Bitcoin Core 31.0.0
P2P Digital Currency
Loading...
Searching...
No Matches
httprpc.cpp
Go to the documentation of this file.
1// Copyright (c) 2015-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <httprpc.h>
6
7#include <common/args.h>
8#include <crypto/hmac_sha256.h>
9#include <httpserver.h>
10#include <logging.h>
11#include <netaddress.h>
12#include <rpc/protocol.h>
13#include <rpc/server.h>
14#include <util/fs.h>
15#include <util/fs_helpers.h>
16#include <util/strencodings.h>
17#include <util/string.h>
18#include <walletinitinterface.h>
19
20#include <algorithm>
21#include <iterator>
22#include <map>
23#include <memory>
24#include <optional>
25#include <set>
26#include <string>
27#include <vector>
28
29using util::SplitString;
30using util::TrimStringView;
31
33static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
34
35/* List of -rpcauth values */
36static std::vector<std::vector<std::string>> g_rpcauth;
37/* RPC Auth Whitelist */
38static std::map<std::string, std::set<std::string>> g_rpc_whitelist;
39static bool g_rpc_whitelist_default = false;
40
41static void JSONErrorReply(HTTPRequest* req, UniValue objError, const JSONRPCRequest& jreq)
42{
43 // Sending HTTP errors is a legacy JSON-RPC behavior.
44 Assume(jreq.m_json_version != JSONRPCVersion::V2);
45
46 // Send error reply from json-rpc error object
47 int nStatus = HTTP_INTERNAL_SERVER_ERROR;
48 int code = objError.find_value("code").getInt<int>();
49
50 if (code == RPC_INVALID_REQUEST)
51 nStatus = HTTP_BAD_REQUEST;
52 else if (code == RPC_METHOD_NOT_FOUND)
53 nStatus = HTTP_NOT_FOUND;
54
55 std::string strReply = JSONRPCReplyObj(NullUniValue, std::move(objError), jreq.id, jreq.m_json_version).write() + "\n";
56
57 req->WriteHeader("Content-Type", "application/json");
58 req->WriteReply(nStatus, strReply);
59}
60
61//This function checks username and password against -rpcauth
62//entries from config file.
63static bool CheckUserAuthorized(std::string_view user, std::string_view pass)
64{
65 for (const auto& fields : g_rpcauth) {
66 if (!TimingResistantEqual(std::string_view(fields[0]), user)) {
67 continue;
68 }
69
70 const std::string& salt = fields[1];
71 const std::string& hash = fields[2];
72
73 std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE> out;
74 CHMAC_SHA256(UCharCast(salt.data()), salt.size()).Write(UCharCast(pass.data()), pass.size()).Finalize(out.data());
75 std::string hash_from_pass = HexStr(out);
76
77 if (TimingResistantEqual(hash_from_pass, hash)) {
78 return true;
79 }
80 }
81 return false;
82}
83
84static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
85{
86 if (!strAuth.starts_with("Basic "))
87 return false;
88 std::string_view strUserPass64 = TrimStringView(std::string_view{strAuth}.substr(6));
89 auto userpass_data = DecodeBase64(strUserPass64);
90 std::string strUserPass;
91 if (!userpass_data) return false;
92 strUserPass.assign(userpass_data->begin(), userpass_data->end());
93
94 size_t colon_pos = strUserPass.find(':');
95 if (colon_pos == std::string::npos) {
96 return false; // Invalid basic auth.
97 }
98 std::string user = strUserPass.substr(0, colon_pos);
99 std::string pass = strUserPass.substr(colon_pos + 1);
100 strAuthUsernameOut = user;
101 return CheckUserAuthorized(user, pass);
102}
103
104static bool HTTPReq_JSONRPC(const std::any& context, HTTPRequest* req)
105{
106 // JSONRPC handles only POST
107 if (req->GetRequestMethod() != HTTPRequest::POST) {
108 req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests");
109 return false;
110 }
111 // Check authorization
112 std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
113 if (!authHeader.first) {
114 req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
115 req->WriteReply(HTTP_UNAUTHORIZED);
116 return false;
117 }
118
119 JSONRPCRequest jreq;
120 jreq.context = context;
121 jreq.peerAddr = req->GetPeer().ToStringAddrPort();
122 if (!RPCAuthorized(authHeader.second, jreq.authUser)) {
123 LogWarning("ThreadRPCServer incorrect password attempt from %s", jreq.peerAddr);
124
125 /* Deter brute-forcing
126 If this results in a DoS the user really
127 shouldn't have their RPC port exposed. */
128 UninterruptibleSleep(std::chrono::milliseconds{250});
129
130 req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
131 req->WriteReply(HTTP_UNAUTHORIZED);
132 return false;
133 }
134
135 try {
136 // Parse request
137 UniValue valRequest;
138 if (!valRequest.read(req->ReadBody()))
139 throw JSONRPCError(RPC_PARSE_ERROR, "Parse error");
140
141 // Set the URI
142 jreq.URI = req->GetURI();
143
144 UniValue reply;
145 bool user_has_whitelist = g_rpc_whitelist.contains(jreq.authUser);
146 if (!user_has_whitelist && g_rpc_whitelist_default) {
147 LogWarning("RPC User %s not allowed to call any methods", jreq.authUser);
148 req->WriteReply(HTTP_FORBIDDEN);
149 return false;
150
151 // singleton request
152 } else if (valRequest.isObject()) {
153 jreq.parse(valRequest);
154 if (user_has_whitelist && !g_rpc_whitelist[jreq.authUser].contains(jreq.strMethod)) {
155 LogWarning("RPC User %s not allowed to call method %s", jreq.authUser, jreq.strMethod);
156 req->WriteReply(HTTP_FORBIDDEN);
157 return false;
158 }
159
160 // Legacy 1.0/1.1 behavior is for failed requests to throw
161 // exceptions which return HTTP errors and RPC errors to the client.
162 // 2.0 behavior is to catch exceptions and return HTTP success with
163 // RPC errors, as long as there is not an actual HTTP server error.
164 const bool catch_errors{jreq.m_json_version == JSONRPCVersion::V2};
165 reply = JSONRPCExec(jreq, catch_errors);
166
167 if (jreq.IsNotification()) {
168 // Even though we do execute notifications, we do not respond to them
169 req->WriteReply(HTTP_NO_CONTENT);
170 return true;
171 }
172
173 // array of requests
174 } else if (valRequest.isArray()) {
175 // Check authorization for each request's method
176 if (user_has_whitelist) {
177 for (unsigned int reqIdx = 0; reqIdx < valRequest.size(); reqIdx++) {
178 if (!valRequest[reqIdx].isObject()) {
179 throw JSONRPCError(RPC_INVALID_REQUEST, "Invalid Request object");
180 } else {
181 const UniValue& request = valRequest[reqIdx].get_obj();
182 // Parse method
183 std::string strMethod = request.find_value("method").get_str();
184 if (!g_rpc_whitelist[jreq.authUser].contains(strMethod)) {
185 LogWarning("RPC User %s not allowed to call method %s", jreq.authUser, strMethod);
186 req->WriteReply(HTTP_FORBIDDEN);
187 return false;
188 }
189 }
190 }
191 }
192
193 // Execute each request
194 reply = UniValue::VARR;
195 for (size_t i{0}; i < valRequest.size(); ++i) {
196 // Batches never throw HTTP errors, they are always just included
197 // in "HTTP OK" responses. Notifications never get any response.
198 UniValue response;
199 try {
200 jreq.parse(valRequest[i]);
201 response = JSONRPCExec(jreq, /*catch_errors=*/true);
202 } catch (UniValue& e) {
203 response = JSONRPCReplyObj(NullUniValue, std::move(e), jreq.id, jreq.m_json_version);
204 } catch (const std::exception& e) {
205 response = JSONRPCReplyObj(NullUniValue, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id, jreq.m_json_version);
206 }
207 if (!jreq.IsNotification()) {
208 reply.push_back(std::move(response));
209 }
210 }
211 // Return no response for an all-notification batch, but only if the
212 // batch request is non-empty. Technically according to the JSON-RPC
213 // 2.0 spec, an empty batch request should also return no response,
214 // However, if the batch request is empty, it means the request did
215 // not contain any JSON-RPC version numbers, so returning an empty
216 // response could break backwards compatibility with old RPC clients
217 // relying on previous behavior. Return an empty array instead of an
218 // empty response in this case to favor being backwards compatible
219 // over complying with the JSON-RPC 2.0 spec in this case.
220 if (reply.size() == 0 && valRequest.size() > 0) {
221 req->WriteReply(HTTP_NO_CONTENT);
222 return true;
223 }
224 }
225 else
226 throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error");
227
228 req->WriteHeader("Content-Type", "application/json");
229 req->WriteReply(HTTP_OK, reply.write() + "\n");
230 } catch (UniValue& e) {
231 JSONErrorReply(req, std::move(e), jreq);
232 return false;
233 } catch (const std::exception& e) {
234 JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq);
235 return false;
236 }
237 return true;
238}
239
240static bool InitRPCAuthentication()
241{
242 std::string user;
243 std::string pass;
244
245 if (gArgs.GetArg("-rpcpassword", "") == "")
246 {
247 std::optional<fs::perms> cookie_perms{std::nullopt};
248 auto cookie_perms_arg{gArgs.GetArg("-rpccookieperms")};
249 if (cookie_perms_arg) {
250 auto perm_opt = InterpretPermString(*cookie_perms_arg);
251 if (!perm_opt) {
252 LogError("Invalid -rpccookieperms=%s; must be one of 'owner', 'group', or 'all'.", *cookie_perms_arg);
253 return false;
254 }
255 cookie_perms = *perm_opt;
256 }
257
258 switch (GenerateAuthCookie(cookie_perms, user, pass)) {
259 case GenerateAuthCookieResult::ERR:
260 return false;
261 case GenerateAuthCookieResult::DISABLED:
262 LogInfo("RPC authentication cookie file generation is disabled.");
263 break;
264 case GenerateAuthCookieResult::OK:
265 LogInfo("Using random cookie authentication.");
266 break;
267 }
268 } else {
269 LogInfo("Using rpcuser/rpcpassword authentication.");
270 LogWarning("The use of rpcuser/rpcpassword is less secure, because credentials are configured in plain text. It is recommended that locally-run instances switch to cookie-based auth, or otherwise to use hashed rpcauth credentials. See share/rpcauth in the source directory for more information.");
271 user = gArgs.GetArg("-rpcuser", "");
272 pass = gArgs.GetArg("-rpcpassword", "");
273 }
274
275 // If there is a plaintext credential, hash it with a random salt before storage.
276 if (!user.empty() || !pass.empty()) {
277 // Generate a random 16 byte hex salt.
278 std::array<unsigned char, 16> raw_salt;
279 GetStrongRandBytes(raw_salt);
280 std::string salt = HexStr(raw_salt);
281
282 // Compute HMAC.
283 std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE> out;
284 CHMAC_SHA256(UCharCast(salt.data()), salt.size()).Write(UCharCast(pass.data()), pass.size()).Finalize(out.data());
285 std::string hash = HexStr(out);
286
287 g_rpcauth.push_back({user, salt, hash});
288 }
289
290 if (!gArgs.GetArgs("-rpcauth").empty()) {
291 LogInfo("Using rpcauth authentication.\n");
292 for (const std::string& rpcauth : gArgs.GetArgs("-rpcauth")) {
293 std::vector<std::string> fields{SplitString(rpcauth, ':')};
294 const std::vector<std::string> salt_hmac{SplitString(fields.back(), '$')};
295 if (fields.size() == 2 && salt_hmac.size() == 2) {
296 fields.pop_back();
297 fields.insert(fields.end(), salt_hmac.begin(), salt_hmac.end());
298 g_rpcauth.push_back(fields);
299 } else {
300 LogWarning("Invalid -rpcauth argument.");
301 return false;
302 }
303 }
304 }
305
306 g_rpc_whitelist_default = gArgs.GetBoolArg("-rpcwhitelistdefault", !gArgs.GetArgs("-rpcwhitelist").empty());
307 for (const std::string& strRPCWhitelist : gArgs.GetArgs("-rpcwhitelist")) {
308 auto pos = strRPCWhitelist.find(':');
309 std::string strUser = strRPCWhitelist.substr(0, pos);
310 bool intersect = g_rpc_whitelist.contains(strUser);
311 std::set<std::string>& whitelist = g_rpc_whitelist[strUser];
312 if (pos != std::string::npos) {
313 std::string strWhitelist = strRPCWhitelist.substr(pos + 1);
314 std::vector<std::string> whitelist_split = SplitString(strWhitelist, ", ");
315 std::set<std::string> new_whitelist{
316 std::make_move_iterator(whitelist_split.begin()),
317 std::make_move_iterator(whitelist_split.end())};
318 if (intersect) {
319 std::set<std::string> tmp_whitelist;
320 std::set_intersection(new_whitelist.begin(), new_whitelist.end(),
321 whitelist.begin(), whitelist.end(), std::inserter(tmp_whitelist, tmp_whitelist.end()));
322 new_whitelist = std::move(tmp_whitelist);
323 }
324 whitelist = std::move(new_whitelist);
325 }
326 }
327
328 return true;
329}
330
331bool StartHTTPRPC(const std::any& context)
332{
333 LogDebug(BCLog::RPC, "Starting HTTP RPC server\n");
334 if (!InitRPCAuthentication())
335 return false;
336
337 auto handle_rpc = [context](HTTPRequest* req, const std::string&) { return HTTPReq_JSONRPC(context, req); };
338 RegisterHTTPHandler("/", true, handle_rpc);
339 if (g_wallet_init_interface.HasWalletSupport()) {
340 RegisterHTTPHandler("/wallet/", false, handle_rpc);
341 }
342 struct event_base* eventBase = EventBase();
343 assert(eventBase);
344 return true;
345}
346
347void InterruptHTTPRPC()
348{
349 LogDebug(BCLog::RPC, "Interrupting HTTP RPC server\n");
350}
351
352void StopHTTPRPC()
353{
354 LogDebug(BCLog::RPC, "Stopping HTTP RPC server\n");
355 UnregisterHTTPHandler("/", true);
356 if (g_wallet_init_interface.HasWalletSupport()) {
357 UnregisterHTTPHandler("/wallet/", false);
358 }
359}
gArgs
ArgsManager gArgs
Definition args.cpp:40
Assume
#define Assume(val)
Assume is the identity function.
Definition check.h:125
ArgsManager::GetArgs
std::vector< std::string > GetArgs(const std::string &strArg) const
Return a vector of strings of the given argument.
Definition args.cpp:366
ArgsManager::GetArg
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
Definition args.cpp:461
ArgsManager::GetBoolArg
bool GetBoolArg(const std::string &strArg, bool fDefault) const
Return boolean argument or default value.
Definition args.cpp:515
CHMAC_SHA256
A hasher class for HMAC-SHA-256.
Definition hmac_sha256.h:14
CHMAC_SHA256::Write
CHMAC_SHA256 & Write(const unsigned char *data, size_t len)
Definition hmac_sha256.h:23
CHMAC_SHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition hmac_sha256.cpp:31
CService::ToStringAddrPort
std::string ToStringAddrPort() const
Definition netaddress.cpp:903
HTTPRequest
In-flight HTTP request.
Definition httpserver.h:71
HTTPRequest::GetHeader
std::pair< bool, std::string > GetHeader(const std::string &hdr) const
Get the request header specified by hdr, or an empty string.
Definition httpserver.cpp:540
HTTPRequest::GetURI
std::string GetURI() const
Get requested URI.
Definition httpserver.cpp:633
HTTPRequest::WriteReply
void WriteReply(int nStatus, std::string_view reply="")
Write HTTP reply.
Definition httpserver.h:141
HTTPRequest::WriteHeader
void WriteHeader(const std::string &hdr, const std::string &value)
Write output header.
Definition httpserver.cpp:571
HTTPRequest::GetRequestMethod
RequestMethod GetRequestMethod() const
Get request method.
Definition httpserver.cpp:638
HTTPRequest::ReadBody
std::string ReadBody()
Read request body.
Definition httpserver.cpp:551
HTTPRequest::GetPeer
CService GetPeer() const
Get CService (address:ip) for the origin of the http request.
Definition httpserver.cpp:613
JSONRPCRequest::context
std::any context
Definition request.h:62
UniValue::push_back
void push_back(UniValue val)
Definition univalue.cpp:103
UniValue::get_str
const std::string & get_str() const
Definition univalue_get.cpp:62
UniValue::find_value
const UniValue & find_value(std::string_view key) const
Definition univalue.cpp:232
UniValue::write
std::string write(unsigned int prettyIndent=0, unsigned int indentLevel=0) const
Definition univalue_write.cpp:30
UniValue::get_obj
const UniValue & get_obj() const
Definition univalue_get.cpp:77
UniValue::size
size_t size() const
Definition univalue.h:71
WalletInitInterface::HasWalletSupport
virtual bool HasWalletSupport() const =0
Is the wallet component enabled.
g_wallet_init_interface
const WalletInitInterface & g_wallet_init_interface
Definition dummywallet.cpp:55
InterpretPermString
std::optional< fs::perms > InterpretPermString(const std::string &s)
Interpret a custom permissions level string as fs::perms.
Definition fs_helpers.cpp:291
fs_helpers.h
HexStr
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition hex_base.cpp:30
hmac_sha256.h
WWW_AUTH_HEADER_DATA
static const char * WWW_AUTH_HEADER_DATA
WWW-Authenticate to present with 401 Unauthorized response.
Definition httprpc.cpp:33
InterruptHTTPRPC
void InterruptHTTPRPC()
Interrupt HTTP RPC subsystem.
Definition httprpc.cpp:347
StopHTTPRPC
void StopHTTPRPC()
Stop HTTP RPC subsystem.
Definition httprpc.cpp:352
CheckUserAuthorized
static bool CheckUserAuthorized(std::string_view user, std::string_view pass)
Definition httprpc.cpp:63
StartHTTPRPC
bool StartHTTPRPC(const std::any &context)
Start HTTP RPC subsystem.
Definition httprpc.cpp:331
g_rpc_whitelist_default
static bool g_rpc_whitelist_default
Definition httprpc.cpp:39
RPCAuthorized
static bool RPCAuthorized(const std::string &strAuth, std::string &strAuthUsernameOut)
Definition httprpc.cpp:84
g_rpcauth
static std::vector< std::vector< std::string > > g_rpcauth
Definition httprpc.cpp:36
HTTPReq_JSONRPC
static bool HTTPReq_JSONRPC(const std::any &context, HTTPRequest *req)
Definition httprpc.cpp:104
InitRPCAuthentication
static bool InitRPCAuthentication()
Definition httprpc.cpp:240
g_rpc_whitelist
static std::map< std::string, std::set< std::string > > g_rpc_whitelist
Definition httprpc.cpp:38
JSONErrorReply
static void JSONErrorReply(HTTPRequest *req, UniValue objError, const JSONRPCRequest &jreq)
Definition httprpc.cpp:41
UnregisterHTTPHandler
void UnregisterHTTPHandler(const std::string &prefix, bool exactMatch)
Unregister handler for prefix.
Definition httpserver.cpp:695
RegisterHTTPHandler
void RegisterHTTPHandler(const std::string &prefix, bool exactMatch, const HTTPRequestHandler &handler)
Register handler for prefix.
Definition httpserver.cpp:688
eventBase
static struct event_base * eventBase
HTTP module state.
Definition httpserver.cpp:67
EventBase
struct event_base * EventBase()
Return evhttp event base.
Definition httpserver.cpp:494
LogWarning
#define LogWarning(...)
Definition log.h:96
LogInfo
#define LogInfo(...)
Definition log.h:95
LogError
#define LogError(...)
Definition log.h:97
LogDebug
#define LogDebug(category,...)
Definition log.h:115
util::SplitString
std::vector< std::string > SplitString(std::string_view str, char sep)
Definition string.h:149
util::TrimStringView
std::string_view TrimStringView(std::string_view str, std::string_view pattern=" \f\n\r\t\v")
Definition string.h:159
GetStrongRandBytes
void GetStrongRandBytes(std::span< unsigned char > bytes) noexcept
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using i...
Definition random.cpp:607
GenerateAuthCookie
GenerateAuthCookieResult GenerateAuthCookie(const std::optional< fs::perms > &cookie_perms, std::string &user, std::string &pass)
Generate a new RPC authentication cookie and write it to disk.
Definition request.cpp:100
JSONRPCError
UniValue JSONRPCError(int code, const std::string &message)
Definition request.cpp:70
JSONRPCReplyObj
UniValue JSONRPCReplyObj(UniValue result, UniValue error, std::optional< UniValue > id, JSONRPCVersion jsonrpc_version)
Definition request.cpp:51
HTTP_BAD_REQUEST
@ HTTP_BAD_REQUEST
Definition protocol.h:14
HTTP_BAD_METHOD
@ HTTP_BAD_METHOD
Definition protocol.h:18
HTTP_OK
@ HTTP_OK
Definition protocol.h:12
HTTP_UNAUTHORIZED
@ HTTP_UNAUTHORIZED
Definition protocol.h:15
HTTP_NOT_FOUND
@ HTTP_NOT_FOUND
Definition protocol.h:17
HTTP_FORBIDDEN
@ HTTP_FORBIDDEN
Definition protocol.h:16
HTTP_NO_CONTENT
@ HTTP_NO_CONTENT
Definition protocol.h:13
HTTP_INTERNAL_SERVER_ERROR
@ HTTP_INTERNAL_SERVER_ERROR
Definition protocol.h:19
RPC_PARSE_ERROR
@ RPC_PARSE_ERROR
Definition protocol.h:37
RPC_METHOD_NOT_FOUND
@ RPC_METHOD_NOT_FOUND
Definition protocol.h:32
RPC_INVALID_REQUEST
@ RPC_INVALID_REQUEST
Standard JSON-RPC 2.0 errors.
Definition protocol.h:29
JSONRPCExec
UniValue JSONRPCExec(const JSONRPCRequest &jreq, bool catch_errors)
Definition server.cpp:346
UCharCast
unsigned char * UCharCast(char *c)
Definition span.h:95
TimingResistantEqual
bool TimingResistantEqual(const T &a, const T &b)
Timing-attack-resistant comparison.
Definition strencodings.h:203
NullUniValue
const UniValue NullUniValue
Definition univalue.cpp:15
DecodeBase64
std::optional< std::vector< unsigned char > > DecodeBase64(std::string_view str)
Definition strencodings.cpp:109
UninterruptibleSleep
void UninterruptibleSleep(const std::chrono::microseconds &n)
Definition time.cpp:24
Ticks
constexpr auto Ticks(Dur2 d)
Helper to count the seconds of a duration/time_point.
Definition time.h:73
assert
assert(!tx.IsCoinBase())
Generated on Thu Apr 16 2026 09:42:38 for Bitcoin Core by doxygen 1.10.0