// Copyright 2014 The go-ethereum Authors // This file is part of the go-ethereum library. // // The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with the go-ethereum library. If not, see . package node import ( "crypto/ecdsa" "fmt" "net" "os" "path/filepath" "runtime" "strings" "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/log" "github.com/ethereum/go-ethereum/p2p" "github.com/ethereum/go-ethereum/rpc" ) const ( datadirPrivateKey = "nodekey" // Path within the datadir to the node's private key datadirJWTKey = "jwtsecret" // Path within the datadir to the node's jwt secret datadirDefaultKeyStore = "keystore" // Path within the datadir to the keystore datadirStaticNodes = "static-nodes.json" // Path within the datadir to the static node list datadirTrustedNodes = "trusted-nodes.json" // Path within the datadir to the trusted node list datadirNodeDatabase = "nodes" // Path within the datadir to store the node infos ) // Config represents a small collection of configuration values to fine tune the // P2P network layer of a protocol stack. These values can be further extended by // all registered services. type Config struct { // Name sets the instance name of the node. It must not contain the / character and is // used in the devp2p node identifier. The instance name of geth is "geth". If no // value is specified, the basename of the current executable is used. Name string `toml:"-"` // UserIdent, if set, is used as an additional component in the devp2p node identifier. UserIdent string `toml:",omitempty"` // Version should be set to the version number of the program. It is used // in the devp2p node identifier. Version string `toml:"-"` // DataDir is the file system folder the node should use for any data storage // requirements. The configured data directory will not be directly shared with // registered services, instead those can use utility methods to create/access // databases or flat files. This enables ephemeral nodes which can fully reside // in memory. DataDir string // Configuration of peer-to-peer networking. P2P p2p.Config // KeyStoreDir is the file system folder that contains private keys. The directory can // be specified as a relative path, in which case it is resolved relative to the // current directory. // // If KeyStoreDir is empty, the default location is the "keystore" subdirectory of // DataDir. If DataDir is unspecified and KeyStoreDir is empty, an ephemeral directory // is created by New and destroyed when the node is stopped. KeyStoreDir string `toml:",omitempty"` // ExternalSigner specifies an external URI for a clef-type signer. ExternalSigner string `toml:",omitempty"` // UseLightweightKDF lowers the memory and CPU requirements of the key store // scrypt KDF at the expense of security. UseLightweightKDF bool `toml:",omitempty"` // InsecureUnlockAllowed allows user to unlock accounts in unsafe http environment. InsecureUnlockAllowed bool `toml:",omitempty"` // NoUSB disables hardware wallet monitoring and connectivity. // Deprecated: USB monitoring is disabled by default and must be enabled explicitly. NoUSB bool `toml:",omitempty"` // DirectBroadcast enable directly broadcast mined block to all peers DirectBroadcast bool `toml:",omitempty"` // DisableSnapProtocol disable the snap protocol DisableSnapProtocol bool `toml:",omitempty"` // RangeLimit enable 5000 blocks limit when handle range query RangeLimit bool `toml:",omitempty"` // USB enables hardware wallet monitoring and connectivity. USB bool `toml:",omitempty"` // SmartCardDaemonPath is the path to the smartcard daemon's socket. SmartCardDaemonPath string `toml:",omitempty"` // IPCPath is the requested location to place the IPC endpoint. If the path is // a simple file name, it is placed inside the data directory (or on the root // pipe path on Windows), whereas if it's a resolvable path name (absolute or // relative), then that specific path is enforced. An empty path disables IPC. IPCPath string // HTTPHost is the host interface on which to start the HTTP RPC server. If this // field is empty, no HTTP API endpoint will be started. HTTPHost string // HTTPPort is the TCP port number on which to start the HTTP RPC server. The // default zero value is/ valid and will pick a port number randomly (useful // for ephemeral nodes). HTTPPort int `toml:",omitempty"` // HTTPCors is the Cross-Origin Resource Sharing header to send to requesting // clients. Please be aware that CORS is a browser enforced security, it's fully // useless for custom HTTP clients. HTTPCors []string `toml:",omitempty"` // HTTPVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. // This is by default {'localhost'}. Using this prevents attacks like // DNS rebinding, which bypasses SOP by simply masquerading as being within the same // origin. These attacks do not utilize CORS, since they are not cross-domain. // By explicitly checking the Host-header, the server will not allow requests // made against the server with a malicious host domain. // Requests using ip address directly are not affected HTTPVirtualHosts []string `toml:",omitempty"` // HTTPModules is a list of API modules to expose via the HTTP RPC interface. // If the module list is empty, all RPC API endpoints designated public will be // exposed. HTTPModules []string // HTTPTimeouts allows for customization of the timeout values used by the HTTP RPC // interface. HTTPTimeouts rpc.HTTPTimeouts // HTTPPathPrefix specifies a path prefix on which http-rpc is to be served. HTTPPathPrefix string `toml:",omitempty"` // AuthAddr is the listening address on which authenticated APIs are provided. AuthAddr string `toml:",omitempty"` // AuthPort is the port number on which authenticated APIs are provided. AuthPort int `toml:",omitempty"` // AuthVirtualHosts is the list of virtual hostnames which are allowed on incoming requests // for the authenticated api. This is by default {'localhost'}. AuthVirtualHosts []string `toml:",omitempty"` // WSHost is the host interface on which to start the websocket RPC server. If // this field is empty, no websocket API endpoint will be started. WSHost string // WSPort is the TCP port number on which to start the websocket RPC server. The // default zero value is/ valid and will pick a port number randomly (useful for // ephemeral nodes). WSPort int `toml:",omitempty"` // WSPathPrefix specifies a path prefix on which ws-rpc is to be served. WSPathPrefix string `toml:",omitempty"` // WSOrigins is the list of domain to accept websocket requests from. Please be // aware that the server can only act upon the HTTP request the client sends and // cannot verify the validity of the request header. WSOrigins []string `toml:",omitempty"` // WSModules is a list of API modules to expose via the websocket RPC interface. // If the module list is empty, all RPC API endpoints designated public will be // exposed. WSModules []string // WSExposeAll exposes all API modules via the WebSocket RPC interface rather // than just the public ones. // // *WARNING* Only set this if the node is running in a trusted network, exposing // private APIs to untrusted users is a major security risk. WSExposeAll bool `toml:",omitempty"` // GraphQLCors is the Cross-Origin Resource Sharing header to send to requesting // clients. Please be aware that CORS is a browser enforced security, it's fully // useless for custom HTTP clients. GraphQLCors []string `toml:",omitempty"` // GraphQLVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. // This is by default {'localhost'}. Using this prevents attacks like // DNS rebinding, which bypasses SOP by simply masquerading as being within the same // origin. These attacks do not utilize CORS, since they are not cross-domain. // By explicitly checking the Host-header, the server will not allow requests // made against the server with a malicious host domain. // Requests using ip address directly are not affected GraphQLVirtualHosts []string `toml:",omitempty"` // Logger is a custom logger to use with the p2p.Server. Logger log.Logger `toml:",omitempty"` LogConfig *LogConfig `toml:",omitempty"` oldGethResourceWarning bool // AllowUnprotectedTxs allows non EIP-155 protected transactions to be send over RPC. AllowUnprotectedTxs bool `toml:",omitempty"` // EnableDoubleSignMonitor is a flag that whether to enable the double signature checker EnableDoubleSignMonitor bool `toml:",omitempty"` // EnableMaliciousVoteMonitor is a flag that whether to enable the malicious vote checker EnableMaliciousVoteMonitor bool `toml:",omitempty"` // BLSPasswordFile is the file that contains BLS wallet password. BLSPasswordFile string `toml:",omitempty"` // BLSWalletDir is the file system folder of BLS wallet. The directory can // be specified as a relative path, in which case it is resolved relative to the // current directory. BLSWalletDir string `toml:",omitempty"` // VoteJournalDir is the directory to store votes in the fast finality feature. VoteJournalDir string `toml:",omitempty"` // BatchRequestLimit is the maximum number of requests in a batch. BatchRequestLimit int `toml:",omitempty"` // BatchResponseMaxSize is the maximum number of bytes returned from a batched rpc call. BatchResponseMaxSize int `toml:",omitempty"` // JWTSecret is the path to the hex-encoded jwt secret. JWTSecret string `toml:",omitempty"` // EnablePersonal enables the deprecated personal namespace. EnablePersonal bool `toml:"-"` DBEngine string `toml:",omitempty"` Instance int `toml:",omitempty"` } // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into // account the set data folders as well as the designated platform we're currently // running on. func (c *Config) IPCEndpoint() string { // Short circuit if IPC has not been enabled if c.IPCPath == "" { return "" } // On windows we can only use plain top-level pipes if runtime.GOOS == "windows" { if strings.HasPrefix(c.IPCPath, `\\.\pipe\`) { return c.IPCPath } return `\\.\pipe\` + c.IPCPath } // Resolve names into the data directory full paths otherwise if filepath.Base(c.IPCPath) == c.IPCPath { if c.DataDir == "" { return filepath.Join(os.TempDir(), c.IPCPath) } return filepath.Join(c.DataDir, c.IPCPath) } return c.IPCPath } // NodeDB returns the path to the discovery node database. func (c *Config) NodeDB() string { if c.DataDir == "" { return "" // ephemeral } return c.ResolvePath(datadirNodeDatabase) } // DefaultIPCEndpoint returns the IPC path used by default. func DefaultIPCEndpoint(clientIdentifier string) string { if clientIdentifier == "" { clientIdentifier = strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") if clientIdentifier == "" { panic("empty executable name") } } config := &Config{DataDir: DefaultDataDir(), IPCPath: clientIdentifier + ".ipc"} return config.IPCEndpoint() } // HTTPEndpoint resolves an HTTP endpoint based on the configured host interface // and port parameters. func (c *Config) HTTPEndpoint() string { if c.HTTPHost == "" { return "" } return net.JoinHostPort(c.HTTPHost, fmt.Sprintf("%d", c.HTTPPort)) } // DefaultHTTPEndpoint returns the HTTP endpoint used by default. func DefaultHTTPEndpoint() string { config := &Config{HTTPHost: DefaultHTTPHost, HTTPPort: DefaultHTTPPort, AuthPort: DefaultAuthPort} return config.HTTPEndpoint() } // WSEndpoint resolves a websocket endpoint based on the configured host interface // and port parameters. func (c *Config) WSEndpoint() string { if c.WSHost == "" { return "" } return net.JoinHostPort(c.WSHost, fmt.Sprintf("%d", c.WSPort)) } // DefaultWSEndpoint returns the websocket endpoint used by default. func DefaultWSEndpoint() string { config := &Config{WSHost: DefaultWSHost, WSPort: DefaultWSPort} return config.WSEndpoint() } // ExtRPCEnabled returns the indicator whether node enables the external // RPC(http, ws or graphql). func (c *Config) ExtRPCEnabled() bool { return c.HTTPHost != "" || c.WSHost != "" } // NodeName returns the devp2p node identifier. func (c *Config) NodeName() string { name := c.name() // Backwards compatibility: previous versions used title-cased "Geth", keep that. if name == "geth" || name == "geth-testnet" { name = "Geth" } if c.UserIdent != "" { name += "/" + c.UserIdent } if c.Version != "" { name += "/v" + c.Version } name += "/" + runtime.GOOS + "-" + runtime.GOARCH name += "/" + runtime.Version() return name } func (c *Config) name() string { if c.Name == "" { progname := strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") if progname == "" { panic("empty executable name, set Config.Name") } return progname } return c.Name } // These resources are resolved differently for "geth" instances. var isOldGethResource = map[string]bool{ "chaindata": true, "nodes": true, "nodekey": true, "static-nodes.json": false, // no warning for these because they have their "trusted-nodes.json": false, // own separate warning. } // ResolvePath resolves path in the instance directory. func (c *Config) ResolvePath(path string) string { if filepath.IsAbs(path) { return path } if c.DataDir == "" { return "" } // Backwards-compatibility: ensure that data directory files created // by geth 1.4 are used if they exist. if warn, isOld := isOldGethResource[path]; isOld { oldpath := "" if c.name() == "geth" { oldpath = filepath.Join(c.DataDir, path) } if oldpath != "" && common.FileExist(oldpath) { if warn && !c.oldGethResourceWarning { c.oldGethResourceWarning = true log.Warn("Using deprecated resource file, please move this file to the 'geth' subdirectory of datadir.", "file", oldpath) } return oldpath } } return filepath.Join(c.instanceDir(), path) } func (c *Config) instanceDir() string { if c.DataDir == "" { return "" } return filepath.Join(c.DataDir, c.name()) } // NodeKey retrieves the currently configured private key of the node, checking // first any manually set key, falling back to the one found in the configured // data folder. If no key can be found, a new one is generated. func (c *Config) NodeKey() *ecdsa.PrivateKey { // Use any specifically configured key. if c.P2P.PrivateKey != nil { return c.P2P.PrivateKey } // Generate ephemeral key if no datadir is being used. if c.DataDir == "" { key, err := crypto.GenerateKey() if err != nil { log.Crit(fmt.Sprintf("Failed to generate ephemeral node key: %v", err)) } return key } keyfile := c.ResolvePath(datadirPrivateKey) if key, err := crypto.LoadECDSA(keyfile); err == nil { return key } // No persistent key found, generate and store a new one. key, err := crypto.GenerateKey() if err != nil { log.Crit(fmt.Sprintf("Failed to generate node key: %v", err)) } instanceDir := filepath.Join(c.DataDir, c.name()) if err := os.MkdirAll(instanceDir, 0700); err != nil { log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) return key } keyfile = filepath.Join(instanceDir, datadirPrivateKey) if err := crypto.SaveECDSA(keyfile, key); err != nil { log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) } return key } // checkLegacyFiles inspects the datadir for signs of legacy static-nodes // and trusted-nodes files. If they exist it raises an error. func (c *Config) checkLegacyFiles() { c.checkLegacyFile(c.ResolvePath(datadirStaticNodes)) c.checkLegacyFile(c.ResolvePath(datadirTrustedNodes)) } // checkLegacyFile will only raise an error if a file at the given path exists. func (c *Config) checkLegacyFile(path string) { // Short circuit if no node config is present if c.DataDir == "" { return } if _, err := os.Stat(path); err != nil { return } logger := c.Logger if logger == nil { logger = log.Root() } switch fname := filepath.Base(path); fname { case "static-nodes.json": logger.Error("The static-nodes.json file is deprecated and ignored. Use P2P.StaticNodes in config.toml instead.") case "trusted-nodes.json": logger.Error("The trusted-nodes.json file is deprecated and ignored. Use P2P.TrustedNodes in config.toml instead.") default: // We shouldn't wind up here, but better print something just in case. logger.Error("Ignoring deprecated file.", "file", path) } } // KeyDirConfig determines the settings for keydirectory func (c *Config) KeyDirConfig() (string, error) { var ( keydir string err error ) switch { case filepath.IsAbs(c.KeyStoreDir): keydir = c.KeyStoreDir case c.DataDir != "": if c.KeyStoreDir == "" { keydir = filepath.Join(c.DataDir, datadirDefaultKeyStore) } else { keydir, err = filepath.Abs(c.KeyStoreDir) } case c.KeyStoreDir != "": keydir, err = filepath.Abs(c.KeyStoreDir) } return keydir, err } // GetKeyStoreDir retrieves the key directory and will create // and ephemeral one if necessary. func (c *Config) GetKeyStoreDir() (string, bool, error) { keydir, err := c.KeyDirConfig() if err != nil { return "", false, err } isEphemeral := false if keydir == "" { // There is no datadir. keydir, err = os.MkdirTemp("", "go-ethereum-keystore") isEphemeral = true } if err != nil { return "", false, err } if err := os.MkdirAll(keydir, 0700); err != nil { return "", false, err } return keydir, isEphemeral, nil } type LogConfig struct { FileRoot *string `toml:",omitempty"` FilePath *string `toml:",omitempty"` MaxBytesSize *uint `toml:",omitempty"` Level *string `toml:",omitempty"` RotateHours *uint `toml:",omitempty"` MaxBackups *uint `toml:",omitempty"` // TermTimeFormat is the time format used for console logging. TermTimeFormat *string `toml:",omitempty"` // TimeFormat is the time format used for file logging. TimeFormat *string `toml:",omitempty"` }