added a new flag (--remote-limit-api) to restrict remote api access

iotaledger · Jan 7, 2017 · 5055256 · 5055256
1 parent d284a5f
commit 5055256
Show file tree

Hide file tree

Showing 4 changed files with 155 additions and 127 deletions.
diff --git a/src/main/java/com/iota/iri/IRI.java b/src/main/java/com/iota/iri/IRI.java
@@ -71,6 +71,7 @@ private static void validateParams(final String[] args) {
         final Option<Boolean> headless = parser.addBooleanOption("headless");
         final Option<Boolean> debug = parser.addBooleanOption('d', "debug");
         final Option<Boolean> remote = parser.addBooleanOption("remote");
+        final Option<String> remoteLimitApi = parser.addStringOption("remote-limit-api");
         final Option<String> neighbors = parser.addStringOption('n', "neighbors");
         final Option<Boolean> experimental = parser.addBooleanOption('e', "experimental");
         final Option<Boolean> help = parser.addBooleanOption('h', "help");
@@ -95,21 +96,27 @@ private static void validateParams(final String[] args) {
         if (parser.getOptionValue(help) != null) {
             printUsage();
         }
-        
+
         String cns = parser.getOptionValue(neighbors);
         if (cns == null) {
             log.warn("No neighbor has been specified. Server starting nodeless.");
             cns = StringUtils.EMPTY;
-        } 
+        }
         Configuration.put(DefaultConfSettings.NEIGHBORS, cns);
-        
+
 
         final String vcors = parser.getOptionValue(cors);
         if (vcors != null) {
             log.debug("Enabled CORS with value : {} ", vcors);
             Configuration.put(DefaultConfSettings.CORS_ENABLED, vcors);
         }
 
+        final String vremoteapilimit = parser.getOptionValue(remoteLimitApi);
+        if (vremoteapilimit != null) {
+            log.debug("The following api calls are not allowed : {} ", vremoteapilimit);
+            Configuration.put(DefaultConfSettings.REMOTEAPILIMIT, vremoteapilimit);
+        }
+
         final String vrport = parser.getOptionValue(rport);
         if (vrport != null) {
             Configuration.put(DefaultConfSettings.TANGLE_RECEIVER_PORT, vrport);
@@ -118,7 +125,7 @@ private static void validateParams(final String[] args) {
         if (parser.getOptionValue(headless) != null) {
             Configuration.put(DefaultConfSettings.HEADLESS, "true");
         }
-        
+
         if (parser.getOptionValue(remote) != null) {
             log.info("Remote access enabled. Binding API socket to listen any interface.");
             Configuration.put(DefaultConfSettings.API_HOST, "0.0.0.0");
@@ -132,7 +139,7 @@ private static void validateParams(final String[] args) {
         if (Integer.parseInt(cport) < 1024) {
             log.warn("Warning: api port value seems too low.");
         }
-        
+
         if (parser.getOptionValue(debug) != null) {
             Configuration.put(DefaultConfSettings.DEBUG, "true");
             log.info(Configuration.allSettings());
@@ -141,16 +148,16 @@ private static void validateParams(final String[] args) {
     }
 
     private static void printUsage() {
-        log.info("Usage: java -jar {}-{}.jar " + 
-                 "[{-p,--port} 14265] " + 
-                 "[{-r,--receiver-port} 14265] " + 
-                 "[{-c,--enabled-cors} *] " + 
-                 "[{-h}] [{--headless}] " + 
-                 "[{-d,--debug}] " + 
-                 "[{-e,--experimental}]" +
-                 "[{--remote}]" +
-                 // + "[{-t,--testnet} false] " // -> TBDiscussed (!)
-                 "[{-n,--neighbors} '<list of neighbors>'] ", NAME, VERSION);
+        log.info("Usage: java -jar {}-{}.jar " +
+                "[{-p,--port} 14265] " +
+                "[{-r,--receiver-port} 14265] " +
+                "[{-c,--enabled-cors} *] " +
+                "[{-h}] [{--headless}] " +
+                "[{-d,--debug}] " +
+                "[{-e,--experimental}]" +
+                "[{--remote}]" +
+                // + "[{-t,--testnet} false] " // -> TBDiscussed (!)
+                "[{-n,--neighbors} '<list of neighbors>'] ", NAME, VERSION);
         System.exit(0);
     }
 

diff --git a/src/main/java/com/iota/iri/conf/Configuration.java b/src/main/java/com/iota/iri/conf/Configuration.java
@@ -7,13 +7,13 @@
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
- * All those settings are modificable at runtime, 
+ * All those settings are modificable at runtime,
  * but for most of them the node needs to be restarted.
  */
 public class Configuration {
-    
+
     private static final Logger log = LoggerFactory.getLogger(Configuration.class);
-    
+
     private static final Map<String, String> conf = new ConcurrentHashMap<>();
 
     public enum DefaultConfSettings {
@@ -23,23 +23,25 @@ public enum DefaultConfSettings {
         CORS_ENABLED,
         TESTNET, // not used yet
         HEADLESS,
+        REMOTEAPILIMIT,
         NEIGHBORS,
-        DEBUG, 
+        DEBUG,
         EXPERIMENTAL // experimental features.
     }
-    
+
     static {
-    	// defaults
+        // defaults
         conf.put(DefaultConfSettings.API_PORT.name(), "14265");
         conf.put(DefaultConfSettings.API_HOST.name(), "localhost");
         conf.put(DefaultConfSettings.TANGLE_RECEIVER_PORT.name(), "14265");
-        conf.put(DefaultConfSettings.CORS_ENABLED.name(), "*"); 
+        conf.put(DefaultConfSettings.CORS_ENABLED.name(), "*");
         conf.put(DefaultConfSettings.TESTNET.name(), "false");
         conf.put(DefaultConfSettings.HEADLESS.name(), "false");
         conf.put(DefaultConfSettings.DEBUG.name(), "false");
+        conf.put(DefaultConfSettings.REMOTEAPILIMIT.name(), "");
         conf.put(DefaultConfSettings.EXPERIMENTAL.name(), "false");
     }
-    
+
     public static String allSettings() {
         final StringBuilder settings = new StringBuilder();
         conf.keySet().forEach(t -> settings.append("Set '").append(t).append("'\t -> ").append(conf.get(t)).append("\n"));
@@ -50,34 +52,40 @@ public static void put(final String k, final String v) {
         log.debug("Setting {} with {}", k, v);
         conf.put(k, v);
     }
-    
+
     public static void put(final DefaultConfSettings d, String v) {
         log.debug("Setting {} with {}", d.name(), v);
         conf.put(d.name(), v);
     }
-    
+
     public static String string(String k) {
         return conf.get(k);
     }
+
     public static float floating(String k) {
         return Float.parseFloat(conf.get(k));
     }
+
     public static double doubling(String k) {
         return Double.parseDouble(conf.get(k));
     }
+
     public static int integer(String k) {
         return Integer.parseInt(conf.get(k));
     }
+
     public static boolean booling(String k) {
         return Boolean.parseBoolean(conf.get(k));
     }
-    
+
     public static String string(final DefaultConfSettings d) {
         return string(d.name());
     }
+
     public static int integer(final DefaultConfSettings d) {
         return integer(d.name());
     }
+
     public static boolean booling(final DefaultConfSettings d) {
         return booling(d.name());
     }