proxyd: Use canned response for eth_accounts (#2801)

We never want to expose Geth's accounts to the public internet, so proxyd will now return `[]` for `eth_accounts` RPC calls without hitting the backend. Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2022-06-16 13:02:39 -06:00 · 2022-06-16 13:02:39 -06:00 · e2e3a622ce
commit e2e3a622ce
parent e7191f335c
6 changed files with 51 additions and 1 deletions
--- a/proxyd/proxyd/backend.go
+++ b/proxyd/proxyd/backend.go
@ -625,6 +625,18 @@ func (w *WSProxier) clientPump(ctx context.Context, errC chan error) {
 			continue
 		}

+		// Send eth_accounts requests directly to the client
+		if req.Method == "eth_accounts" {
+			msg = mustMarshalJSON(NewRPCRes(req.ID, emptyArrayResponse))
+			RecordRPCForward(ctx, BackendProxyd, "eth_accounts", RPCRequestSourceWS)
+			err = w.writeClientConn(msgType, msg)
+			if err != nil {
+				errC <- err
+				return
+			}
+			continue
+		}
+
 		RecordRPCForward(ctx, w.backend.Name, req.Method, RPCRequestSourceWS)
 		log.Info(
 			"forwarded WS message to backend",
--- a/proxyd/proxyd/integration_tests/batching_test.go
+++ b/proxyd/proxyd/integration_tests/batching_test.go
@ -18,6 +18,8 @@ func TestBatching(t *testing.T) {
 	netVersionResponse1 := `{"jsonrpc": "2.0", "result": "1.0", "id": 1}`
 	callResponse1 := `{"jsonrpc": "2.0", "result": "ekans1", "id": 1}`

+	ethAccountsResponse2 := `{"jsonrpc": "2.0", "result": [], "id": 2}`
+
 	type mockResult struct {
 		method string
 		id     string
@ -98,6 +100,19 @@ func TestBatching(t *testing.T) {
 			maxBatchSize:        2,
 			numExpectedForwards: 3,
 		},
+		{
+			name: "eth_accounts does not get forwarded",
+			mocks: []mockResult{
+				callMock1,
+			},
+			reqs: []*proxyd.RPCReq{
+				NewRPCReq("1", "eth_call", nil),
+				NewRPCReq("2", "eth_accounts", nil),
+			},
+			expectedRes:         asArray(callResponse1, ethAccountsResponse2),
+			maxBatchSize:        2,
+			numExpectedForwards: 1,
+		},
 	}

 	for _, tt := range tests {
--- a/proxyd/proxyd/integration_tests/testdata/ws.toml
+++ b/proxyd/proxyd/integration_tests/testdata/ws.toml
@ -1,7 +1,8 @@
 ws_backend_group = "main"

 ws_method_whitelist = [
-  "eth_subscribe"
+  "eth_subscribe",
+  "eth_accounts"
 ]

 [server]
--- a/proxyd/proxyd/integration_tests/ws_test.go
+++ b/proxyd/proxyd/integration_tests/ws_test.go
@ -178,6 +178,12 @@ func TestWS(t *testing.T) {
 			"{\"jsonrpc\":\"2.0\",\"error\":{\"code\":-32700,\"message\":\"parse error\"},\"id\":null}",
 			"{\"jsonrpc\": \"2.0\", \"method\": true}",
 		},
+		{
+			"eth_accounts",
+			"{}",
+			"{\"jsonrpc\":\"2.0\",\"result\":[],\"id\":1}",
+			"{\"jsonrpc\": \"2.0\", \"method\": \"eth_accounts\", \"id\": 1}",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
--- a/proxyd/proxyd/rpc.go
+++ b/proxyd/proxyd/rpc.go
@ -142,6 +142,14 @@ func NewRPCErrorRes(id json.RawMessage, err error) *RPCRes {
 	}
 }

+func NewRPCRes(id json.RawMessage, result interface{}) *RPCRes {
+	return &RPCRes{
+		JSONRPC: JSONRPCVersion,
+		Result:  result,
+		ID:      id,
+	}
+}
+
 func IsBatch(raw []byte) bool {
 	for _, c := range raw {
 		// skip insignificant whitespace (http://www.ietf.org/rfc/rfc4627.txt)
--- a/proxyd/proxyd/server.go
+++ b/proxyd/proxyd/server.go
@ -32,6 +32,8 @@ const (
 	defaultMaxUpstreamBatchSize = 10
 )

+var emptyArrayResponse = json.RawMessage("[]")
+
 type Server struct {
 	backendGroups        map[string]*BackendGroup
 	wsBackendGroup       *BackendGroup
@ -248,6 +250,12 @@ func (s *Server) handleBatchRPC(ctx context.Context, reqs []json.RawMessage, isB
 			continue
 		}

+		if parsedReq.Method == "eth_accounts" {
+			RecordRPCForward(ctx, BackendProxyd, "eth_accounts", RPCRequestSourceHTTP)
+			responses[i] = NewRPCRes(parsedReq.ID, emptyArrayResponse)
+			continue
+		}
+
 		group := s.rpcMethodMappings[parsedReq.Method]
 		if group == "" {
 			// use unknown below to prevent DOS vector that fills up memory