mirror of https://github.com/poanetwork/gecko.git
Merge pull request #110 from ava-labs/api-security
API security improvements
This commit is contained in:
commit
cb65fca7d8
|
@ -10,6 +10,15 @@ import (
|
|||
"runtime/pprof"
|
||||
)
|
||||
|
||||
const (
|
||||
// Name of file that CPU profile is written to when StartCPUProfiler called
|
||||
cpuProfileFile = "cpu.profile"
|
||||
// Name of file that memory profile is written to when MemoryProfile called
|
||||
memProfileFile = "mem.profile"
|
||||
// Name of file that lock profile is written to
|
||||
lockProfileFile = "lock.profile"
|
||||
)
|
||||
|
||||
var (
|
||||
errCPUProfilerRunning = errors.New("cpu profiler already running")
|
||||
errCPUProfilerNotRunning = errors.New("cpu profiler doesn't exist")
|
||||
|
@ -20,12 +29,12 @@ var (
|
|||
type Performance struct{ cpuProfileFile *os.File }
|
||||
|
||||
// StartCPUProfiler starts measuring the cpu utilization of this node
|
||||
func (p *Performance) StartCPUProfiler(filename string) error {
|
||||
func (p *Performance) StartCPUProfiler() error {
|
||||
if p.cpuProfileFile != nil {
|
||||
return errCPUProfilerRunning
|
||||
}
|
||||
|
||||
file, err := os.Create(filename)
|
||||
file, err := os.Create(cpuProfileFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -52,8 +61,8 @@ func (p *Performance) StopCPUProfiler() error {
|
|||
}
|
||||
|
||||
// MemoryProfile dumps the current memory utilization of this node
|
||||
func (p *Performance) MemoryProfile(filename string) error {
|
||||
file, err := os.Create(filename)
|
||||
func (p *Performance) MemoryProfile() error {
|
||||
file, err := os.Create(memProfileFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -66,8 +75,8 @@ func (p *Performance) MemoryProfile(filename string) error {
|
|||
}
|
||||
|
||||
// LockProfile dumps the current lock statistics of this node
|
||||
func (p *Performance) LockProfile(filename string) error {
|
||||
file, err := os.Create(filename)
|
||||
func (p *Performance) LockProfile() error {
|
||||
file, err := os.Create(lockProfileFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -39,21 +39,16 @@ func NewService(log logging.Logger, chainManager chains.Manager, peers network.N
|
|||
return &common.HTTPHandler{Handler: newServer}
|
||||
}
|
||||
|
||||
// StartCPUProfilerArgs are the arguments for calling StartCPUProfiler
|
||||
type StartCPUProfilerArgs struct {
|
||||
Filename string `json:"filename"`
|
||||
}
|
||||
|
||||
// StartCPUProfilerReply are the results from calling StartCPUProfiler
|
||||
type StartCPUProfilerReply struct {
|
||||
Success bool `json:"success"`
|
||||
}
|
||||
|
||||
// StartCPUProfiler starts a cpu profile writing to the specified file
|
||||
func (service *Admin) StartCPUProfiler(_ *http.Request, args *StartCPUProfilerArgs, reply *StartCPUProfilerReply) error {
|
||||
service.log.Info("Admin: StartCPUProfiler called with %s", args.Filename)
|
||||
func (service *Admin) StartCPUProfiler(_ *http.Request, args *struct{}, reply *StartCPUProfilerReply) error {
|
||||
service.log.Info("Admin: StartCPUProfiler called")
|
||||
reply.Success = true
|
||||
return service.performance.StartCPUProfiler(args.Filename)
|
||||
return service.performance.StartCPUProfiler()
|
||||
}
|
||||
|
||||
// StopCPUProfilerReply are the results from calling StopCPUProfiler
|
||||
|
@ -68,26 +63,16 @@ func (service *Admin) StopCPUProfiler(_ *http.Request, _ *struct{}, reply *StopC
|
|||
return service.performance.StopCPUProfiler()
|
||||
}
|
||||
|
||||
// MemoryProfileArgs are the arguments for calling MemoryProfile
|
||||
type MemoryProfileArgs struct {
|
||||
Filename string `json:"filename"`
|
||||
}
|
||||
|
||||
// MemoryProfileReply are the results from calling MemoryProfile
|
||||
type MemoryProfileReply struct {
|
||||
Success bool `json:"success"`
|
||||
}
|
||||
|
||||
// MemoryProfile runs a memory profile writing to the specified file
|
||||
func (service *Admin) MemoryProfile(_ *http.Request, args *MemoryProfileArgs, reply *MemoryProfileReply) error {
|
||||
service.log.Info("Admin: MemoryProfile called with %s", args.Filename)
|
||||
func (service *Admin) MemoryProfile(_ *http.Request, args *struct{}, reply *MemoryProfileReply) error {
|
||||
service.log.Info("Admin: MemoryProfile called")
|
||||
reply.Success = true
|
||||
return service.performance.MemoryProfile(args.Filename)
|
||||
}
|
||||
|
||||
// LockProfileArgs are the arguments for calling LockProfile
|
||||
type LockProfileArgs struct {
|
||||
Filename string `json:"filename"`
|
||||
return service.performance.MemoryProfile()
|
||||
}
|
||||
|
||||
// LockProfileReply are the results from calling LockProfile
|
||||
|
@ -96,10 +81,10 @@ type LockProfileReply struct {
|
|||
}
|
||||
|
||||
// LockProfile runs a mutex profile writing to the specified file
|
||||
func (service *Admin) LockProfile(_ *http.Request, args *LockProfileArgs, reply *LockProfileReply) error {
|
||||
service.log.Info("Admin: LockProfile called with %s", args.Filename)
|
||||
func (service *Admin) LockProfile(_ *http.Request, args *struct{}, reply *LockProfileReply) error {
|
||||
service.log.Info("Admin: LockProfile called")
|
||||
reply.Success = true
|
||||
return service.performance.LockProfile(args.Filename)
|
||||
return service.performance.LockProfile()
|
||||
}
|
||||
|
||||
// AliasArgs are the arguments for calling Alias
|
||||
|
|
|
@ -71,8 +71,10 @@ func main() {
|
|||
mapper := nat.NewDefaultMapper(log, Config.Nat, nat.TCP, "gecko")
|
||||
defer mapper.UnmapAllPorts()
|
||||
|
||||
mapper.MapPort(Config.StakingIP.Port, Config.StakingIP.Port)
|
||||
mapper.MapPort(Config.HTTPPort, Config.HTTPPort)
|
||||
mapper.MapPort(Config.StakingIP.Port, Config.StakingIP.Port) // Open staking port
|
||||
if Config.HTTPHost != "127.0.0.1" && Config.HTTPHost != "localhost" { // Open HTTP port iff HTTP server not listening on localhost
|
||||
mapper.MapPort(Config.HTTPPort, Config.HTTPPort)
|
||||
}
|
||||
|
||||
node := node.Node{}
|
||||
|
||||
|
|
|
@ -190,7 +190,7 @@ func init() {
|
|||
consensusIP := fs.String("public-ip", "", "Public IP of this node")
|
||||
|
||||
// HTTP Server:
|
||||
httpHost := fs.String("http-host", "", "Address of the HTTP server")
|
||||
httpHost := fs.String("http-host", "127.0.0.1", "Address of the HTTP server")
|
||||
httpPort := fs.Uint("http-port", 9650, "Port of the HTTP server")
|
||||
fs.BoolVar(&Config.EnableHTTPS, "http-tls-enabled", false, "Upgrade the HTTP server to HTTPs")
|
||||
fs.StringVar(&Config.HTTPSKeyFile, "http-tls-key-file", "", "TLS private key file for the HTTPs server")
|
||||
|
@ -225,9 +225,9 @@ func init() {
|
|||
fs.IntVar(&Config.ConsensusParams.ConcurrentRepolls, "snow-concurrent-repolls", 1, "Minimum number of concurrent polls for finalizing consensus")
|
||||
|
||||
// Enable/Disable APIs:
|
||||
fs.BoolVar(&Config.AdminAPIEnabled, "api-admin-enabled", true, "If true, this node exposes the Admin API")
|
||||
fs.BoolVar(&Config.AdminAPIEnabled, "api-admin-enabled", false, "If true, this node exposes the Admin API")
|
||||
fs.BoolVar(&Config.InfoAPIEnabled, "api-info-enabled", true, "If true, this node exposes the Info API")
|
||||
fs.BoolVar(&Config.KeystoreAPIEnabled, "api-keystore-enabled", true, "If true, this node exposes the Keystore API")
|
||||
fs.BoolVar(&Config.KeystoreAPIEnabled, "api-keystore-enabled", false, "If true, this node exposes the Keystore API")
|
||||
fs.BoolVar(&Config.MetricsAPIEnabled, "api-metrics-enabled", true, "If true, this node exposes the Metrics API")
|
||||
fs.BoolVar(&Config.HealthAPIEnabled, "api-health-enabled", true, "If true, this node exposes the Health API")
|
||||
fs.BoolVar(&Config.IPCEnabled, "api-ipcs-enabled", false, "If true, IPCs can be opened")
|
||||
|
|
Loading…
Reference in New Issue