diff options
author | Péter Szilágyi <peterke@gmail.com> | 2017-10-23 15:22:23 +0800 |
---|---|---|
committer | Péter Szilágyi <peterke@gmail.com> | 2017-11-21 21:09:36 +0800 |
commit | 51a86f61be52fdd16a409fc93cf89a2226129697 (patch) | |
tree | 005e972dfd90ea4e97b119ebb3d9acd02732ba84 /cmd/puppeth | |
parent | b5cf60389510cdfbd38b2f79936323f89388724c (diff) | |
download | go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.gz go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.zst go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.zip |
cmd/faucet: protocol relative websockets, noauth mode
Diffstat (limited to 'cmd/puppeth')
-rw-r--r-- | cmd/puppeth/module_faucet.go | 24 | ||||
-rw-r--r-- | cmd/puppeth/wizard_faucet.go | 74 |
2 files changed, 63 insertions, 35 deletions
diff --git a/cmd/puppeth/module_faucet.go b/cmd/puppeth/module_faucet.go index a53e6f61e..4e7805824 100644 --- a/cmd/puppeth/module_faucet.go +++ b/cmd/puppeth/module_faucet.go @@ -53,10 +53,10 @@ ADD account.pass /account.pass EXPOSE 8080 CMD [ \ - "/faucet", "--genesis", "/genesis.json", "--network", "{{.NetworkID}}", "--bootnodes", "{{.Bootnodes}}", "--ethstats", "{{.Ethstats}}", "--ethport", "{{.EthPort}}", \ - "--faucet.name", "{{.FaucetName}}", "--faucet.amount", "{{.FaucetAmount}}", "--faucet.minutes", "{{.FaucetMinutes}}", "--faucet.tiers", "{{.FaucetTiers}}", \ - "--github.user", "{{.GitHubUser}}", "--github.token", "{{.GitHubToken}}", "--account.json", "/account.json", "--account.pass", "/account.pass" \ - {{if .CaptchaToken}}, "--captcha.token", "{{.CaptchaToken}}", "--captcha.secret", "{{.CaptchaSecret}}"{{end}} \ + "/faucet", "--genesis", "/genesis.json", "--network", "{{.NetworkID}}", "--bootnodes", "{{.Bootnodes}}", "--ethstats", "{{.Ethstats}}", "--ethport", "{{.EthPort}}", \ + "--faucet.name", "{{.FaucetName}}", "--faucet.amount", "{{.FaucetAmount}}", "--faucet.minutes", "{{.FaucetMinutes}}", "--faucet.tiers", "{{.FaucetTiers}}", \ + {{if .GitHubUser}}"--github.user", "{{.GitHubUser}}", "--github.token", "{{.GitHubToken}}", {{end}}"--account.json", "/account.json", "--account.pass", "/account.pass" \ + {{if .CaptchaToken}}, "--captcha.token", "{{.CaptchaToken}}", "--captcha.secret", "{{.CaptchaSecret}}"{{end}}{{if .NoAuth}}, "--noauth"{{end}} \ ]` // faucetComposefile is the docker-compose.yml file required to deploy and maintain @@ -81,7 +81,8 @@ services: - GITHUB_USER={{.GitHubUser}} - GITHUB_TOKEN={{.GitHubToken}} - CAPTCHA_TOKEN={{.CaptchaToken}} - - CAPTCHA_SECRET={{.CaptchaSecret}}{{if .VHost}} + - CAPTCHA_SECRET={{.CaptchaSecret}} + - NO_AUTH={{.NoAuth}}{{if .VHost}} - VIRTUAL_HOST={{.VHost}} - VIRTUAL_PORT=8080{{end}} logging: @@ -114,6 +115,7 @@ func deployFaucet(client *sshClient, network string, bootnodes []string, config "FaucetAmount": config.amount, "FaucetMinutes": config.minutes, "FaucetTiers": config.tiers, + "NoAuth": config.noauth, }) files[filepath.Join(workdir, "Dockerfile")] = dockerfile.Bytes() @@ -132,6 +134,7 @@ func deployFaucet(client *sshClient, network string, bootnodes []string, config "FaucetAmount": config.amount, "FaucetMinutes": config.minutes, "FaucetTiers": config.tiers, + "NoAuth": config.noauth, }) files[filepath.Join(workdir, "docker-compose.yaml")] = composefile.Bytes() @@ -161,6 +164,7 @@ type faucetInfos struct { amount int minutes int tiers int + noauth bool githubUser string githubToken string captchaToken string @@ -179,7 +183,14 @@ func (info *faucetInfos) Report() map[string]string { "Funding tiers": strconv.Itoa(info.tiers), "Captha protection": fmt.Sprintf("%v", info.captchaToken != ""), "Ethstats username": info.node.ethstats, - "GitHub authentication": info.githubUser, + } + if info.githubUser != "" { + report["GitHub authentication"] = info.githubUser + } else { + report["GitHub authentication"] = "disabled, rate-limited" + } + if info.noauth { + report["Debug mode (no auth)"] = "enabled" } if info.node.keyJSON != "" { var key struct { @@ -255,5 +266,6 @@ func checkFaucet(client *sshClient, network string) (*faucetInfos, error) { githubToken: infos.envvars["GITHUB_TOKEN"], captchaToken: infos.envvars["CAPTCHA_TOKEN"], captchaSecret: infos.envvars["CAPTCHA_SECRET"], + noauth: infos.envvars["NO_AUTH"] == "true", }, nil } diff --git a/cmd/puppeth/wizard_faucet.go b/cmd/puppeth/wizard_faucet.go index dbb0965eb..d5a084f15 100644 --- a/cmd/puppeth/wizard_faucet.go +++ b/cmd/puppeth/wizard_faucet.go @@ -87,34 +87,38 @@ func (w *wizard) deployFaucet() { if infos.githubUser == "" { // No previous authorization (or new one requested) fmt.Println() - fmt.Println("Which GitHub user to verify Gists through?") - infos.githubUser = w.readString() + fmt.Println("Which GitHub user to verify Gists through? (default = none = rate-limited API)") + infos.githubUser = w.readDefaultString("") - fmt.Println() - fmt.Println("What is the GitHub personal access token of the user? (won't be echoed)") - infos.githubToken = w.readPassword() - - // Do a sanity check query against github to ensure it's valid - req, _ := http.NewRequest("GET", "https://api.github.com/user", nil) - req.SetBasicAuth(infos.githubUser, infos.githubToken) - res, err := http.DefaultClient.Do(req) - if err != nil { - log.Error("Failed to verify GitHub authentication", "err", err) - return - } - defer res.Body.Close() + if infos.githubUser == "" { + log.Warn("Funding requests via GitHub will be heavily rate-limited") + } else { + fmt.Println() + fmt.Println("What is the GitHub personal access token of the user? (won't be echoed)") + infos.githubToken = w.readPassword() + + // Do a sanity check query against github to ensure it's valid + req, _ := http.NewRequest("GET", "https://api.github.com/user", nil) + req.SetBasicAuth(infos.githubUser, infos.githubToken) + res, err := http.DefaultClient.Do(req) + if err != nil { + log.Error("Failed to verify GitHub authentication", "err", err) + return + } + defer res.Body.Close() - var msg struct { - Login string `json:"login"` - Message string `json:"message"` - } - if err = json.NewDecoder(res.Body).Decode(&msg); err != nil { - log.Error("Failed to decode authorization response", "err", err) - return - } - if msg.Login != infos.githubUser { - log.Error("GitHub authorization failed", "user", infos.githubUser, "message", msg.Message) - return + var msg struct { + Login string `json:"login"` + Message string `json:"message"` + } + if err = json.NewDecoder(res.Body).Decode(&msg); err != nil { + log.Error("Failed to decode authorization response", "err", err) + return + } + if msg.Login != infos.githubUser { + log.Error("GitHub authorization failed", "user", infos.githubUser, "message", msg.Message) + return + } } } // Accessing the reCaptcha service requires API authorizations, request it @@ -129,7 +133,9 @@ func (w *wizard) deployFaucet() { // No previous authorization (or old one discarded) fmt.Println() fmt.Println("Enable reCaptcha protection against robots (y/n)? (default = no)") - if w.readDefaultString("n") == "y" { + if w.readDefaultString("n") == "n" { + log.Warn("Users will be able to requests funds via automated scripts") + } else { // Captcha protection explicitly requested, read the site and secret keys fmt.Println() fmt.Printf("What is the reCaptcha site key to authenticate human users?\n") @@ -175,7 +181,7 @@ func (w *wizard) deployFaucet() { } } } - if infos.node.keyJSON == "" { + for i := 0; i < 3 && infos.node.keyJSON == ""; i++ { fmt.Println() fmt.Println("Please paste the faucet's funding account key JSON:") infos.node.keyJSON = w.readJSON() @@ -186,9 +192,19 @@ func (w *wizard) deployFaucet() { if _, err := keystore.DecryptKey([]byte(infos.node.keyJSON), infos.node.keyPass); err != nil { log.Error("Failed to decrypt key with given passphrase") - return + infos.node.keyJSON = "" + infos.node.keyPass = "" } } + // Check if the user wants to run the faucet in debug mode (noauth) + noauth := "n" + if infos.noauth { + noauth = "y" + } + fmt.Println() + fmt.Printf("Permit non-authenticated funding requests (y/n)? (default = %v)\n", infos.noauth) + infos.noauth = w.readDefaultString(noauth) != "n" + // Try to deploy the faucet server on the host fmt.Println() fmt.Printf("Should the faucet be built from scratch (y/n)? (default = no)\n") |