core-lightning/plugins/clnrest/utilities/shared.py

import json5
import ipaddress


CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CSP, REST_CORS_ORIGINS = "", "", "", "", "", []


class RuneError(Exception):
    def __init__(self, error=str({"code": 1501, "message": "Not authorized: Missing or invalid rune"})):
        self.error = error
        super().__init__(self.error)


def validate_ip4(ip_str):
    try:
        # Create an IPv4 address object.
        ipaddress.IPv4Address(ip_str)
        return True
    except ipaddress.AddressValueError:
        return False


def validate_ip6(ip_str):
    try:
        # Create an IPv6 address object.
        ipaddress.IPv6Address(ip_str)
        return True
    except ipaddress.AddressValueError:
        return False


def validate_port(port):
    try:
        # Ports <= 1024 are reserved for system processes
        return 1024 <= port <= 65535
    except ValueError:
        return False


def set_config(options):
    if 'rest-port' not in options:
        return "`rest-port` option is not configured"
    global CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CSP, REST_CORS_ORIGINS

    REST_PORT = int(options["rest-port"])
    if validate_port(REST_PORT) is False:
        return f"`rest-port` {REST_PORT}, should be a valid available port between 1024 and 65535."

    REST_HOST = str(options["rest-host"])
    if REST_HOST != "localhost" and validate_ip4(REST_HOST) is False and validate_ip6(REST_HOST) is False:
        return f"`rest-host` should be a valid IP."

    REST_PROTOCOL = str(options["rest-protocol"])
    if REST_PROTOCOL != "http" and REST_PROTOCOL != "https":
        return f"`rest-protocol` can either be http or https."

    CERTS_PATH = str(options["rest-certs"])
    REST_CSP = str(options["rest-csp"])
    cors_origins = options["rest-cors-origins"]
    REST_CORS_ORIGINS.clear()
    for origin in cors_origins:
        REST_CORS_ORIGINS.append(str(origin))

    return None


def call_rpc_method(plugin, rpc_method, payload):
    return plugin.rpc.call(rpc_method, payload)


def verify_rune(plugin, rune, rpc_method, rpc_params):
    if rune is None:
        raise RuneError({"code": 1501, "message": "Not authorized: Missing rune"})

    return call_rpc_method(plugin, "checkrune",
                           {"rune": rune,
                            "method": rpc_method,
                            "params": rpc_params})


def process_help_response(help_response):
    # Use json5.loads due to single quotes in response
    processed_res = json5.loads(str(help_response))["help"]
    line = "\n---------------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\n"
    processed_html_res = ""
    for row in processed_res:
        processed_html_res += f"Command: {row['command']}\n"
        processed_html_res += f"Category: {row['category']}\n"
        processed_html_res += f"Description: {row['description']}\n"
        processed_html_res += f"Verbose: {row['verbose']}\n"
        processed_html_res += line
    return processed_html_res
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30			`import json5`
clnrest: code refactoring for: - certificate generation - config options validation - log level from 'error' to 'info' - sending method as None instead "" - added `listclnrest-notifications` for websocket server rune method Changelog-Fixed: websocket server notifications are available with restriction of `readonly` runes 2023-10-02 17:45:01 +02:00			`import ipaddress`

plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30
plugins/clnrest: Add `rest-csp` option for config 2023-09-12 21:53:08 -07:00			`CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CSP, REST_CORS_ORIGINS = "", "", "", "", "", []`
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30

clnrest: don't try to handle plugin.rpc.call results. It already throws an exception or error, or decodes the JSON response: we can simply pass it through. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-11-10 13:24:46 +10:30			`class RuneError(Exception):`
			`def __init__(self, error=str({"code": 1501, "message": "Not authorized: Missing or invalid rune"})):`
			`self.error = error`
			`super().__init__(self.error)`


clnrest: code refactoring for: - certificate generation - config options validation - log level from 'error' to 'info' - sending method as None instead "" - added `listclnrest-notifications` for websocket server rune method Changelog-Fixed: websocket server notifications are available with restriction of `readonly` runes 2023-10-02 17:45:01 +02:00			`def validate_ip4(ip_str):`
			`try:`
			`# Create an IPv4 address object.`
			`ipaddress.IPv4Address(ip_str)`
			`return True`
			`except ipaddress.AddressValueError:`
			`return False`


			`def validate_ip6(ip_str):`
			`try:`
			`# Create an IPv6 address object.`
			`ipaddress.IPv6Address(ip_str)`
			`return True`
			`except ipaddress.AddressValueError:`
			`return False`


			`def validate_port(port):`
			`try:`
			`# Ports <= 1024 are reserved for system processes`
			`return 1024 <= port <= 65535`
			`except ValueError:`
			`return False`


plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30			`def set_config(options):`
plugins/clnrest: disable ourselves unless rest-port is set. This mirrors grpc's behavior, and avoids listening on ports without explicit user permission. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-15 14:13:01 +09:30			`if 'rest-port' not in options:`
			return "`rest-port` option is not configured"
plugins/clnrest: Add `rest-csp` option for config 2023-09-12 21:53:08 -07:00			`global CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CSP, REST_CORS_ORIGINS`
clnrest: code refactoring for: - certificate generation - config options validation - log level from 'error' to 'info' - sending method as None instead "" - added `listclnrest-notifications` for websocket server rune method Changelog-Fixed: websocket server notifications are available with restriction of `readonly` runes 2023-10-02 17:45:01 +02:00
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30			`REST_PORT = int(options["rest-port"])`
clnrest: code refactoring for: - certificate generation - config options validation - log level from 'error' to 'info' - sending method as None instead "" - added `listclnrest-notifications` for websocket server rune method Changelog-Fixed: websocket server notifications are available with restriction of `readonly` runes 2023-10-02 17:45:01 +02:00			`if validate_port(REST_PORT) is False:`
			return f"`rest-port` {REST_PORT}, should be a valid available port between 1024 and 65535."

			`REST_HOST = str(options["rest-host"])`
			`if REST_HOST != "localhost" and validate_ip4(REST_HOST) is False and validate_ip6(REST_HOST) is False:`
			return f"`rest-host` should be a valid IP."

			`REST_PROTOCOL = str(options["rest-protocol"])`
			`if REST_PROTOCOL != "http" and REST_PROTOCOL != "https":`
			return f"`rest-protocol` can either be http or https."

			`CERTS_PATH = str(options["rest-certs"])`
plugins/clnrest: Add `rest-csp` option for config 2023-09-12 21:53:08 -07:00			`REST_CSP = str(options["rest-csp"])`
plugins/clnrest: Add `rest-cors-origins` option for config 2023-09-11 21:27:13 -07:00			`cors_origins = options["rest-cors-origins"]`
			`REST_CORS_ORIGINS.clear()`
			`for origin in cors_origins:`
			`REST_CORS_ORIGINS.append(str(origin))`

plugins/clnrest: disable ourselves unless rest-port is set. This mirrors grpc's behavior, and avoids listening on ports without explicit user permission. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-15 14:13:01 +09:30			`return None`
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30

			`def call_rpc_method(plugin, rpc_method, payload):`
clnrest: don't try to handle plugin.rpc.call results. It already throws an exception or error, or decodes the JSON response: we can simply pass it through. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-11-10 13:24:46 +10:30			`return plugin.rpc.call(rpc_method, payload)`
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30

clnrest: code refactoring for: - certificate generation - config options validation - log level from 'error' to 'info' - sending method as None instead "" - added `listclnrest-notifications` for websocket server rune method Changelog-Fixed: websocket server notifications are available with restriction of `readonly` runes 2023-10-02 17:45:01 +02:00			`def verify_rune(plugin, rune, rpc_method, rpc_params):`
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30			`if rune is None:`
clnrest: don't try to handle plugin.rpc.call results. It already throws an exception or error, or decodes the JSON response: we can simply pass it through. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-11-10 13:24:46 +10:30			`raise RuneError({"code": 1501, "message": "Not authorized: Missing rune"})`
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30
clnrest: don't require nodeid (FIXME: needs screenshot updates!) This was a misunderstanding: nodeid is useful for commando, where it's the peer's nodeid, and Noise-XK guarantees that we know who that is. It's not useful for clnrest, so don't require it (it was our node id, which is redundant). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-09-12 10:22:44 +09:30			`return call_rpc_method(plugin, "checkrune",`
			`{"rune": rune,`
plugins/clnrest: Rune authentication for websocket server 2023-09-08 19:46:56 -07:00			`"method": rpc_method,`
clnrest: don't require nodeid (FIXME: needs screenshot updates!) This was a misunderstanding: nodeid is useful for commando, where it's the peer's nodeid, and Noise-XK guarantees that we know who that is. It's not useful for clnrest, so don't require it (it was our node id, which is redundant). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-09-12 10:22:44 +09:30			`"params": rpc_params})`
plugin: clnrest plugin: clnrest 2023-07-14 11:36:24 +09:30

			`def process_help_response(help_response):`
			`# Use json5.loads due to single quotes in response`
			`processed_res = json5.loads(str(help_response))["help"]`
			`line = "\n---------------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\n"`
			`processed_html_res = ""`
			`for row in processed_res:`
			`processed_html_res += f"Command: {row['command']}\n"`
			`processed_html_res += f"Category: {row['category']}\n"`
			`processed_html_res += f"Description: {row['description']}\n"`
			`processed_html_res += f"Verbose: {row['verbose']}\n"`
			`processed_html_res += line`
			`return processed_html_res`