API Token Fixes (#218)

* split api secret into owner_api secret and node api secrets

* update for master, drop requirement for authentication for foreign api when run on same port as owner api

* rustfmt

* re-trigger build

config/src/config.rs

@@ -37,8 +37,10 @@ const WALLET_LOG_FILE_NAME: &'static str = "grin-wallet.log";
 const GRIN_HOME: &'static str = ".grin";
 /// Wallet data directory
 pub const GRIN_WALLET_DIR: &'static str = "wallet_data";
-/// API secret
+/// Node API secret
 pub const API_SECRET_FILE_NAME: &'static str = ".api_secret";
+/// Owner API secret
+pub const OWNER_API_SECRET_FILE_NAME: &'static str = ".owner_api_secret";
 
 fn get_grin_path(chain_type: &global::ChainTypes) -> Result<PathBuf, ConfigError> {
 	// Check if grin dir exists
@@ -98,13 +100,14 @@ pub fn check_api_secret(api_secret_path: &PathBuf) -> Result<(), ConfigError> {
 fn check_api_secret_file(
 	chain_type: &global::ChainTypes,
 	data_path: Option<PathBuf>,
+	file_name: &str,
 ) -> Result<(), ConfigError> {
 	let grin_path = match data_path {
 		Some(p) => p,
 		None => get_grin_path(chain_type)?,
 	};
 	let mut api_secret_path = grin_path.clone();
-	api_secret_path.push(API_SECRET_FILE_NAME);
+	api_secret_path.push(file_name);
 	if !api_secret_path.exists() {
 		init_api_secret(&api_secret_path)
 	} else {
@@ -117,7 +120,8 @@ pub fn initial_setup_wallet(
 	chain_type: &global::ChainTypes,
 	data_path: Option<PathBuf>,
 ) -> Result<GlobalWalletConfig, ConfigError> {
-	check_api_secret_file(chain_type, data_path.clone())?;
+	check_api_secret_file(chain_type, data_path.clone(), OWNER_API_SECRET_FILE_NAME)?;
+	check_api_secret_file(chain_type, data_path.clone(), API_SECRET_FILE_NAME)?;
 	// Use config file if current directory if it exists, .grin home otherwise
 	if let Some(p) = check_config_current_dir(WALLET_CONFIG_FILE_NAME) {
 		GlobalWalletConfig::new(p.to_str().unwrap())
@@ -237,7 +241,7 @@ impl GlobalWalletConfig {
 		self.members.as_mut().unwrap().wallet.data_file_dir =
 			wallet_path.to_str().unwrap().to_owned();
 		let mut secret_path = wallet_home.clone();
-		secret_path.push(API_SECRET_FILE_NAME);
+		secret_path.push(OWNER_API_SECRET_FILE_NAME);
 		self.members.as_mut().unwrap().wallet.api_secret_path =
 			Some(secret_path.to_str().unwrap().to_owned());
 		let mut node_secret_path = wallet_home.clone();

config/src/types.rs

@@ -65,7 +65,7 @@ impl Default for WalletConfig {
 			api_listen_interface: "127.0.0.1".to_string(),
 			api_listen_port: 3415,
 			owner_api_listen_port: Some(WalletConfig::default_owner_api_listen_port()),
-			api_secret_path: Some(".api_secret".to_string()),
+			api_secret_path: Some(".owner_api_secret".to_string()),
 			node_api_secret_path: Some(".api_secret".to_string()),
 			check_node_api_http_addr: "http://127.0.0.1:3413".to_string(),
 			owner_api_include_foreign: Some(false),

controller/src/command.rs

@@ -45,6 +45,7 @@ fn show_recovery_phrase(phrase: ZeroingString) {
 #[derive(Clone)]
 pub struct GlobalArgs {
 	pub account: String,
+	pub api_secret: Option<String>,
 	pub node_api_secret: Option<String>,
 	pub show_spent: bool,
 	pub chain_type: global::ChainTypes,
@@ -178,7 +179,7 @@ where
 		wallet,
 		km,
 		config.owner_api_listen_addr().as_str(),
-		g_args.node_api_secret.clone(),
+		g_args.api_secret.clone(),
 		g_args.tls_conf.clone(),
 		config.owner_api_include_foreign.clone(),
 	);

controller/src/controller.rs

@@ -137,6 +137,7 @@ where
 		let basic_auth_middleware = Arc::new(BasicAuthMiddleware::new(
 			api_basic_auth,
 			&GRIN_OWNER_BASIC_REALM,
+			Some("/v2/foreign".into()),
 		));
 		router.add_middleware(basic_auth_middleware);
 	}

impls/src/backends/lmdb.rs

@@ -296,7 +296,8 @@ where
 			Some(i) => to_key_u64(OUTPUT_PREFIX, &mut id.to_bytes().to_vec(), *i),
 			None => to_key(OUTPUT_PREFIX, &mut id.to_bytes().to_vec()),
 		};
-		option_to_not_found(self.db.get_ser(&key), &format!("Key Id: {}", id)).map_err(|e| e.into())
+		option_to_not_found(self.db.get_ser(&key), || format!("Key Id: {}", id))
+			.map_err(|e| e.into())
 	}
 
 	fn iter<'a>(&'a self) -> Box<dyn Iterator<Item = OutputData> + 'a> {
@@ -326,10 +327,9 @@ where
 		let (blind_xor_key, nonce_xor_key) =
 			private_ctx_xor_keys(&self.keychain(keychain_mask)?, slate_id)?;
 
-		let mut ctx: Context = option_to_not_found(
-			self.db.get_ser(&ctx_key),
-			&format!("Slate id: {:x?}", slate_id.to_vec()),
-		)?;
+		let mut ctx: Context = option_to_not_found(self.db.get_ser(&ctx_key), || {
+			format!("Slate id: {:x?}", slate_id.to_vec())
+		})?;
 
 		for i in 0..SECRET_KEY_SIZE {
 			ctx.sec_key.0[i] = ctx.sec_key.0[i] ^ blind_xor_key[i];
@@ -485,10 +485,9 @@ where
 			Some(i) => to_key_u64(OUTPUT_PREFIX, &mut id.to_bytes().to_vec(), *i),
 			None => to_key(OUTPUT_PREFIX, &mut id.to_bytes().to_vec()),
 		};
-		option_to_not_found(
-			self.db.borrow().as_ref().unwrap().get_ser(&key),
-			&format!("Key ID: {}", id),
-		)
+		option_to_not_found(self.db.borrow().as_ref().unwrap().get_ser(&key), || {
+			format!("Key ID: {}", id)
+		})
 		.map_err(|e| e.into())
 	}
 

src/cmd/wallet_args.rs

@@ -265,6 +265,7 @@ pub fn parse_global_args(
 	if args.is_present("show_spent") {
 		show_spent = true;
 	}
+	let api_secret = get_first_line(config.api_secret_path.clone());
 	let node_api_secret = get_first_line(config.node_api_secret_path.clone());
 	let password = match args.value_of("pass") {
 		None => None,
@@ -297,6 +298,7 @@ pub fn parse_global_args(
 		account: account.to_owned(),
 		show_spent: show_spent,
 		chain_type: chain_type,
+		api_secret: api_secret,
 		node_api_secret: node_api_secret,
 		password: password,
 		tls_conf: tls_conf,