diff --git a/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs b/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs index 676e96bf6a..ec076c94b6 100644 --- a/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs +++ b/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs @@ -79,8 +79,8 @@ pub async fn start_merge_miner(cli: Cli) -> Result<(), anyhow::Error> { if let MmProxyError::BaseNodeNotResponding(_) = e { error!(target: LOG_TARGET, "{}", e.to_string()); println!(); - let msg = "Are the base node's gRPC mining methods denied in its 'config.toml'? Please ensure these \ - methods are commented out:\n 'grpc_server_deny_methods': \"get_new_block_template\", \ + let msg = "Are the base node's gRPC mining methods allowed in its 'config.toml'? Please ensure these \ + methods are enabled in:\n 'grpc_server_allow_methods': \"get_new_block_template\", \ \"get_tip_info\", \"get_new_block\", \"submit_block\""; println!("{}", msg); println!(); diff --git a/applications/minotari_miner/src/run_miner.rs b/applications/minotari_miner/src/run_miner.rs index 4e856d549c..e3e41cd4e2 100644 --- a/applications/minotari_miner/src/run_miner.rs +++ b/applications/minotari_miner/src/run_miner.rs @@ -132,9 +132,9 @@ pub async fn start_miner(cli: Cli) -> Result<(), ExitError> { if let MinerError::BaseNodeNotResponding(_) = e { error!(target: LOG_TARGET, "{}", e.to_string()); println!(); - let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods denied in \ - its 'config.toml'? Please ensure these methods are commented out:\n \ - 'grpc_server_deny_methods': \"get_new_block_template\", \"get_tip_info\", \ + let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods allowed in \ + its 'config.toml'? Please ensure these methods are enabled in:\n \ + 'grpc_server_allow_methods': \"get_new_block_template\", \"get_tip_info\", \ \"get_new_block\", \"submit_block\""; println!("{}", msg); println!(); diff --git a/applications/minotari_node/src/cli.rs b/applications/minotari_node/src/cli.rs index d180fed2e5..f4eb4da533 100644 --- a/applications/minotari_node/src/cli.rs +++ b/applications/minotari_node/src/cli.rs @@ -49,6 +49,8 @@ pub struct Cli { pub grpc_enabled: bool, #[clap(long, env = "MINOTARI_NODE_ENABLE_MINING", alias = "enable-mining")] pub mining_enabled: bool, + #[clap(long, env = "MINOTARI_NODE_SECOND_LAYER_GRPC_ENABLED", alias = "enable-second-layer")] + pub second_layer_grpc_enabled: bool, } impl ConfigOverrideProvider for Cli { @@ -67,6 +69,10 @@ impl ConfigOverrideProvider for Cli { overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string())); overrides.push(("base_node.mining_enabled".to_string(), "true".to_string())); } + if self.second_layer_grpc_enabled { + overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string())); + overrides.push(("base_node.second_layer_grpc_enabled".to_string(), "true".to_string())); + } overrides } } diff --git a/applications/minotari_node/src/config.rs b/applications/minotari_node/src/config.rs index 494dbf868b..aac19faacd 100644 --- a/applications/minotari_node/src/config.rs +++ b/applications/minotari_node/src/config.rs @@ -89,13 +89,15 @@ pub struct BaseNodeConfig { /// GRPC address of base node pub grpc_address: Option, /// GRPC server config - which methods are active and which not - pub grpc_server_deny_methods: Vec, + pub grpc_server_allow_methods: Vec, /// GRPC authentication mode pub grpc_authentication: GrpcAuthentication, /// GRPC tls enabled pub grpc_tls_enabled: bool, /// Enable mining on the base node, overriding other settings regarding mining pub mining_enabled: bool, + /// Enable second layer specific grpc methods. + pub second_layer_grpc_enabled: bool, /// A path to the file that stores the base node identity and secret key pub identity_file: PathBuf, /// Spin up and use a built-in Tor instance. This only works on macos/linux - requires that the wallet was built @@ -154,19 +156,11 @@ impl Default for BaseNodeConfig { network: Network::default(), grpc_enabled: true, grpc_address: None, - grpc_server_deny_methods: vec![ - // These gRPC server methods share sensitive information, thus disabled by default - GrpcMethod::GetVersion, - GrpcMethod::CheckForUpdates, - GrpcMethod::GetSyncInfo, - GrpcMethod::GetSyncProgress, - GrpcMethod::GetTipInfo, - GrpcMethod::Identify, - GrpcMethod::GetNetworkStatus, - ], + grpc_server_allow_methods: vec![GrpcMethod::GetVersion], grpc_authentication: GrpcAuthentication::default(), grpc_tls_enabled: false, mining_enabled: false, + second_layer_grpc_enabled: false, identity_file: PathBuf::from("config/base_node_id.json"), use_libtor: true, tor_identity_file: PathBuf::from("config/base_node_tor_id.json"), @@ -280,14 +274,14 @@ mod tests { #[derive(Clone, Serialize, Deserialize, Debug)] #[allow(clippy::struct_excessive_bools)] struct TestInnerConfig { - deny_methods: Vec, + allow_methods: Vec, } #[test] fn it_deserializes_enums() { let config_str = r#" name = "blockchain champion" - inner_config.deny_methods = [ + inner_config.allow_methods = [ "list_headers", "get_constants", # "get_blocks" @@ -298,10 +292,10 @@ mod tests { let config = toml::from_str::(config_str).unwrap(); // Enums in the config - assert!(config.inner_config.deny_methods.contains(&GrpcMethod::ListHeaders)); - assert!(config.inner_config.deny_methods.contains(&GrpcMethod::GetConstants)); - assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config - assert!(config.inner_config.deny_methods.contains(&GrpcMethod::Identify)); - assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config + assert!(config.inner_config.allow_methods.contains(&GrpcMethod::ListHeaders)); + assert!(config.inner_config.allow_methods.contains(&GrpcMethod::GetConstants)); + assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config + assert!(config.inner_config.allow_methods.contains(&GrpcMethod::Identify)); + assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config } } diff --git a/applications/minotari_node/src/grpc/base_node_grpc_server.rs b/applications/minotari_node/src/grpc/base_node_grpc_server.rs index 32369f4312..468bc0f537 100644 --- a/applications/minotari_node/src/grpc/base_node_grpc_server.rs +++ b/applications/minotari_node/src/grpc/base_node_grpc_server.rs @@ -121,6 +121,7 @@ impl BaseNodeGrpcServer { fn is_method_enabled(&self, grpc_method: GrpcMethod) -> bool { let mining_method = vec![ + GrpcMethod::GetVersion, GrpcMethod::GetNewBlockTemplate, GrpcMethod::GetNewBlock, GrpcMethod::GetNewBlockBlob, @@ -128,10 +129,26 @@ impl BaseNodeGrpcServer { GrpcMethod::SubmitBlockBlob, GrpcMethod::GetTipInfo, ]; + + let second_layer_methods = vec![ + GrpcMethod::GetVersion, + GrpcMethod::GetConstants, + GrpcMethod::GetMempoolTransactions, + GrpcMethod::GetTipInfo, + GrpcMethod::GetActiveValidatorNodes, + GrpcMethod::GetShardKey, + GrpcMethod::GetTemplateRegistrations, + GrpcMethod::GetHeaderByHash, + GrpcMethod::GetSideChainUtxos, + ]; if self.config.mining_enabled && mining_method.contains(&grpc_method) { return true; } - !self.config.grpc_server_deny_methods.contains(&grpc_method) + if self.config.second_layer_grpc_enabled && second_layer_methods.contains(&grpc_method) { + return true; + } + + self.config.grpc_server_allow_methods.contains(&grpc_method) } } diff --git a/applications/minotari_node/src/lib.rs b/applications/minotari_node/src/lib.rs index 83fd991cdd..d6b8b0596d 100644 --- a/applications/minotari_node/src/lib.rs +++ b/applications/minotari_node/src/lib.rs @@ -88,6 +88,7 @@ pub async fn run_base_node( profile_with_tokio_console: false, grpc_enabled: false, mining_enabled: false, + second_layer_grpc_enabled: false, }; run_base_node_with_cli(node_identity, config, cli, shutdown).await diff --git a/common/config/presets/c_base_node_b_non_mining_deny_methods.toml b/common/config/presets/c_base_node_b_mining_allow_methods.toml similarity index 64% rename from common/config/presets/c_base_node_b_non_mining_deny_methods.toml rename to common/config/presets/c_base_node_b_mining_allow_methods.toml index 0dfcc8d0f6..8a2d6113dc 100644 --- a/common/config/presets/c_base_node_b_non_mining_deny_methods.toml +++ b/common/config/presets/c_base_node_b_mining_allow_methods.toml @@ -1,7 +1,8 @@ - [base_node] +#mining_enabled = false +#second_layer_grpc_enabled = false # Set to false to disable the base node GRPC server (default = true) -grpc_enabled = false +grpc_enabled = true # The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142") #grpc_address = "/ip4/127.0.0.1/tcp/18142" @@ -12,22 +13,22 @@ grpc_enabled = false # Use gRPC over TLS (default = false) #grpc_tls_enabled = false -# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`) -grpc_server_deny_methods = [ +# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`) +grpc_server_allow_methods = [ "get_version", - "check_for_updates", - "get_sync_info", - "get_sync_progress", + #"check_for_updates", + #"get_sync_info", + #"get_sync_progress", "get_tip_info", - "identify", - "get_network_status", + #"identify", + #"get_network_status", "list_headers", - "get_header_by_hash", - "get_blocks", - "get_block_timing", - "get_constants", - "get_block_size", - "get_block_fees", + #"get_header_by_hash", + #"get_blocks", + #"get_block_timing", + #"get_constants", + #"get_block_size", + #"get_block_fees", "get_tokens_in_circulation", "get_network_difficulty", "get_new_block_template", @@ -39,8 +40,8 @@ grpc_server_deny_methods = [ "search_kernels", "search_utxos", "fetch_matching_utxos", - "get_peers", - "get_mempool_transactions", + #"get_peers", + #"get_mempool_transactions", "transaction_state", "list_connected_peers", "get_mempool_stats", diff --git a/common/config/presets/c_base_node_b_mining_deny_methods.toml b/common/config/presets/c_base_node_b_non_mining_allow_methods.toml similarity index 64% rename from common/config/presets/c_base_node_b_mining_deny_methods.toml rename to common/config/presets/c_base_node_b_non_mining_allow_methods.toml index f0f1d5fcf2..92ebf7cf34 100644 --- a/common/config/presets/c_base_node_b_mining_deny_methods.toml +++ b/common/config/presets/c_base_node_b_non_mining_allow_methods.toml @@ -1,7 +1,8 @@ - [base_node] +#mining_enabled = false +#second_layer_grpc_enabled = false # Set to false to disable the base node GRPC server (default = true) -grpc_enabled = true +grpc_enabled = false # The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142") #grpc_address = "/ip4/127.0.0.1/tcp/18142" @@ -12,22 +13,22 @@ grpc_enabled = true # Use gRPC over TLS (default = false) #grpc_tls_enabled = false -# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`) -grpc_server_deny_methods = [ +# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`) +grpc_server_allow_methods = [ "get_version", - "check_for_updates", - "get_sync_info", - "get_sync_progress", + #"check_for_updates", + #"get_sync_info", + #"get_sync_progress", #"get_tip_info", - "identify", - "get_network_status", + #"identify", + #"get_network_status", #"list_headers", - "get_header_by_hash", - "get_blocks", - "get_block_timing", - "get_constants", - "get_block_size", - "get_block_fees", + #"get_header_by_hash", + #"get_blocks", + #"get_block_timing", + #"get_constants", + #"get_block_size", + #"get_block_fees", #"get_tokens_in_circulation", #"get_network_difficulty", #"get_new_block_template", @@ -39,8 +40,8 @@ grpc_server_deny_methods = [ #"search_kernels", #"search_utxos", #"fetch_matching_utxos", - "get_peers", - "get_mempool_transactions", + #"get_peers", + #"get_mempool_transactions", #"transaction_state", #"list_connected_peers", #"get_mempool_stats", diff --git a/common/src/configuration/utils.rs b/common/src/configuration/utils.rs index 4e98f03ff2..cacd4cc0a6 100644 --- a/common/src/configuration/utils.rs +++ b/common/src/configuration/utils.rs @@ -119,10 +119,10 @@ pub fn prompt_default_config() -> [&'static str; 12] { /// Returns the default configuration file template in parts from the embedded presets. If use_mining_config is true, /// the base node configuration that enables mining is returned, otherwise the non-mining configuration is returned. pub fn get_default_config(use_mining_config: bool) -> [&'static str; 12] { - let base_node_deny_methods = if use_mining_config { - include_str!("../../config/presets/c_base_node_b_mining_deny_methods.toml") + let base_node_allow_methods = if use_mining_config { + include_str!("../../config/presets/c_base_node_b_mining_allow_methods.toml") } else { - include_str!("../../config/presets/c_base_node_b_non_mining_deny_methods.toml") + include_str!("../../config/presets/c_base_node_b_non_mining_allow_methods.toml") }; let common = include_str!("../../config/presets/a_common.toml"); @@ -130,7 +130,7 @@ pub fn get_default_config(use_mining_config: bool) -> [&'static str; 12] { common, include_str!("../../config/presets/b_peer_seeds.toml"), include_str!("../../config/presets/c_base_node_a.toml"), - base_node_deny_methods, + base_node_allow_methods, include_str!("../../config/presets/c_base_node_c.toml"), include_str!("../../config/presets/d_console_wallet.toml"), include_str!("../../config/presets/g_miner.toml"), diff --git a/integration_tests/src/base_node_process.rs b/integration_tests/src/base_node_process.rs index 10d838ad85..d24e16fb29 100644 --- a/integration_tests/src/base_node_process.rs +++ b/integration_tests/src/base_node_process.rs @@ -30,7 +30,7 @@ use std::{ }; use minotari_app_utilities::identity_management::save_as_json; -use minotari_node::{run_base_node, BaseNodeConfig, MetricsConfig}; +use minotari_node::{config::GrpcMethod, run_base_node, BaseNodeConfig, MetricsConfig}; use minotari_node_grpc_client::BaseNodeGrpcClient; use rand::rngs::OsRng; use tari_common::{ @@ -190,8 +190,42 @@ pub async fn spawn_base_node_with_config( if base_node_config.base_node.storage.pruning_horizon != 0 { base_node_config.base_node.storage.pruning_interval = 1; }; - - base_node_config.base_node.grpc_server_deny_methods = vec![]; + base_node_config.base_node.grpc_server_allow_methods = vec![ + GrpcMethod::ListHeaders, + GrpcMethod::GetHeaderByHash, + GrpcMethod::GetBlocks, + GrpcMethod::GetBlockTiming, + GrpcMethod::GetConstants, + GrpcMethod::GetBlockSize, + GrpcMethod::GetBlockFees, + GrpcMethod::GetVersion, + GrpcMethod::CheckForUpdates, + GrpcMethod::GetTokensInCirculation, + GrpcMethod::GetNetworkDifficulty, + GrpcMethod::GetNewBlockTemplate, + GrpcMethod::GetNewBlock, + GrpcMethod::GetNewBlockBlob, + GrpcMethod::SubmitBlock, + GrpcMethod::SubmitBlockBlob, + GrpcMethod::SubmitTransaction, + GrpcMethod::GetSyncInfo, + GrpcMethod::GetSyncProgress, + GrpcMethod::GetTipInfo, + GrpcMethod::SearchKernels, + GrpcMethod::SearchUtxos, + GrpcMethod::FetchMatchingUtxos, + GrpcMethod::GetPeers, + GrpcMethod::GetMempoolTransactions, + GrpcMethod::TransactionState, + GrpcMethod::Identify, + GrpcMethod::GetNetworkStatus, + GrpcMethod::ListConnectedPeers, + GrpcMethod::GetMempoolStats, + GrpcMethod::GetActiveValidatorNodes, + GrpcMethod::GetShardKey, + GrpcMethod::GetTemplateRegistrations, + GrpcMethod::GetSideChainUtxos, + ]; // Heirachically set the base path for all configs base_node_config.base_node.set_base_path(temp_dir_path.clone());