// Copyright 2014 The go-ethereum Authors // This file is part of the go-ethereum library. // // The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with the go-ethereum library. If not, see . package node import ( "crypto/ecdsa" "fmt" "os" "path/filepath" "runtime" "strings" "sync" "github.com/ledgerwatch/erigon-lib/kv" "github.com/ledgerwatch/erigon/common" "github.com/ledgerwatch/erigon/common/paths" "github.com/ledgerwatch/erigon/crypto" "github.com/ledgerwatch/erigon/p2p" "github.com/ledgerwatch/erigon/p2p/enode" "github.com/ledgerwatch/erigon/rpc" "github.com/ledgerwatch/log/v3" ) const ( datadirPrivateKey = "nodekey" // Path within the datadir to the node's private key datadirStaticNodes = "static-nodes.json" // Path within the datadir to the static node list datadirTrustedNodes = "trusted-nodes.json" // Path within the datadir to the trusted node list datadirNodeDatabase = "nodes" // Path within the datadir to store the node infos ) // Config represents a small collection of configuration values to fine tune the // P2P network layer of a protocol stack. These values can be further extended by // all registered services. type Config struct { // Name sets the instance name of the node. It must not contain the / character and is // used in the devp2p node identifier. The instance name of Erigon is "erigon". If no // value is specified, the basename of the current executable is used. Name string `toml:"-"` // UserIdent, if set, is used as an additional component in the devp2p node identifier. UserIdent string `toml:",omitempty"` // Version should be set to the version number of the program. It is used // in the devp2p node identifier. Version string `toml:"-"` // DataDir is the file system folder the node should use for any data storage // requirements. The configured data directory will not be directly shared with // registered services, instead those can use utility methods to create/access // databases or flat files. This enables ephemeral nodes which can fully reside // in memory. DataDir string // Configuration of peer-to-peer networking. P2P p2p.Config // IPCPath is the requested location to place the IPC endpoint. If the path is // a simple file name, it is placed inside the data directory (or on the root // pipe path on Windows), whereas if it's a resolvable path name (absolute or // relative), then that specific path is enforced. An empty path disables IPC. IPCPath string // HTTPHost is the host interface on which to start the HTTP RPC server. If this // field is empty, no HTTP API endpoint will be started. HTTPHost string // HTTPPort is the TCP port number on which to start the HTTP RPC server. The // default zero value is/ valid and will pick a port number randomly (useful // for ephemeral nodes). HTTPPort int `toml:",omitempty"` // HTTPCors is the Cross-Origin Resource Sharing header to send to requesting // clients. Please be aware that CORS is a browser enforced security, it's fully // useless for custom HTTP clients. HTTPCors []string `toml:",omitempty"` // HTTPVirtualHosts is the list of virtual hostnames which are allowed on incoming requests. // This is by default {'localhost'}. Using this prevents attacks like // DNS rebinding, which bypasses SOP by simply masquerading as being within the same // origin. These attacks do not utilize CORS, since they are not cross-domain. // By explicitly checking the Host-header, the server will not allow requests // made against the server with a malicious host domain. // Requests using ip address directly are not affected HTTPVirtualHosts []string `toml:",omitempty"` // HTTPModules is a list of API modules to expose via the HTTP RPC interface. // If the module list is empty, all RPC API endpoints designated public will be // exposed. HTTPModules []string // HTTPTimeouts allows for customization of the timeout values used by the HTTP RPC // interface. HTTPTimeouts rpc.HTTPTimeouts // HTTPPathPrefix specifies a path prefix on which http-rpc is to be served. HTTPPathPrefix string `toml:",omitempty"` // WSHost is the host interface on which to start the websocket RPC server. If // this field is empty, no websocket API endpoint will be started. WSHost string // WSPort is the TCP port number on which to start the websocket RPC server. The // default zero value is/ valid and will pick a port number randomly (useful for // ephemeral nodes). WSPort int `toml:",omitempty"` // WSPathPrefix specifies a path prefix on which ws-rpc is to be served. WSPathPrefix string `toml:",omitempty"` // WSOrigins is the list of domain to accept websocket requests from. Please be // aware that the server can only act upon the HTTP request the client sends and // cannot verify the validity of the request header. WSOrigins []string `toml:",omitempty"` // WSModules is a list of API modules to expose via the websocket RPC interface. // If the module list is empty, all RPC API endpoints designated public will be // exposed. WSModules []string // WSExposeAll exposes all API modules via the WebSocket RPC interface rather // than just the public ones. // // *WARNING* Only set this if the node is running in a trusted network, exposing // private APIs to untrusted users is a major security risk. WSExposeAll bool `toml:",omitempty"` // Logger is a custom logger to use with the p2p.Server. Logger log.Logger `toml:",omitempty"` DatabaseVerbosity kv.DBVerbosityLvl // Address to listen to when launchig listener for remote database access // empty string means not to start the listener PrivateApiAddr string PrivateApiRateLimit uint32 staticNodesWarning bool trustedNodesWarning bool TLSConnection bool TLSCertFile string // AllowUnprotectedTxs allows non EIP-155 protected transactions to be send over RPC. AllowUnprotectedTxs bool `toml:",omitempty"` TLSKeyFile string TLSCACert string } // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into // account the set data folders as well as the designated platform we're currently // running on. func (c *Config) IPCEndpoint() string { // Short circuit if IPC has not been enabled if c.IPCPath == "" { return "" } // On windows we can only use plain top-level pipes if runtime.GOOS == "windows" { if strings.HasPrefix(c.IPCPath, `\\.\pipe\`) { return c.IPCPath } return `\\.\pipe\` + c.IPCPath } // Resolve names into the data directory full paths otherwise if filepath.Base(c.IPCPath) == c.IPCPath { if c.DataDir == "" { return filepath.Join(os.TempDir(), c.IPCPath) } return filepath.Join(c.DataDir, c.IPCPath) } return c.IPCPath } // NodeDB returns the path to the discovery node database. func (c *Config) NodeDB() string { return c.ResolvePath(datadirNodeDatabase) } // DefaultIPCEndpoint returns the IPC path used by default. func DefaultIPCEndpoint(clientIdentifier string) string { if clientIdentifier == "" { clientIdentifier = strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") if clientIdentifier == "" { panic("empty executable name") } } config := &Config{DataDir: paths.DefaultDataDir(), IPCPath: clientIdentifier + ".ipc"} return config.IPCEndpoint() } // HTTPEndpoint resolves an HTTP endpoint based on the configured host interface // and port parameters. func (c *Config) HTTPEndpoint() string { if c.HTTPHost == "" { return "" } return fmt.Sprintf("%s:%d", c.HTTPHost, c.HTTPPort) } // DefaultHTTPEndpoint returns the HTTP endpoint used by default. func DefaultHTTPEndpoint() string { config := &Config{HTTPHost: DefaultHTTPHost, HTTPPort: DefaultHTTPPort} return config.HTTPEndpoint() } // WSEndpoint resolves a websocket endpoint based on the configured host interface // and port parameters. func (c *Config) WSEndpoint() string { if c.WSHost == "" { return "" } return fmt.Sprintf("%s:%d", c.WSHost, c.WSPort) } // DefaultWSEndpoint returns the websocket endpoint used by default. func DefaultWSEndpoint() string { config := &Config{WSHost: DefaultWSHost, WSPort: DefaultWSPort} return config.WSEndpoint() } // ExtRPCEnabled returns the indicator whether node enables the external // RPC(http or ws). func (c *Config) ExtRPCEnabled() bool { return c.HTTPHost != "" || c.WSHost != "" } // NodeName returns the devp2p node identifier. func (c *Config) NodeName() string { name := c.name() if c.UserIdent != "" { name += "/" + c.UserIdent } if c.Version != "" { name += "/v" + c.Version } name += "/" + runtime.GOOS + "-" + runtime.GOARCH name += "/" + runtime.Version() return name } func (c *Config) name() string { if c.Name == "" { progname := strings.TrimSuffix(filepath.Base(os.Args[0]), ".exe") if progname == "" { panic("empty executable name, set Config.Name") } return progname } return c.Name } // ResolvePath resolves path in the instance directory. func (c *Config) ResolvePath(path string) string { if filepath.IsAbs(path) { return path } if c.DataDir == "" { return "" } return filepath.Join(c.DataDir, path) } // NodeKey retrieves the currently configured private key of the node, checking // first any manually set key, falling back to the one found in the configured // data folder. If no key can be found, a new one is generated. func (c *Config) NodeKey() (*ecdsa.PrivateKey, error) { // Use any specifically configured key. if c.P2P.PrivateKey != nil { return c.P2P.PrivateKey, nil } // Generate ephemeral key if no datadir is being used. if c.DataDir == "" { key, err := crypto.GenerateKey() if err != nil { return key, fmt.Errorf("failed to generate ephemeral node key: %w", err) } return key, nil } keyfile := c.ResolvePath(datadirPrivateKey) if key, err := crypto.LoadECDSA(keyfile); err == nil { return key, nil } // No persistent key found, generate and store a new one. key, err := crypto.GenerateKey() if err != nil { log.Crit(fmt.Sprintf("Failed to generate node key: %v", err)) } instanceDir := c.DataDir if err := os.MkdirAll(instanceDir, 0700); err != nil { log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) return key, nil } keyfile = filepath.Join(instanceDir, datadirPrivateKey) if err := crypto.SaveECDSA(keyfile, key); err != nil { log.Error(fmt.Sprintf("Failed to persist node key: %v", err)) } return key, nil } // StaticNodes returns a list of node enode URLs configured as static nodes. func (c *Config) StaticNodes() ([]*enode.Node, error) { dbPath := c.ResolvePath(datadirStaticNodes) return c.parsePersistentNodes(&c.staticNodesWarning, dbPath), nil } // TrustedNodes returns a list of node enode URLs configured as trusted nodes. func (c *Config) TrustedNodes() ([]*enode.Node, error) { dbPath := c.ResolvePath(datadirTrustedNodes) return c.parsePersistentNodes(&c.trustedNodesWarning, dbPath), nil } // parsePersistentNodes parses a list of discovery node URLs loaded from a .json // file from within the data directory. func (c *Config) parsePersistentNodes(w *bool, path string) []*enode.Node { // Short circuit if no node config is present if c.DataDir == "" { return nil } if _, err := os.Stat(path); err != nil { return nil } c.warnOnce(w, "Found deprecated node list file %s, please use the TOML config file instead.", path) // Load the nodes from the config file. var nodelist []string if err := common.LoadJSON(path, &nodelist); err != nil { log.Error(fmt.Sprintf("Can't load node list file: %v", err)) return nil } // Interpret the list as a discovery node array var nodes []*enode.Node for _, url := range nodelist { if url == "" { continue } node, err := enode.Parse(enode.ValidSchemes, url) if err != nil { log.Error(fmt.Sprintf("Node URL %s: %v\n", url, err)) continue } nodes = append(nodes, node) } return nodes } var warnLock sync.Mutex func (c *Config) warnOnce(w *bool, format string, args ...interface{}) { warnLock.Lock() defer warnLock.Unlock() if *w { return } l := c.Logger if l == nil { l = log.Root() } l.Warn(fmt.Sprintf(format, args...)) *w = true }