From 45912058340de499aef5f6f7c83a8ea23f369382 Mon Sep 17 00:00:00 2001 From: Mononaut Date: Wed, 16 Aug 2023 17:59:04 +0900 Subject: [PATCH 1/3] Protect internal bulk API endpoints behind /internal-api prefix --- src/rest.rs | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/rest.rs b/src/rest.rs index 56567393..b376a52a 100644 --- a/src/rest.rs +++ b/src/rest.rs @@ -51,6 +51,9 @@ const TTL_SHORT: u32 = 10; // ttl for volatie resources const TTL_MEMPOOL_RECENT: u32 = 5; // ttl for GET /mempool/recent const CONF_FINAL: usize = 10; // reorgs deeper than this are considered unlikely +// internal api prefix +const INTERNAL_PREFIX: &str = "internal-api"; + #[derive(Serialize, Deserialize)] struct BlockValue { id: String, @@ -1165,7 +1168,14 @@ fn handle_request( (&Method::GET, Some(&"mempool"), Some(&"txids"), None, None, None) => { json_response(query.mempool().txids(), TTL_SHORT) } - (&Method::GET, Some(&"mempool"), Some(&"txs"), Some(&"all"), None, None) => { + ( + &Method::GET, + Some(&INTERNAL_PREFIX), + Some(&"mempool"), + Some(&"txs"), + Some(&"all"), + None, + ) => { let txs = query .mempool() .txs() @@ -1175,7 +1185,7 @@ fn handle_request( json_response(prepare_txs(txs, query, config), TTL_SHORT) } - (&Method::POST, Some(&"mempool"), Some(&"txs"), None, None, None) => { + (&Method::POST, Some(&INTERNAL_PREFIX), Some(&"mempool"), Some(&"txs"), None, None) => { let txid_strings: Vec = serde_json::from_slice(&body).map_err(|err| HttpError::from(err.to_string()))?; @@ -1198,7 +1208,14 @@ fn handle_request( Err(err) => http_message(StatusCode::BAD_REQUEST, err.to_string(), 0), } } - (&Method::GET, Some(&"mempool"), Some(&"txs"), last_seen_txid, None, None) => { + ( + &Method::GET, + Some(&INTERNAL_PREFIX), + Some(&"mempool"), + Some(&"txs"), + last_seen_txid, + None, + ) => { let last_seen_txid = last_seen_txid.and_then(|txid| Txid::from_hex(txid).ok()); let txs = query .mempool() From bb7e1ec4771acd8e1e07a2c31eeb9c599db46a29 Mon Sep 17 00:00:00 2001 From: Mononaut Date: Mon, 28 Aug 2023 16:45:20 +0900 Subject: [PATCH 2/3] Change internal api prefix to "internal" --- src/rest.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rest.rs b/src/rest.rs index b376a52a..b9e6115b 100644 --- a/src/rest.rs +++ b/src/rest.rs @@ -52,7 +52,7 @@ const TTL_MEMPOOL_RECENT: u32 = 5; // ttl for GET /mempool/recent const CONF_FINAL: usize = 10; // reorgs deeper than this are considered unlikely // internal api prefix -const INTERNAL_PREFIX: &str = "internal-api"; +const INTERNAL_PREFIX: &str = "internal"; #[derive(Serialize, Deserialize)] struct BlockValue { From 281b6994087aec6e42c40587f33ab0bc419f9bd1 Mon Sep 17 00:00:00 2001 From: Mononaut Date: Wed, 6 Sep 2023 08:26:29 +0900 Subject: [PATCH 3/3] Move bulk /block/:hash/txs behind /internal prefix --- src/rest.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rest.rs b/src/rest.rs index b9e6115b..6bc8cc8f 100644 --- a/src/rest.rs +++ b/src/rest.rs @@ -729,7 +729,7 @@ fn handle_request( .ok_or_else(|| HttpError::not_found("Block not found".to_string()))?; json_response(txids, TTL_LONG) } - (&Method::GET, Some(&"block"), Some(hash), Some(&"txs"), None, None) => { + (&Method::GET, Some(&INTERNAL_PREFIX), Some(&"block"), Some(hash), Some(&"txs"), None) => { let hash = BlockHash::from_hex(hash)?; let txs = query .chain()