mintlayer-core icon indicating copy to clipboard operation
mintlayer-core copied to clipboard
verified publisher icon mintlayer

Protect selected RPC commands

Open pavel-kokolemin opened this issue 2 years ago • 4 comments

Some RPC commands should only be available to admins (for example submit_block). It would be nice to simply add something to an RPC interface to protect such methods:

#[rpc::rpc(server, client, namespace = "chainstate")]
trait ChainstateRpc {
    /// Submit a block to be included in the chain
    #[method(name = "submit_block", "admin_only")]
    async fn submit_block(&self, block_hex: String) -> rpc::Result<()>;

It looks like jsonrpsee does not support this. It should be possible to check credentials and method name using middleware (parsing request body). But it's ugly and won't work with WebSocket transport.

For reference, Bitcoin Core supports filtering RPC commands with rpcwhitelist:

  -rpcwhitelist=<whitelist>
       Set a whitelist to filter incoming RPC calls for a specific user. The
       field <whitelist> comes in the format: <USERNAME>:<rpc 1>,<rpc
       2>,...,<rpc n>. If multiple whitelists are set for a given user,
       they are set-intersected. See -rpcwhitelistdefault documentation
       for information on default whitelist behavior.

The problem was originally reported by @TheQuantumPhysicist

pavel-kokolemin avatar Apr 18 '23 07:04 pavel-kokolemin

@pavel-kokolemin @TheQuantumPhysicist can I try to implement the method using rpcwhitelist ?

ybensacq avatar Nov 06 '23 06:11 ybensacq

@pavel-kokolemin @TheQuantumPhysicist can I try to implement the method using rpcwhitelist ?

Hi @ybensacq . I'm not sure what you're referring to when you say rpcwhitelist, whether that's a just a concept or a reference of something in a library. We have no concrete way in mind to solve this problem yet, and you're welcome to propose something reasonable. Your contribution is highly appreciated.

TheQuantumPhysicist avatar Nov 06 '23 09:11 TheQuantumPhysicist

@pavel-kokolemin @TheQuantumPhysicist can I try to implement the method using rpcwhitelist ?

Hi @ybensacq . I'm not sure what you're referring to when you say rpcwhitelist, whether that's a just a concept or a reference of something in a library. We have no concrete way in mind to solve this problem yet, and you're welcome to propose something reasonable. Your contribution is highly appreciated.

Hi @TheQuantumPhysicist what I thought was to add an argument call rpcwhitelist when launching the node or in a config file with this format : <USERNAME>:<rpc 1>,<rpc 2>,...,<rpc n> as we can find here : https://docs.dash.org/projects/core/en/19.0.0/docs/api/remote-procedure-calls.html. For example we could have something like : admin:submit_block,invalidate_block,reset_block_failure_flags.. and then when we receive an RPC call, we have to check if the authenticated user has the right to use the current rpc method. What do you think about this way ?

ybensacq avatar Nov 06 '23 10:11 ybensacq

That sounds like a good solution. Please go ahead at your convenience! Cheers!

TheQuantumPhysicist avatar Nov 08 '23 12:11 TheQuantumPhysicist