mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 20:12:57 +01:00
feat: add support of composite commands in RPC'c whitelists
This commit is contained in:
parent
9456d0761d
commit
a102a59787
@ -101,6 +101,17 @@ public:
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static bool whitelisted(JSONRPCRequest jreq)
|
||||||
|
{
|
||||||
|
if (g_rpc_whitelist[jreq.authUser].count(jreq.strMethod)) return true;
|
||||||
|
|
||||||
|
// check for composite command after
|
||||||
|
if (!jreq.params.isArray() || jreq.params.empty()) return false;
|
||||||
|
if (!jreq.params[0].isStr()) return false;
|
||||||
|
|
||||||
|
return g_rpc_whitelist[jreq.authUser].count(jreq.strMethod + jreq.params[0].get_str());
|
||||||
|
}
|
||||||
|
|
||||||
static bool JSONErrorReply(RpcHttpRequest& rpcRequest, const UniValue& objError, const UniValue& id)
|
static bool JSONErrorReply(RpcHttpRequest& rpcRequest, const UniValue& objError, const UniValue& id)
|
||||||
{
|
{
|
||||||
// Send error reply from json-rpc error object
|
// Send error reply from json-rpc error object
|
||||||
@ -226,7 +237,7 @@ static bool HTTPReq_JSONRPC(const CoreContext& context, HTTPRequest* req)
|
|||||||
jreq.parse(valRequest);
|
jreq.parse(valRequest);
|
||||||
rpcRequest.command = jreq.strMethod;
|
rpcRequest.command = jreq.strMethod;
|
||||||
|
|
||||||
if (user_has_whitelist && !g_rpc_whitelist[jreq.authUser].count(jreq.strMethod)) {
|
if (user_has_whitelist && !whitelisted(jreq)) {
|
||||||
LogPrintf("RPC User %s not allowed to call method %s\n", jreq.authUser, jreq.strMethod);
|
LogPrintf("RPC User %s not allowed to call method %s\n", jreq.authUser, jreq.strMethod);
|
||||||
return rpcRequest.send_reply(HTTP_FORBIDDEN);
|
return rpcRequest.send_reply(HTTP_FORBIDDEN);
|
||||||
}
|
}
|
||||||
@ -245,7 +256,7 @@ static bool HTTPReq_JSONRPC(const CoreContext& context, HTTPRequest* req)
|
|||||||
const UniValue& request = valRequest[reqIdx].get_obj();
|
const UniValue& request = valRequest[reqIdx].get_obj();
|
||||||
// Parse method
|
// Parse method
|
||||||
std::string strMethod = find_value(request, "method").get_str();
|
std::string strMethod = find_value(request, "method").get_str();
|
||||||
if (!g_rpc_whitelist[jreq.authUser].count(strMethod)) {
|
if (!whitelisted(jreq)) {
|
||||||
LogPrintf("RPC User %s not allowed to call method %s\n", jreq.authUser, strMethod);
|
LogPrintf("RPC User %s not allowed to call method %s\n", jreq.authUser, strMethod);
|
||||||
return rpcRequest.send_reply(HTTP_FORBIDDEN);
|
return rpcRequest.send_reply(HTTP_FORBIDDEN);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user