPI) BroadcastData(targetAddress trinary.Trytes, data string) (trinary.Hash, error) {
- if !guards.IsHash(targetAddress) {
- return "", fmt.Errorf("%w: invalid address: %s", consts.ErrInvalidHash, targetAddress)
+func (api *GoShimmerAPI) do(method string, route string, reqObj interface{}, resObj interface{}) error {
+ // marshal request object
+ var data []byte
+ if reqObj != nil {
+ var err error
+ data, err = json.Marshal(reqObj)
+ if err != nil {
+ return err
+ }
}
- reqBytes, err := json.Marshal(&webapi_broadcastData.Request{Address: targetAddress, Data: data})
+ // construct request
+ req, err := http.NewRequest(method, fmt.Sprintf("%s/%s", api.node, route), func() io.Reader {
+ if data == nil {
+ return nil
+ }
+ return bytes.NewReader(data)
+ }())
if err != nil {
- return "", err
+ return err
+ }
+
+ // add authorization header with JWT
+ if len(api.jwt) > 0 {
+ req.Header.Set("Authorization", fmt.Sprintf("bearer %s", api.jwt))
}
- res, err := api.httpClient.Post(fmt.Sprintf("%s/%s", api.node, routeBroadcastData), contentTypeJSON, bytes.NewReader(reqBytes))
+ // make the request
+ res, err := api.httpClient.Do(req)
if err != nil {
- return "", err
+ return err
}
- resObj := &webapi_broadcastData.Response{}
+ if resObj == nil {
+ return nil
+ }
+
+ // write response into response object
if err := interpretBody(res, resObj); err != nil {
+ return err
+ }
+ return nil
+}
+
+// Login authorizes this API instance against the web API.
+// You must call this function before any before any other call, if the web-auth plugin is enabled.
+func (api *GoShimmerAPI) Login(username string, password string) error {
+ res := &webapi_auth.Response{}
+ if err := api.do(http.MethodPost, routeLogin,
+ &webapi_auth.Request{Username: username, Password: password}, res); err != nil {
+ return err
+ }
+ api.jwt = res.Token
+ return nil
+}
+
+// BroadcastData sends the given data by creating a zero value transaction in the backend targeting the given address.
+func (api *GoShimmerAPI) BroadcastData(targetAddress trinary.Trytes, data string) (trinary.Hash, error) {
+ if !guards.IsHash(targetAddress) {
+ return "", fmt.Errorf("%w: invalid address: %s", consts.ErrInvalidHash, targetAddress)
+ }
+
+ res := &webapi_broadcastData.Response{}
+ if err := api.do(http.MethodPost, routeBroadcastData,
+ &webapi_broadcastData.Request{Address: targetAddress, Data: data}, res); err != nil {
return "", err
}
- return resObj.Hash, nil
+ return res.Hash, nil
}
+// GetTransactionTrytesByHash gets the corresponding transaction trytes given the transaction hashes.
func (api *GoShimmerAPI) GetTransactionTrytesByHash(txHashes trinary.Hashes) ([]trinary.Trytes, error) {
for _, hash := range txHashes {
if !guards.IsTrytes(hash) {
@@ -114,117 +171,82 @@ func (api *GoShimmerAPI) GetTransactionTrytesByHash(txHashes trinary.Hashes) ([]
}
}
- reqBytes, err := json.Marshal(&webapi_getTrytes.Request{Hashes: txHashes})
- if err != nil {
+ res := &webapi_getTransactionTrytesByHash.Response{}
+ if err := api.do(http.MethodPost, routeGetTransactionTrytesByHash,
+ &webapi_getTransactionTrytesByHash.Request{Hashes: txHashes}, res); err != nil {
return nil, err
}
- res, err := api.httpClient.Post(fmt.Sprintf("%s/%s", api.node, routeGetTrytes), contentTypeJSON, bytes.NewReader(reqBytes))
- if err != nil {
- return nil, err
- }
-
- resObj := &webapi_getTrytes.Response{}
- if err := interpretBody(res, resObj); err != nil {
- return nil, err
- }
-
- return resObj.Trytes, nil
+ return res.Trytes, nil
}
-func (api *GoShimmerAPI) GetTransactionObjectsByHash(txHashes trinary.Hashes) ([]webapi_getTransactions.Transaction, error) {
+// GetTransactionObjectsByHash gets the transaction objects given the transaction hashes.
+func (api *GoShimmerAPI) GetTransactionObjectsByHash(txHashes trinary.Hashes) ([]webapi_getTransactionObjectsByHash.Transaction, error) {
for _, hash := range txHashes {
if !guards.IsTrytes(hash) {
return nil, fmt.Errorf("%w: invalid hash: %s", consts.ErrInvalidHash, hash)
}
}
- reqBytes, err := json.Marshal(&webapi_getTransactions.Request{Hashes: txHashes})
- if err != nil {
- return nil, err
- }
-
- res, err := api.httpClient.Post(fmt.Sprintf("%s/%s", api.node, routeGetTransactions), contentTypeJSON, bytes.NewReader(reqBytes))
- if err != nil {
+ res := &webapi_getTransactionObjectsByHash.Response{}
+ if err := api.do(http.MethodPost, routeGetTransactionObjectsByHash,
+ &webapi_getTransactionObjectsByHash.Request{Hashes: txHashes}, res); err != nil {
return nil, err
}
- resObj := &webapi_getTransactions.Response{}
- if err := interpretBody(res, resObj); err != nil {
- return nil, err
- }
-
- return resObj.Transactions, nil
+ return res.Transactions, nil
}
-func (api *GoShimmerAPI) FindTransactionHashes(query *webapi_findTransactions.Request) ([]trinary.Hashes, error) {
+// FindTransactionHashes finds the given transaction hashes given the query.
+func (api *GoShimmerAPI) FindTransactionHashes(query *webapi_findTransactionHashes.Request) ([]trinary.Hashes, error) {
for _, hash := range query.Addresses {
if !guards.IsTrytes(hash) {
return nil, fmt.Errorf("%w: invalid hash: %s", consts.ErrInvalidHash, hash)
}
}
- reqBytes, err := json.Marshal(&query)
- if err != nil {
+ res := &webapi_findTransactionHashes.Response{}
+ if err := api.do(http.MethodPost, routeFindTransactionsHashes, query, res); err != nil {
return nil, err
}
- res, err := api.httpClient.Post(fmt.Sprintf("%s/%s", api.node, routeFindTransactions), contentTypeJSON, bytes.NewReader(reqBytes))
- if err != nil {
- return nil, err
- }
-
- resObj := &webapi_findTransactions.Response{}
- if err := interpretBody(res, resObj); err != nil {
- return nil, err
- }
-
- return resObj.Transactions, nil
+ return res.Transactions, nil
}
-func (api *GoShimmerAPI) GetNeighbors() (*webapi_getNeighbors.Response, error) {
- res, err := api.httpClient.Get(fmt.Sprintf("%s/%s", api.node, routeGetNeighbors))
- if err != nil {
- return nil, err
- }
-
- resObj := &webapi_getNeighbors.Response{}
- if err := interpretBody(res, resObj); err != nil {
+// GetNeighbors gets the chosen/accepted neighbors.
+// If knownPeers is set, also all known peers to the node are returned additionally.
+func (api *GoShimmerAPI) GetNeighbors(knownPeers bool) (*webapi_getNeighbors.Response, error) {
+ res := &webapi_getNeighbors.Response{}
+ if err := api.do(http.MethodGet, func() string {
+ if !knownPeers {
+ return routeGetNeighbors
+ }
+ return fmt.Sprintf("%s?known=1", routeGetNeighbors)
+ }(), nil, res); err != nil {
return nil, err
}
-
- return resObj, nil
+ return res, nil
}
-func (api *GoShimmerAPI) GetTips() (*webapi_gtta.Response, error) {
- res, err := api.httpClient.Get(fmt.Sprintf("%s/%s", api.node, routeGetTransactionsToApprove))
- if err != nil {
+// GetTips executes the tip-selection on the node to retrieve tips to approve.
+func (api *GoShimmerAPI) GetTransactionsToApprove() (*webapi_gtta.Response, error) {
+ res := &webapi_gtta.Response{}
+ if err := api.do(http.MethodGet, routeGetTransactionsToApprove, nil, res); err != nil {
return nil, err
}
-
- resObj := &webapi_gtta.Response{}
- if err := interpretBody(res, resObj); err != nil {
- return nil, err
- }
-
- return resObj, nil
+ return res, nil
}
+// ToggleSpammer toggles the node internal spammer.
func (api *GoShimmerAPI) ToggleSpammer(enable bool) (*webapi_spammer.Response, error) {
- res, err := api.httpClient.Get(fmt.Sprintf("%s/%s?cmd=%s", api.node, routeSpammer, func() string {
+ res := &webapi_spammer.Response{}
+ if err := api.do(http.MethodGet, func() string {
if enable {
- return "start"
+ return fmt.Sprintf("%s?cmd=start", routeSpammer)
}
- return "stop"
- }()))
- if err != nil {
- return nil, err
- }
-
- resObj := &webapi_spammer.Response{}
- if err := interpretBody(res, resObj); err != nil {
+ return fmt.Sprintf("%s?cmd=stop", routeSpammer)
+ }(), nil, res); err != nil {
return nil, err
}
-
- return resObj, nil
+ return res, nil
}
diff --git a/main.go b/main.go
index 319811df54bfd58cf595f9673cf8d838ff403157..c3f4249478f7fcb1c247f41fe0ebe9a87bab43c3 100644
--- a/main.go
+++ b/main.go
@@ -26,7 +26,7 @@ import (
webapi_getTransactionTrytesByHash "github.com/iotaledger/goshimmer/plugins/webapi/getTransactionTrytesByHash"
webapi_gtta "github.com/iotaledger/goshimmer/plugins/webapi/gtta"
webapi_spammer "github.com/iotaledger/goshimmer/plugins/webapi/spammer"
- "github.com/iotaledger/goshimmer/plugins/webauth"
+ webapi_auth "github.com/iotaledger/goshimmer/plugins/webauth"
"github.com/iotaledger/goshimmer/plugins/zeromq"
"github.com/iotaledger/hive.go/node"
)
@@ -54,6 +54,7 @@ func main() {
statusscreen_tps.PLUGIN,
webapi.PLUGIN,
+ webapi_auth.PLUGIN,
webapi_gtta.PLUGIN,
webapi_spammer.PLUGIN,
webapi_broadcastData.PLUGIN,
@@ -64,7 +65,6 @@ func main() {
webapi_spammer.PLUGIN,
ui.PLUGIN,
- webauth.PLUGIN,
graph.PLUGIN,
),
diff --git a/plugins/webauth/parameters.go b/plugins/webauth/parameters.go
new file mode 100644
index 0000000000000000000000000000000000000000..2146da738ad8c6cd92b66d585e50613b8d8cc5a6
--- /dev/null
+++ b/plugins/webauth/parameters.go
@@ -0,0 +1,17 @@
+package webauth
+
+import (
+ flag "github.com/spf13/pflag"
+)
+
+const (
+ WEBAPI_AUTH_USERNAME = "webapi.auth.username"
+ WEBAPI_AUTH_PASSWORD = "webapi.auth.password"
+ WEBAPI_AUTH_PRIVATE_KEY = "webapi.auth.private_key"
+)
+
+func init() {
+ flag.String(WEBAPI_AUTH_USERNAME, "user", "username for the webapi")
+ flag.String(WEBAPI_AUTH_PASSWORD, "pass", "password for the webapi")
+ flag.String(WEBAPI_AUTH_PRIVATE_KEY, "", "private key used to sign the JWTs")
+}
diff --git a/plugins/webauth/webauth.go b/plugins/webauth/webauth.go
index aa7ba5b340e3cb0c232b97ccf0cf970fd11ab965..ed8adfd3209bcf95c346a0e610811d132a373d86 100644
--- a/plugins/webauth/webauth.go
+++ b/plugins/webauth/webauth.go
@@ -2,13 +2,11 @@ package webauth
import (
"net/http"
- "os"
"strings"
"time"
- "github.com/iotaledger/goshimmer/packages/shutdown"
+ "github.com/iotaledger/goshimmer/packages/parameter"
"github.com/iotaledger/goshimmer/plugins/webapi"
- "github.com/iotaledger/hive.go/daemon"
"github.com/iotaledger/hive.go/node"
"github.com/labstack/echo"
"github.com/labstack/echo/middleware"
@@ -16,59 +14,59 @@ import (
"github.com/dgrijalva/jwt-go"
)
-var secret = "secret"
+var PLUGIN = node.NewPlugin("WebAPI JWT Auth", node.Disabled, configure)
+
+var privateKey string
func configure(plugin *node.Plugin) {
- jwtKey := os.Getenv("JWT_KEY")
- if jwtKey != "" {
- secret = jwtKey
+ privateKey = parameter.NodeConfig.GetString(WEBAPI_AUTH_PRIVATE_KEY)
+ if len(privateKey) == 0 {
+ panic("")
}
webapi.Server.Use(middleware.JWTWithConfig(middleware.JWTConfig{
- SigningKey: []byte(secret),
- TokenLookup: "query:token",
+ SigningKey: []byte(privateKey),
Skipper: func(c echo.Context) bool {
- // if strings.HasPrefix(c.Request().Host, "localhost") {
- // return true
- // }
if strings.HasPrefix(c.Path(), "/ui") || c.Path() == "/login" {
return true
}
return false
},
}))
+
+ webapi.Server.POST("/login", Handler)
}
-func run(plugin *node.Plugin) {
- daemon.BackgroundWorker("webauth", func(shutdownSignal <-chan struct{}) {
- webapi.Server.GET("login", func(c echo.Context) error {
- username := c.FormValue("username")
- password := c.FormValue("password")
- uiUser := os.Getenv("UI_USER")
- uiPass := os.Getenv("UI_PASS")
-
- // Throws unauthorized error
- if username != uiUser || password != uiPass {
- return echo.ErrUnauthorized
- }
+type Request struct {
+ Username string `json:"username"`
+ Password string `json:"password"`
+}
- token := jwt.New(jwt.SigningMethodHS256)
- claims := token.Claims.(jwt.MapClaims)
- claims["name"] = username
- claims["exp"] = time.Now().Add(time.Hour * 24 * 7).Unix()
+type Response struct {
+ Token string `json:"token"`
+}
- t, err := token.SignedString([]byte(secret))
- if err != nil {
- return err
- }
+func Handler(c echo.Context) error {
+ login := &Request{}
+ if err := c.Bind(login); err != nil {
+ return echo.ErrBadRequest
+ }
- return c.JSON(http.StatusOK, map[string]string{
- "token": t,
- })
- })
- }, shutdown.ShutdownPriorityWebAPI)
-}
+ if login.Username != parameter.NodeConfig.GetString(WEBAPI_AUTH_USERNAME) ||
+ login.Password != parameter.NodeConfig.GetString(WEBAPI_AUTH_PASSWORD) {
+ return echo.ErrUnauthorized
+ }
+
+ token := jwt.New(jwt.SigningMethodHS256)
+ claims := token.Claims.(jwt.MapClaims)
+ claims["name"] = login.Username
+ claims["exp"] = time.Now().Add(time.Hour * 24 * 7).Unix()
-// PLUGIN plugs the UI into the main program
-var PLUGIN = node.NewPlugin("webauth", node.Disabled, configure, run)
+ t, err := token.SignedString([]byte(privateKey))
+ if err != nil {
+ return err
+ }
+
+ return c.JSON(http.StatusOK, &Response{Token: t})
+}