From 883cb05f265c61f82bed5109ca52c9098ecff06e Mon Sep 17 00:00:00 2001 From: abitmore Date: Sat, 17 Mar 2018 08:01:08 -0400 Subject: [PATCH] Add app option to disallow universal subscription --- libraries/app/api.cpp | 2 +- libraries/app/application.cpp | 11 ++++++++++- libraries/app/database_api.cpp | 16 ++++++++++++---- .../app/include/graphene/app/application.hpp | 8 ++++++++ .../app/include/graphene/app/database_api.hpp | 2 +- 5 files changed, 32 insertions(+), 7 deletions(-) diff --git a/libraries/app/api.cpp b/libraries/app/api.cpp index febbbfa612..f02c99496b 100644 --- a/libraries/app/api.cpp +++ b/libraries/app/api.cpp @@ -78,7 +78,7 @@ namespace graphene { namespace app { { if( api_name == "database_api" ) { - _database_api = std::make_shared< database_api >( std::ref( *_app.chain_database() ) ); + _database_api = std::make_shared< database_api >( std::ref( *_app.chain_database() ), &( _app.get_options() ) ); } else if( api_name == "block_api" ) { diff --git a/libraries/app/application.cpp b/libraries/app/application.cpp index b417ef483f..9e5d0fbe6f 100644 --- a/libraries/app/application.cpp +++ b/libraries/app/application.cpp @@ -111,6 +111,7 @@ namespace detail { fc::optional _lock_file; bool _is_block_producer = false; bool _force_validate = false; + application_options _app_options; void reset_p2p_node(const fc::path& data_dir) { try { @@ -404,6 +405,9 @@ namespace detail { _force_validate = true; } + if( _options->count("enable-subscribe-to-all") ) + _app_options.enable_subscribe_to_all = _options->at("enable-subscribe-to-all").as(); + if( _options->count("api-access") ) { if(fc::exists(_options->at("api-access").as())) @@ -419,7 +423,6 @@ namespace detail { std::exit(EXIT_FAILURE); } } - else { // TODO: Remove this generous default access policy @@ -933,6 +936,7 @@ void application::set_program_options(boost::program_options::options_descriptio ("dbg-init-key", bpo::value(), "Block signing key to use for init witnesses, overrides genesis file") ("api-access", bpo::value(), "JSON file specifying API permissions") ("plugins", bpo::value(), "Space-separated list of plugins to activate") + ("enable-subscribe-to-all", bpo::value()->implicit_value(false), "Whether allow API clients to subscribe to universal object creation and removal events") ; command_line_options.add(configuration_file_options); command_line_options.add_options() @@ -1098,5 +1102,10 @@ void application::startup_plugins() return; } +const application_options& application::get_options() +{ + return my->_app_options; +} + // namespace detail } } diff --git a/libraries/app/database_api.cpp b/libraries/app/database_api.cpp index 24bae1af6f..0fda990e27 100644 --- a/libraries/app/database_api.cpp +++ b/libraries/app/database_api.cpp @@ -53,7 +53,7 @@ class database_api_impl; class database_api_impl : public std::enable_shared_from_this { public: - database_api_impl( graphene::chain::database& db ); + database_api_impl( graphene::chain::database& db, const application_options* app_options ); ~database_api_impl(); @@ -229,6 +229,7 @@ class database_api_impl : public std::enable_shared_from_this boost::signals2::scoped_connection _pending_trx_connection; map< pair, std::function > _market_subscriptions; graphene::chain::database& _db; + const application_options* _app_options = nullptr; }; ////////////////////////////////////////////////////////////////////// @@ -237,12 +238,13 @@ class database_api_impl : public std::enable_shared_from_this // // ////////////////////////////////////////////////////////////////////// -database_api::database_api( graphene::chain::database& db ) - : my( new database_api_impl( db ) ) {} +database_api::database_api( graphene::chain::database& db, const application_options* app_options ) + : my( new database_api_impl( db, app_options ) ) {} database_api::~database_api() {} -database_api_impl::database_api_impl( graphene::chain::database& db ):_db(db) +database_api_impl::database_api_impl( graphene::chain::database& db, const application_options* app_options ) +:_db(db), _app_options(app_options) { wlog("creating database api ${x}", ("x",int64_t(this)) ); _new_connection = _db.new_objects.connect([this](const vector& ids, const flat_set& impacted_accounts) { @@ -315,6 +317,12 @@ void database_api::set_subscribe_callback( std::function c void database_api_impl::set_subscribe_callback( std::function cb, bool notify_remove_create ) { + if( notify_remove_create ) + { + FC_ASSERT( _app_options && _app_options->enable_subscribe_to_all, + "Subscribing to universal object creation and removal is disallowed in this server." ); + } + _subscribe_callback = cb; _notify_remove_create = notify_remove_create; _subscribed_accounts.clear(); diff --git a/libraries/app/include/graphene/app/application.hpp b/libraries/app/include/graphene/app/application.hpp index 6f55c390b1..a9b0e252ec 100644 --- a/libraries/app/include/graphene/app/application.hpp +++ b/libraries/app/include/graphene/app/application.hpp @@ -35,6 +35,12 @@ namespace graphene { namespace app { class abstract_plugin; + class application_options + { + public: + bool enable_subscribe_to_all = false; + }; + class application { public: @@ -89,6 +95,8 @@ namespace graphene { namespace app { /// Emitted when syncing finishes (is_finished_syncing will return true) boost::signals2::signal syncing_finished; + const application_options& get_options(); + private: void enable_plugin( const string& name ); void add_available_plugin( std::shared_ptr p ); diff --git a/libraries/app/include/graphene/app/database_api.hpp b/libraries/app/include/graphene/app/database_api.hpp index 8e273b298b..d0de2762a2 100644 --- a/libraries/app/include/graphene/app/database_api.hpp +++ b/libraries/app/include/graphene/app/database_api.hpp @@ -122,7 +122,7 @@ struct market_trade class database_api { public: - database_api(graphene::chain::database& db); + database_api(graphene::chain::database& db, const application_options* app_options = nullptr ); ~database_api(); /////////////