From c5efb715a5870ed7f20a6b539255c390c514d3e9 Mon Sep 17 00:00:00 2001 From: Gary Yu Date: Tue, 8 Jan 2019 03:42:11 +0800 Subject: [PATCH] add https as optional for server api (#2310) * add tls as optional config for server api * add error log if start_rest_apis fail --- api/src/handlers.rs | 9 ++++++++- config/src/comments.rs | 5 +++++ servers/src/common/types.rs | 9 +++++++++ servers/src/grin/server.rs | 18 +++++++++++++++++- 4 files changed, 39 insertions(+), 2 deletions(-) diff --git a/api/src/handlers.rs b/api/src/handlers.rs index e0aea1818..9afd229c5 100644 --- a/api/src/handlers.rs +++ b/api/src/handlers.rs @@ -86,7 +86,14 @@ pub fn start_rest_apis( info!("Starting HTTP API server at {}.", addr); let socket_addr: SocketAddr = addr.parse().expect("unable to parse socket address"); - apis.start(socket_addr, router, tls_config).is_ok() + let res = apis.start(socket_addr, router, tls_config); + match res { + Ok(_) => true, + Err(e) => { + error!("HTTP API server failed to start. Err: {}", e); + false + } + } } pub fn build_router( diff --git a/config/src/comments.rs b/config/src/comments.rs index 0d96053ba..5b339d591 100644 --- a/config/src/comments.rs +++ b/config/src/comments.rs @@ -43,6 +43,11 @@ fn comments() -> HashMap { retval.insert( "api_http_addr".to_string(), " +#path of TLS certificate file, self-signed certificates are not supported +#tls_certificate_file = \"\" +#private key for the TLS certificate +#tls_certificate_key = \"\" + #the address on which services will listen, e.g. Transaction Pool " .to_string(), diff --git a/servers/src/common/types.rs b/servers/src/common/types.rs index 626c9a64f..72db40a03 100644 --- a/servers/src/common/types.rs +++ b/servers/src/common/types.rs @@ -46,6 +46,8 @@ pub enum Error { Cuckoo(pow::Error), /// Error originating from the transaction pool. Pool(pool::PoolError), + /// Invalid Arguments. + ArgumentError(String), } impl From for Error { @@ -124,6 +126,11 @@ pub struct ServerConfig { /// Location of secret for basic auth on Rest API HTTP server. pub api_secret_path: Option, + /// TLS certificate file + pub tls_certificate_file: Option, + /// TLS certificate private key file + pub tls_certificate_key: Option, + /// Setup the server for tests, testnet or mainnet #[serde(default)] pub chain_type: ChainTypes, @@ -174,6 +181,8 @@ impl Default for ServerConfig { db_root: "grin_chain".to_string(), api_http_addr: "127.0.0.1:3413".to_string(), api_secret_path: Some(".api_secret".to_string()), + tls_certificate_file: None, + tls_certificate_key: None, p2p_config: p2p::P2PConfig::default(), dandelion_config: pool::DandelionConfig::default(), stratum_mining_config: Some(StratumServerConfig::default()), diff --git a/servers/src/grin/server.rs b/servers/src/grin/server.rs index e8ace36d3..348419e7d 100644 --- a/servers/src/grin/server.rs +++ b/servers/src/grin/server.rs @@ -21,6 +21,7 @@ use std::sync::Arc; use std::{thread, time}; use crate::api; +use crate::api::TLSConfig; use crate::chain; use crate::common::adapters::{ ChainToPoolAndNetAdapter, NetToChainAdapter, PoolToChainAdapter, PoolToNetAdapter, @@ -223,13 +224,28 @@ impl Server { info!("Starting rest apis at: {}", &config.api_http_addr); let api_secret = get_first_line(config.api_secret_path.clone()); + + let tls_conf = match config.tls_certificate_file.clone() { + None => None, + Some(file) => { + let key = match config.tls_certificate_key.clone() { + Some(k) => k, + None => { + let msg = format!("Private key for certificate is not set"); + return Err(Error::ArgumentError(msg)); + } + }; + Some(TLSConfig::new(file, key)) + } + }; + api::start_rest_apis( config.api_http_addr.clone(), shared_chain.clone(), tx_pool.clone(), p2p_server.peers.clone(), api_secret, - None, + tls_conf, ); info!("Starting dandelion monitor: {}", &config.api_http_addr);