api.properties and ip-whitelist can now be configured in the config tool

2025-12-26 00:55:08 +01:00 · 2018-10-21 18:36:20 +02:00
parent 8e144065a2
commit af059a29ff
4 changed files with 117 additions and 16 deletions
--- a/install/generator-cyphernode/generators/app/index.js
+++ b/install/generator-cyphernode/generators/app/index.js
@@ -17,6 +17,31 @@ const reset = '\u001B8\u001B[u';
 const clear = '\u001Bc';


+const defaultAPIProperties = `
+action_watch=watcher
+action_unwatch=watcher
+action_getactivewatches=watcher
+action_getbestblockhash=watcher
+action_getbestblockinfo=watcher
+action_getblockinfo=watcher
+action_gettransaction=watcher
+action_ln_getinfo=watcher
+action_ln_create_invoice=watcher
+action_getbalance=spender
+action_getnewaddress=spender
+action_spend=spender
+action_addtobatch=spender
+action_batchspend=spender
+action_deriveindex=spender
+action_derivepubpath=spender
+action_ln_pay=spender
+action_ln_newaddr=spender
+action_conf=internal
+action_executecallbacks=internal
+`;
+
+
+
 let prompters = [];
 fs.readdirSync(path.join(__dirname, "prompters")).forEach(function(file) {
  prompters.push(require(path.join(__dirname, "prompters",file)));
@@ -147,7 +172,7 @@ module.exports = class extends Generator {

    }

-    this._assignConfigDefaults(this.props);
+    this._assignConfigDefaults();
    for( let c of this.featureChoices ) {
      c.checked = this._isChecked( 'features', c.value );
    }
@@ -179,7 +204,8 @@ module.exports = class extends Generator {


  async configuring() {
-    if( this.props.auth_recreatekeys || !this.props.auth_keys ) {
+    if( this.props.auth_recreatekeys || 
+        this.props.auth_keys.configEntries.length===0 ) {
      delete this.props.auth_recreatekeys;
      const apikey = new ApiKey();

@@ -215,12 +241,12 @@ module.exports = class extends Generator {
    const configJsonString = JSON.stringify(this.props, null, 4);
    const archive = new Archive( this.destinationPath('config.7z'), this.configurationPassword );

-    if( !archive.writeEntry( 'config.json', configJsonString ) ) {
+    if( !await archive.writeEntry( 'config.json', configJsonString ) ) {
      console.log(chalk.bold.red( 'error! Config archive was not written' ));
    }

    for( let m of prompters ) {
-      const name = m.name();      
+      const name = m.name();
      for( let t of m.templates(this.props) ) {
        const p = path.join(name,t);
        this.fs.copyTpl(
@@ -238,7 +264,7 @@ module.exports = class extends Generator {
      }

      const archive = new Archive( this.destinationPath('clientKeys.7z'), this.props.auth_clientkeyspassword );
-      if( !archive.writeEntry( 'keys.txt', this.props.auth_keys.clientInformation.join('\n') ) ) {
+      if( !await archive.writeEntry( 'keys.txt', this.props.auth_keys.clientInformation.join('\n') ) ) {
        console.log(chalk.bold.red( 'error! Client auth key archive was not written' ));
      }
    }
@@ -250,17 +276,41 @@ module.exports = class extends Generator {

  /* some utils */

-  _clientAuthKeysArchiveExists() {
-     return fs.existsSync( this.destinationPath('clientKeys.7z') );
+  _hasAuthKeys() {
+     return this.props && 
+      this.props.auth_keys && 
+      this.props.auth_keys.configEntries &&
+      this.props.auth_keys.configEntries.length > 0;
  }

-  _assignConfigDefaults( props ) {
-    props.derivation_path = this.props.derivation_path || '0/n';
-    props.installer = this.props.installer ||  'docker';
-    props.devmode = this.props.devmode || false;
-    props.devregistry = this.props.devregistry || false;
-    props.devmode = this.props.devmode || false;
-    props.username = this.props.username || 'cyphernode';
+  _assignConfigDefaults() {
+    this.props = Object.assign( {
+      features: [],
+      net: 'testnet',
+      xpub: '',
+      derivation_path: '0/n',
+      installer_mode: 'docker',
+      devmode: false,
+      devregistry: false,
+      username: 'cyphernode',
+      docker_mode: 'compose',
+      bitcoin_rpcuser: 'bitcoin',
+      bitcoin_rpcpassword: 'CHANGEME',
+      bitcoin_uacomment: '',
+      bitcoin_prune: false,
+      bitcoin_datapath: '',
+      bitcoin_node_ip: '',
+      bitcoin_mode: 'internal',
+      bitcoin_expose: false,
+      auth_apiproperties: defaultAPIProperties,
+      auth_ipwhitelist: '',
+      auth_keys: { configEntries: [], clientInformation: [] },
+      proxy_datapath: '',
+      lightning_implementation: 'c-lightning',
+      lightning_datapath: '',
+      lightning_nodename: '',
+      lightning_nodecolor: ''
+    }, this.props );
  }

  _isChecked( name, value ) {
--- a/install/generator-cyphernode/generators/app/prompters/010_authapi.js
+++ b/install/generator-cyphernode/generators/app/prompters/010_authapi.js
@@ -25,13 +25,48 @@ module.exports = {
      validate: utils._notEmptyValidator
    },
    {
+      when: utils._hasAuthKeys,
      type: 'confirm',
      name: 'auth_recreatekeys',
      default: false,
-      message: prefix()+'Recreate auth keys?'+'\n'
+      message: prefix()+'Recreate auth keys?'
+    },
+    {
+      type: 'confirm',
+      name: 'auth_edit_ipwhitelist',
+      default: false,
+      message: prefix()+'Edit IP whitelist?'
+    },
+    {
+      when: function( props ) { 
+        const r = props.auth_edit_ipwhitelist;
+        delete props.auth_edit_ipwhitelist;
+        return r;
+      },
+      type: 'editor',
+      name: 'auth_ipwhitelist',
+      message: 'IP whitelist',
+      default: utils._getDefault( 'auth_ipwhitelist' )
+    },
+    {
+      type: 'confirm',
+      name: 'auth_edit_apiproperties',
+      default: false,
+      message: prefix()+'Edit API properties?'
+    },
+    {
+      when: function( props ) { 
+        const r = props.auth_edit_apiproperties;
+        delete props.auth_edit_apiproperties;
+        return r;
+      },
+      type: 'editor',
+      name: 'auth_apiproperties',
+      message: 'API properties',
+      default: utils._getDefault( 'auth_apiproperties' )
    }];
  },
  templates: function( props ) {
-    return [ 'keys.properties' ];
+    return [ 'keys.properties', 'api.properties', 'ip-whitelist.conf' ];
  }
 };
--- a/install/generator-cyphernode/generators/app/templates/authentication/api.properties
+++ b/install/generator-cyphernode/generators/app/templates/authentication/api.properties
@@ -0,0 +1,6 @@
+
+# Watcher can do stuff
+# Spender can do what the watcher can do plus more stuff
+# Admin can do what the spender can do plus even more stuff
+
+<%- auth_apiproperties %>
--- a/install/generator-cyphernode/generators/app/templates/authentication/ip-whitelist.conf
+++ b/install/generator-cyphernode/generators/app/templates/authentication/ip-whitelist.conf
@@ -0,0 +1,10 @@
+# Leave commented if you don't want to use IP whitelist
+
+#real_ip_header X-Forwarded-For;
+#set_real_ip_from 0.0.0.0/0;
+
+# List of white listed IP addresses...
+#allow 45.56.67.78;
+#deny all;
+
+<%- auth_ipwhitelist %>