/root/bitcoin/src/rpc/request.cpp

Source (jump to first uncovered line)
// Copyright (c) 2010 Satoshi Nakamoto
// Copyright (c) 2009-2022 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <rpc/request.h>

#include <common/args.h>
#include <logging.h>
#include <random.h>
#include <rpc/protocol.h>
#include <util/fs.h>
#include <util/fs_helpers.h>
#include <util/strencodings.h>

#include <fstream>
#include <stdexcept>
#include <string>
#include <vector>

/**
 * JSON-RPC protocol.  Bitcoin speaks version 1.0 for maximum compatibility,
 * but uses JSON-RPC 1.1/2.0 standards for parts of the 1.0 standard that were
 * unspecified (HTTP errors and contents of 'error').
 *
 * 1.0 spec: http://json-rpc.org/wiki/specification
 * 1.2 spec: http://jsonrpc.org/historical/json-rpc-over-http.html
 *
 * If the server receives a request with the JSON-RPC 2.0 marker `{"jsonrpc": "2.0"}`
 * then Bitcoin will respond with a strictly specified response.
 * It will only return an HTTP error code if an actual HTTP error is encountered
 * such as the endpoint is not found (404) or the request is not formatted correctly (500).
 * Otherwise the HTTP code is always OK (200) and RPC errors will be included in the
 * response body.
 *
 * 2.0 spec: https://www.jsonrpc.org/specification
 *
 * Also see http://www.simple-is-better.org/rpc/#differences-between-1-0-and-2-0
 */

UniValue JSONRPCRequestObj(const std::string& strMethod, const UniValue& params, const UniValue& id)
{
    UniValue request(UniValue::VOBJ);
    request.pushKV("method", strMethod);
    request.pushKV("params", params);
    request.pushKV("id", id);
    request.pushKV("jsonrpc", "2.0");
    return request;
}

UniValue JSONRPCReplyObj(UniValue result, UniValue error, std::optional<UniValue> id, JSONRPCVersion jsonrpc_version)
{
    UniValue reply(UniValue::VOBJ);
    // Add JSON-RPC version number field in v2 only.
    if (jsonrpc_version == JSONRPCVersion::V2) reply.pushKV("jsonrpc", "2.0");

    // Add both result and error fields in v1, even though one will be null.
    // Omit the null field in v2.
    if (error.isNull()) {
        reply.pushKV("result", std::move(result));
        if (jsonrpc_version == JSONRPCVersion::V1_LEGACY) reply.pushKV("error", NullUniValue);
    } else {
        if (jsonrpc_version == JSONRPCVersion::V1_LEGACY) reply.pushKV("result", NullUniValue);
        reply.pushKV("error", std::move(error));
    }
    if (id.has_value()) reply.pushKV("id", std::move(id.value()));
    return reply;
}

UniValue JSONRPCError(int code, const std::string& message)
{
    UniValue error(UniValue::VOBJ);
    error.pushKV("code", code);
    error.pushKV("message", message);
    return error;
}

/** Username used when cookie authentication is in use (arbitrary, only for
 * recognizability in debugging/logging purposes)
 */
static const std::string COOKIEAUTH_USER = "__cookie__";
/** Default name for auth cookie file */
static const char* const COOKIEAUTH_FILE = ".cookie";

/** Get name of RPC authentication cookie file */
static fs::path GetAuthCookieFile(bool temp=false)
{
    fs::path arg = gArgs.GetPathArg("-rpccookiefile", COOKIEAUTH_FILE);
    if (temp) {
        arg += ".tmp";
    }
    return AbsPathForConfigVal(gArgs, arg);
}

static bool g_generated_cookie = false;

bool GenerateAuthCookie(std::string* cookie_out, std::optional<fs::perms> cookie_perms)
{
    const size_t COOKIE_SIZE = 32;
    unsigned char rand_pwd[COOKIE_SIZE];
    GetRandBytes(rand_pwd);
    std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);

    /** the umask determines what permissions are used to create this file -
     * these are set to 0077 in common/system.cpp.
     */
    std::ofstream file;
    fs::path filepath_tmp = GetAuthCookieFile(true);
    file.open(filepath_tmp);
    if (!file.is_open()) {
        LogInfo("Unable to open cookie authentication file %s for writing\n", fs::PathToString(filepath_tmp));
        return false;
    }
    file << cookie;
    file.close();

    fs::path filepath = GetAuthCookieFile(false);
    if (!RenameOver(filepath_tmp, filepath)) {
        LogInfo("Unable to rename cookie authentication file %s to %s\n", fs::PathToString(filepath_tmp), fs::PathToString(filepath));
        return false;
    }
    if (cookie_perms) {
        std::error_code code;
        fs::permissions(filepath, cookie_perms.value(), fs::perm_options::replace, code);
        if (code) {
            LogInfo("Unable to set permissions on cookie authentication file %s\n", fs::PathToString(filepath_tmp));
            return false;
        }
    }

    g_generated_cookie = true;
    LogInfo("Generated RPC authentication cookie %s\n", fs::PathToString(filepath));
    LogInfo("Permissions used for cookie: %s\n", PermsToSymbolicString(fs::status(filepath).permissions()));

    if (cookie_out)
        *cookie_out = cookie;
    return true;
}

bool GetAuthCookie(std::string *cookie_out)
{
    std::ifstream file;
    std::string cookie;
    fs::path filepath = GetAuthCookieFile();
    file.open(filepath);
    if (!file.is_open())
        return false;
    std::getline(file, cookie);
    file.close();

    if (cookie_out)
        *cookie_out = cookie;
    return true;
}

void DeleteAuthCookie()
{
    try {
        if (g_generated_cookie) {
            // Delete the cookie file if it was generated by this process
            fs::remove(GetAuthCookieFile());
        }
    } catch (const fs::filesystem_error& e) {
        LogPrintf("%s: Unable to remove random auth cookie file: %s\n", __func__, fsbridge::get_filesystem_error_message(e));
    }
}

std::vector<UniValue> JSONRPCProcessBatchReply(const UniValue& in)
{
    if (!in.isArray()) {
        throw std::runtime_error("Batch must be an array");
    }
    const size_t num {in.size()};
    std::vector<UniValue> batch(num);
    for (const UniValue& rec : in.getValues()) {
        if (!rec.isObject()) {
            throw std::runtime_error("Batch member must be an object");
        }
        size_t id = rec["id"].getInt<int>();
        if (id >= num) {
            throw std::runtime_error("Batch member id is larger than batch size");
        }
        batch[id] = rec;
    }
    return batch;
}

void JSONRPCRequest::parse(const UniValue& valRequest)
{
    // Parse request
    if (!valRequest.isObject())
        throw JSONRPCError(RPC_INVALID_REQUEST, "Invalid Request object");
    const UniValue& request = valRequest.get_obj();

    // Parse id now so errors from here on will have the id
    if (request.exists("id")) {
        id = request.find_value("id");
    } else {
        id = std::nullopt;
    }

    // Check for JSON-RPC 2.0 (default 1.1)
    m_json_version = JSONRPCVersion::V1_LEGACY;
    const UniValue& jsonrpc_version = request.find_value("jsonrpc");
    if (!jsonrpc_version.isNull()) {
        if (!jsonrpc_version.isStr()) {
            throw JSONRPCError(RPC_INVALID_REQUEST, "jsonrpc field must be a string");
        }
        // The "jsonrpc" key was added in the 2.0 spec, but some older documentation
        // incorrectly included {"jsonrpc":"1.0"} in a request object, so we
        // maintain that for backwards compatibility.
        if (jsonrpc_version.get_str() == "1.0") {
            m_json_version = JSONRPCVersion::V1_LEGACY;
        } else if (jsonrpc_version.get_str() == "2.0") {
            m_json_version = JSONRPCVersion::V2;
        } else {
            throw JSONRPCError(RPC_INVALID_REQUEST, "JSON-RPC version not supported");
        }
    }

    // Parse method
    const UniValue& valMethod{request.find_value("method")};
    if (valMethod.isNull())
        throw JSONRPCError(RPC_INVALID_REQUEST, "Missing method");
    if (!valMethod.isStr())
        throw JSONRPCError(RPC_INVALID_REQUEST, "Method must be a string");
    strMethod = valMethod.get_str();
    if (fLogIPs)
        LogDebug(BCLog::RPC, "ThreadRPCServer method=%s user=%s peeraddr=%s\n", SanitizeString(strMethod),
            this->authUser, this->peerAddr);
    else
        LogDebug(BCLog::RPC, "ThreadRPCServer method=%s user=%s\n", SanitizeString(strMethod), this->authUser);

    // Parse params
    const UniValue& valParams{request.find_value("params")};
    if (valParams.isArray() || valParams.isObject())
        params = valParams;
    else if (valParams.isNull())
        params = UniValue(UniValue::VARR);
    else
        throw JSONRPCError(RPC_INVALID_REQUEST, "Params must be an array or object");
}

Coverage Report

Created: 2024-10-29 12:15

Line	Count	Source (jump to first uncovered line)
1		// Copyright (c) 2010 Satoshi Nakamoto
2		// Copyright (c) 2009-2022 The Bitcoin Core developers
3		// Distributed under the MIT software license, see the accompanying
4		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6		#include <rpc/request.h>
7
8		#include <common/args.h>
9		#include <logging.h>
10		#include <random.h>
11		#include <rpc/protocol.h>
12		#include <util/fs.h>
13		#include <util/fs_helpers.h>
14		#include <util/strencodings.h>
15
16		#include <fstream>
17		#include <stdexcept>
18		#include <string>
19		#include <vector>
20
21		/**
22		* JSON-RPC protocol. Bitcoin speaks version 1.0 for maximum compatibility,
23		* but uses JSON-RPC 1.1/2.0 standards for parts of the 1.0 standard that were
24		* unspecified (HTTP errors and contents of 'error').
25		*
26		* 1.0 spec: http://json-rpc.org/wiki/specification
27		* 1.2 spec: http://jsonrpc.org/historical/json-rpc-over-http.html
28		*
29		* If the server receives a request with the JSON-RPC 2.0 marker `{"jsonrpc": "2.0"}`
30		* then Bitcoin will respond with a strictly specified response.
31		* It will only return an HTTP error code if an actual HTTP error is encountered
32		* such as the endpoint is not found (404) or the request is not formatted correctly (500).
33		* Otherwise the HTTP code is always OK (200) and RPC errors will be included in the
34		* response body.
35		*
36		* 2.0 spec: https://www.jsonrpc.org/specification
37		*
38		* Also see http://www.simple-is-better.org/rpc/#differences-between-1-0-and-2-0
39		*/
40
41		UniValue JSONRPCRequestObj(const std::string& strMethod, const UniValue& params, const UniValue& id)
42	0	{
43	0	UniValue request(UniValue::VOBJ);
44	0	request.pushKV("method", strMethod);
45	0	request.pushKV("params", params);
46	0	request.pushKV("id", id);
47	0	request.pushKV("jsonrpc", "2.0");
48	0	return request;
49	0	}
50
51		UniValue JSONRPCReplyObj(UniValue result, UniValue error, std::optional<UniValue> id, JSONRPCVersion jsonrpc_version)
52	0	{
53	0	UniValue reply(UniValue::VOBJ);
54		// Add JSON-RPC version number field in v2 only.
55	0	if (jsonrpc_version == JSONRPCVersion::V2) reply.pushKV("jsonrpc", "2.0");
56
57		// Add both result and error fields in v1, even though one will be null.
58		// Omit the null field in v2.
59	0	if (error.isNull()) {
60	0	reply.pushKV("result", std::move(result));
61	0	if (jsonrpc_version == JSONRPCVersion::V1_LEGACY) reply.pushKV("error", NullUniValue);
62	0	} else {
63	0	if (jsonrpc_version == JSONRPCVersion::V1_LEGACY) reply.pushKV("result", NullUniValue);
64	0	reply.pushKV("error", std::move(error));
65	0	}
66	0	if (id.has_value()) reply.pushKV("id", std::move(id.value()));
67	0	return reply;
68	0	}
69
70		UniValue JSONRPCError(int code, const std::string& message)
71	0	{
72	0	UniValue error(UniValue::VOBJ);
73	0	error.pushKV("code", code);
74	0	error.pushKV("message", message);
75	0	return error;
76	0	}
77
78		/** Username used when cookie authentication is in use (arbitrary, only for
79		* recognizability in debugging/logging purposes)
80		*/
81		static const std::string COOKIEAUTH_USER = "__cookie__";
82		/** Default name for auth cookie file */
83		static const char* const COOKIEAUTH_FILE = ".cookie";
84
85		/** Get name of RPC authentication cookie file */
86		static fs::path GetAuthCookieFile(bool temp=false)
87	0	{
88	0	fs::path arg = gArgs.GetPathArg("-rpccookiefile", COOKIEAUTH_FILE);
89	0	if (temp) {
90	0	arg += ".tmp";
91	0	}
92	0	return AbsPathForConfigVal(gArgs, arg);
93	0	}
94
95		static bool g_generated_cookie = false;
96
97		bool GenerateAuthCookie(std::string* cookie_out, std::optional<fs::perms> cookie_perms)
98	0	{
99	0	const size_t COOKIE_SIZE = 32;
100	0	unsigned char rand_pwd[COOKIE_SIZE];
101	0	GetRandBytes(rand_pwd);
102	0	std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
103
104		/** the umask determines what permissions are used to create this file -
105		* these are set to 0077 in common/system.cpp.
106		*/
107	0	std::ofstream file;
108	0	fs::path filepath_tmp = GetAuthCookieFile(true);
109	0	file.open(filepath_tmp);
110	0	if (!file.is_open()) {
111	0	LogInfo("Unable to open cookie authentication file %s for writing\n", fs::PathToString(filepath_tmp));
112	0	return false;
113	0	}
114	0	file << cookie;
115	0	file.close();
116
117	0	fs::path filepath = GetAuthCookieFile(false);
118	0	if (!RenameOver(filepath_tmp, filepath)) {
119	0	LogInfo("Unable to rename cookie authentication file %s to %s\n", fs::PathToString(filepath_tmp), fs::PathToString(filepath));
120	0	return false;
121	0	}
122	0	if (cookie_perms) {
123	0	std::error_code code;
124	0	fs::permissions(filepath, cookie_perms.value(), fs::perm_options::replace, code);
125	0	if (code) {
126	0	LogInfo("Unable to set permissions on cookie authentication file %s\n", fs::PathToString(filepath_tmp));
127	0	return false;
128	0	}
129	0	}
130
131	0	g_generated_cookie = true;
132	0	LogInfo("Generated RPC authentication cookie %s\n", fs::PathToString(filepath));
133	0	LogInfo("Permissions used for cookie: %s\n", PermsToSymbolicString(fs::status(filepath).permissions()));
134
135	0	if (cookie_out)
136	0	*cookie_out = cookie;
137	0	return true;
138	0	}
139
140		bool GetAuthCookie(std::string *cookie_out)
141	0	{
142	0	std::ifstream file;
143	0	std::string cookie;
144	0	fs::path filepath = GetAuthCookieFile();
145	0	file.open(filepath);
146	0	if (!file.is_open())
147	0	return false;
148	0	std::getline(file, cookie);
149	0	file.close();
150
151	0	if (cookie_out)
152	0	*cookie_out = cookie;
153	0	return true;
154	0	}
155
156		void DeleteAuthCookie()
157	0	{
158	0	try {
159	0	if (g_generated_cookie) {
160		// Delete the cookie file if it was generated by this process
161	0	fs::remove(GetAuthCookieFile());
162	0	}
163	0	} catch (const fs::filesystem_error& e) {
164	0	LogPrintf("%s: Unable to remove random auth cookie file: %s\n", __func__, fsbridge::get_filesystem_error_message(e));
165	0	}
166	0	}
167
168		std::vector<UniValue> JSONRPCProcessBatchReply(const UniValue& in)
169	0	{
170	0	if (!in.isArray()) {
171	0	throw std::runtime_error("Batch must be an array");
172	0	}
173	0	const size_t num {in.size()};
174	0	std::vector<UniValue> batch(num);
175	0	for (const UniValue& rec : in.getValues()) {
176	0	if (!rec.isObject()) {
177	0	throw std::runtime_error("Batch member must be an object");
178	0	}
179	0	size_t id = rec["id"].getInt<int>();
180	0	if (id >= num) {
181	0	throw std::runtime_error("Batch member id is larger than batch size");
182	0	}
183	0	batch[id] = rec;
184	0	}
185	0	return batch;
186	0	}
187
188		void JSONRPCRequest::parse(const UniValue& valRequest)
189	0	{
190		// Parse request
191	0	if (!valRequest.isObject())
192	0	throw JSONRPCError(RPC_INVALID_REQUEST, "Invalid Request object");
193	0	const UniValue& request = valRequest.get_obj();
194
195		// Parse id now so errors from here on will have the id
196	0	if (request.exists("id")) {
197	0	id = request.find_value("id");
198	0	} else {
199	0	id = std::nullopt;
200	0	}
201
202		// Check for JSON-RPC 2.0 (default 1.1)
203	0	m_json_version = JSONRPCVersion::V1_LEGACY;
204	0	const UniValue& jsonrpc_version = request.find_value("jsonrpc");
205	0	if (!jsonrpc_version.isNull()) {
206	0	if (!jsonrpc_version.isStr()) {
207	0	throw JSONRPCError(RPC_INVALID_REQUEST, "jsonrpc field must be a string");
208	0	}
209		// The "jsonrpc" key was added in the 2.0 spec, but some older documentation
210		// incorrectly included {"jsonrpc":"1.0"} in a request object, so we
211		// maintain that for backwards compatibility.
212	0	if (jsonrpc_version.get_str() == "1.0") {
213	0	m_json_version = JSONRPCVersion::V1_LEGACY;
214	0	} else if (jsonrpc_version.get_str() == "2.0") {
215	0	m_json_version = JSONRPCVersion::V2;
216	0	} else {
217	0	throw JSONRPCError(RPC_INVALID_REQUEST, "JSON-RPC version not supported");
218	0	}
219	0	}
220
221		// Parse method
222	0	const UniValue& valMethod{request.find_value("method")};
223	0	if (valMethod.isNull())
224	0	throw JSONRPCError(RPC_INVALID_REQUEST, "Missing method");
225	0	if (!valMethod.isStr())
226	0	throw JSONRPCError(RPC_INVALID_REQUEST, "Method must be a string");
227	0	strMethod = valMethod.get_str();
228	0	if (fLogIPs)
229	0	LogDebug(BCLog::RPC, "ThreadRPCServer method=%s user=%s peeraddr=%s\n", SanitizeString(strMethod),
230	0	this->authUser, this->peerAddr);
231	0	else
232	0	LogDebug(BCLog::RPC, "ThreadRPCServer method=%s user=%s\n", SanitizeString(strMethod), this->authUser);
233
234		// Parse params
235	0	const UniValue& valParams{request.find_value("params")};
236	0	if (valParams.isArray() \|\| valParams.isObject())
237	0	params = valParams;
238	0	else if (valParams.isNull())
239	0	params = UniValue(UniValue::VARR);
240	0	else
241	0	throw JSONRPCError(RPC_INVALID_REQUEST, "Params must be an array or object");
242	0	}