plugins/clnrest: disable ourselves unless rest-port is set.

This mirrors grpc's behavior, and avoids listening on ports without explicit user permission. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-12-19 15:14:23 +01:00 · 2023-07-15 14:13:01 +09:30
parent abcfda133f
commit 2ab0b4af3e
4 changed files with 13 additions and 3 deletions
--- a/plugins/clnrest/README.md
+++ b/plugins/clnrest/README.md
@@ -6,11 +6,15 @@ CLNRest is a lightweight Python-based core lightning plugin that transforms RPC

 Install required packages with `pip install json5 flask flask_restx gunicorn pyln-client` or `pip install -r requirements.txt`.

+Note: if you have the older c-lightning-rest plugin, you can use `disable-plugin clnrest.py` to avoid any conflict with this one.  Of course, you could use this one instead!
+
 ## Configuration

+If `rest-port` is not specified, the plugin will disable itself.
+
+- --rest-port: Sets the REST server port to listen to (3010 is common)
 - --rest-protocol: Specifies the REST server protocol. Default is HTTPS.
 - --rest-host: Defines the REST server host. Default is 127.0.0.1.
- --rest-port: Sets the REST server port to listen to. Default is 3010.
 - --rest-certs: Defines the path for HTTPS cert & key. Default path is same as RPC file path to utilize gRPC's client certificate. If it is missing at the configured location, new identity (`client.pem` and `client-key.pem`) will be generated.

 ## Plugin
--- a/plugins/clnrest/clnrest.py
+++ b/plugins/clnrest/clnrest.py
@@ -110,7 +110,10 @@ def start_server():

@plugin.init()
 def init(options, configuration, plugin):
-    set_config(options)
+    # We require options before we open a port.
+    err = set_config(options)
+    if err:
+        return {'disable': err}
    start_server()


--- a/plugins/clnrest/utilities/rpc_plugin.py
+++ b/plugins/clnrest/utilities/rpc_plugin.py
@@ -10,7 +10,7 @@ queue = manager.Queue()
 plugin.add_option(name="rest-certs", default=os.getcwd(), description="Path for certificates (for https)", opt_type="string", deprecated=False)
 plugin.add_option(name="rest-protocol", default="https", description="REST server protocol", opt_type="string", deprecated=False)
 plugin.add_option(name="rest-host", default="127.0.0.1", description="REST server host", opt_type="string", deprecated=False)
-plugin.add_option(name="rest-port", default=3010, description="REST server port to listen", opt_type="int", deprecated=False)
+plugin.add_option(name="rest-port", default=None, description="REST server port to listen", opt_type="int", deprecated=False)


@plugin.subscribe("*")
--- a/plugins/clnrest/utilities/shared.py
+++ b/plugins/clnrest/utilities/shared.py
@@ -6,11 +6,14 @@ CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT = "", "", "", ""


 def set_config(options):
+    if 'rest-port' not in options:
+        return "`rest-port` option is not configured"
    global CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT
    CERTS_PATH = str(options["rest-certs"])
    REST_PROTOCOL = str(options["rest-protocol"])
    REST_HOST = str(options["rest-host"])
    REST_PORT = int(options["rest-port"])
+    return None


 def call_rpc_method(plugin, rpc_method, payload):