Backports to beta (#2068)

* Fix several RPCs (#1926) * Fix up pending receipts details. * Add support for additional params and registry over RPC. * Fix tests. * Add test, additional fix. Fixes #1932. * Fix up tests. * Fix test. * Fix test. * DB WAL size limit (#1935) * Limit WAL size * Check pruning by db modification date (#1924) * Cache address hash (#1943) * ECIES without MAC (#1948) * Use random IV for ECIES AES * ECIES encrypt/decrypt for a single message * Derive IV from shared secret * Apply settings to column families * fixed #1933 (#1979) * Fixed neighbours collection (#1996) * dapps-hosts configuration * Disabled counter check * always process trie death row on commit, add more tracing * fixed transaction addresses mapping, fixes #1971 * simplified iterator * v1.3.1 * v1.3.1
openethereum · Sep 11, 2016 · 2a82fa0 · 2a82fa0
1 parent 1ccc901
commit 2a82fa0
Show file tree

Hide file tree

Showing 43 changed files with 731 additions and 180 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 description = "Ethcore client."
 name = "parity"
-version = "1.3.0"
+version = "1.3.1"
 license = "GPL-3.0"
 authors = ["Ethcore <admin@ethcore.io>"]
 build = "build.rs"

diff --git a/dapps/src/lib.rs b/dapps/src/lib.rs
@@ -100,14 +100,26 @@ impl ServerBuilder {
 
 	/// Asynchronously start server with no authentication,
 	/// returns result with `Server` handle on success or an error.
-	pub fn start_unsecure_http(&self, addr: &SocketAddr) -> Result<Server, ServerError> {
-		Server::start_http(addr, NoAuth, self.handler.clone(), self.dapps_path.clone())
+	pub fn start_unsecured_http(&self, addr: &SocketAddr, hosts: Option<Vec<String>>) -> Result<Server, ServerError> {
+		Server::start_http(
+			addr,
+			hosts,
+			NoAuth,
+			self.handler.clone(),
+			self.dapps_path.clone(),
+		)
 	}
 
 	/// Asynchronously start server with `HTTP Basic Authentication`,
 	/// return result with `Server` handle on success or an error.
-	pub fn start_basic_auth_http(&self, addr: &SocketAddr, username: &str, password: &str) -> Result<Server, ServerError> {
-		Server::start_http(addr, HttpBasicAuth::single_user(username, password), self.handler.clone(), self.dapps_path.clone())
+	pub fn start_basic_auth_http(&self, addr: &SocketAddr, hosts: Option<Vec<String>>, username: &str, password: &str) -> Result<Server, ServerError> {
+		Server::start_http(
+			addr,
+			hosts,
+			HttpBasicAuth::single_user(username, password),
+			self.handler.clone(),
+			self.dapps_path.clone(),
+		)
 	}
 }
 
@@ -118,7 +130,28 @@ pub struct Server {
 }
 
 impl Server {
-	fn start_http<A: Authorization + 'static>(addr: &SocketAddr, authorization: A, handler: Arc<IoHandler>, dapps_path: String) -> Result<Server, ServerError> {
+	/// Returns a list of allowed hosts or `None` if all hosts are allowed.
+	fn allowed_hosts(hosts: Option<Vec<String>>, bind_address: String) -> Option<Vec<String>> {
+		let mut allowed = Vec::new();
+
+		match hosts {
+			Some(hosts) => allowed.extend_from_slice(&hosts),
+			None => return None,
+		}
+
+		// Add localhost domain as valid too if listening on loopback interface.
+		allowed.push(bind_address.replace("127.0.0.1", "localhost").into());
+		allowed.push(bind_address.into());
+		Some(allowed)
+	}
+
+	fn start_http<A: Authorization + 'static>(
+		addr: &SocketAddr,
+		hosts: Option<Vec<String>>,
+		authorization: A,
+		handler: Arc<IoHandler>,
+		dapps_path: String,
+	) -> Result<Server, ServerError> {
 		let panic_handler = Arc::new(Mutex::new(None));
 		let authorization = Arc::new(authorization);
 		let endpoints = Arc::new(apps::all_endpoints(dapps_path));
@@ -129,15 +162,15 @@ impl Server {
 			special.insert(router::SpecialEndpoint::Utils, apps::utils());
 			special
 		});
-		let bind_address = format!("{}", addr);
+		let hosts = Self::allowed_hosts(hosts, format!("{}", addr));
 
 		try!(hyper::Server::http(addr))
 			.handle(move |_| router::Router::new(
 				apps::main_page(),
 				endpoints.clone(),
 				special.clone(),
 				authorization.clone(),
-				bind_address.clone(),
+				hosts.clone(),
 			))
 			.map(|(l, srv)| {
 
@@ -182,3 +215,24 @@ impl From<hyper::error::Error> for ServerError {
 		}
 	}
 }
+
+#[cfg(test)]
+mod tests {
+	use super::Server;
+
+	#[test]
+	fn should_return_allowed_hosts() {
+		// given
+		let bind_address = "127.0.0.1".to_owned();
+
+		// when
+		let all = Server::allowed_hosts(None, bind_address.clone());
+		let address = Server::allowed_hosts(Some(Vec::new()), bind_address.clone());
+		let some = Server::allowed_hosts(Some(vec!["ethcore.io".into()]), bind_address.clone());
+
+		// then
+		assert_eq!(all, None);
+		assert_eq!(address, Some(vec!["localhost".into(), "127.0.0.1".into()]));
+		assert_eq!(some, Some(vec!["ethcore.io".into(), "localhost".into(), "127.0.0.1".into()]));
+	}
+}
diff --git a/dapps/src/router/host_validation.rs b/dapps/src/router/host_validation.rs
@@ -22,14 +22,11 @@ use hyper::net::HttpStream;
 use jsonrpc_http_server::{is_host_header_valid};
 use handlers::ContentHandler;
 
-
-pub fn is_valid(request: &server::Request<HttpStream>, bind_address: &str, endpoints: Vec<String>) -> bool {
-	let mut endpoints = endpoints.into_iter()
+pub fn is_valid(request: &server::Request<HttpStream>, allowed_hosts: &[String], endpoints: Vec<String>) -> bool {
+	let mut endpoints = endpoints.iter()
 		.map(|endpoint| format!("{}{}", endpoint, DAPPS_DOMAIN))
 		.collect::<Vec<String>>();
-	// Add localhost domain as valid too if listening on loopback interface.
-	endpoints.push(bind_address.replace("127.0.0.1", "localhost").into());
-	endpoints.push(bind_address.into());
+	endpoints.extend_from_slice(allowed_hosts);
 
 	is_host_header_valid(request, &endpoints)
 }

diff --git a/dapps/src/router/mod.rs b/dapps/src/router/mod.rs
@@ -45,17 +45,19 @@ pub struct Router<A: Authorization + 'static> {
 	endpoints: Arc<Endpoints>,
 	special: Arc<HashMap<SpecialEndpoint, Box<Endpoint>>>,
 	authorization: Arc<A>,
-	bind_address: String,
+	allowed_hosts: Option<Vec<String>>,
 	handler: Box<server::Handler<HttpStream> + Send>,
 }
 
 impl<A: Authorization + 'static> server::Handler<HttpStream> for Router<A> {
 
 	fn on_request(&mut self, req: server::Request<HttpStream>) -> Next {
 		// Validate Host header
-		if !host_validation::is_valid(&req, &self.bind_address, self.endpoints.keys().cloned().collect()) {
-			self.handler = host_validation::host_invalid_response();
-			return self.handler.on_request(req);
+		if let Some(ref hosts) = self.allowed_hosts {
+			if !host_validation::is_valid(&req, hosts, self.endpoints.keys().cloned().collect()) {
+				self.handler = host_validation::host_invalid_response();
+				return self.handler.on_request(req);
+			}
 		}
 
 		// Check authorization
@@ -114,7 +116,7 @@ impl<A: Authorization> Router<A> {
 		endpoints: Arc<Endpoints>,
 		special: Arc<HashMap<SpecialEndpoint, Box<Endpoint>>>,
 		authorization: Arc<A>,
-		bind_address: String,
+		allowed_hosts: Option<Vec<String>>,
 		) -> Self {
 
 		let handler = special.get(&SpecialEndpoint::Rpc).unwrap().to_handler(EndpointPath::default());
@@ -123,7 +125,7 @@ impl<A: Authorization> Router<A> {
 			endpoints: endpoints,
 			special: special,
 			authorization: authorization,
-			bind_address: bind_address,
+			allowed_hosts: allowed_hosts,
 			handler: handler,
 		}
 	}

diff --git a/ethcore/res/ethereum/morden.json b/ethcore/res/ethereum/morden.json
@@ -8,7 +8,7 @@
 				"difficultyBoundDivisor": "0x0800",
 				"durationLimit": "0x0d",
 				"blockReward": "0x4563918244F40000",
-				"registrar": "",
+				"registrar": "0x8e4e9b13d4b45cb0befc93c3061b1408f67316b2",
 				"frontierCompatibilityModeLimit": "0x789b0"
 			}
 		}