|
|
|
@ -809,6 +809,71 @@ static string JSONRPCExecBatch(const Array& vReq) |
|
|
|
return write_string(Value(ret), false) + "\n"; |
|
|
|
} |
|
|
|
|
|
|
|
static bool HTTPReq_JSONRPC(AcceptedConnection *conn, |
|
|
|
string& strRequest, |
|
|
|
map<string, string>& mapHeaders, |
|
|
|
bool fRun) |
|
|
|
{ |
|
|
|
// Check authorization
|
|
|
|
if (mapHeaders.count("authorization") == 0) |
|
|
|
{ |
|
|
|
conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush; |
|
|
|
return false; |
|
|
|
} |
|
|
|
|
|
|
|
if (!HTTPAuthorized(mapHeaders)) |
|
|
|
{ |
|
|
|
LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string()); |
|
|
|
/* Deter brute-forcing short passwords.
|
|
|
|
If this results in a DoS the user really |
|
|
|
shouldn't have their RPC port exposed. */ |
|
|
|
if (mapArgs["-rpcpassword"].size() < 20) |
|
|
|
MilliSleep(250); |
|
|
|
|
|
|
|
conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush; |
|
|
|
return false; |
|
|
|
} |
|
|
|
|
|
|
|
JSONRequest jreq; |
|
|
|
try |
|
|
|
{ |
|
|
|
// Parse request
|
|
|
|
Value valRequest; |
|
|
|
if (!read_string(strRequest, valRequest)) |
|
|
|
throw JSONRPCError(RPC_PARSE_ERROR, "Parse error"); |
|
|
|
|
|
|
|
string strReply; |
|
|
|
|
|
|
|
// singleton request
|
|
|
|
if (valRequest.type() == obj_type) { |
|
|
|
jreq.parse(valRequest); |
|
|
|
|
|
|
|
Value result = tableRPC.execute(jreq.strMethod, jreq.params); |
|
|
|
|
|
|
|
// Send reply
|
|
|
|
strReply = JSONRPCReply(result, Value::null, jreq.id); |
|
|
|
|
|
|
|
// array of requests
|
|
|
|
} else if (valRequest.type() == array_type) |
|
|
|
strReply = JSONRPCExecBatch(valRequest.get_array()); |
|
|
|
else |
|
|
|
throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error"); |
|
|
|
|
|
|
|
conn->stream() << HTTPReply(HTTP_OK, strReply, fRun) << std::flush; |
|
|
|
} |
|
|
|
catch (Object& objError) |
|
|
|
{ |
|
|
|
ErrorReply(conn->stream(), objError, jreq.id); |
|
|
|
return false; |
|
|
|
} |
|
|
|
catch (std::exception& e) |
|
|
|
{ |
|
|
|
ErrorReply(conn->stream(), JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id); |
|
|
|
return false; |
|
|
|
} |
|
|
|
return true; |
|
|
|
} |
|
|
|
|
|
|
|
void ServiceConnection(AcceptedConnection *conn) |
|
|
|
{ |
|
|
|
bool fRun = true; |
|
|
|
@ -825,67 +890,17 @@ void ServiceConnection(AcceptedConnection *conn) |
|
|
|
// Read HTTP message headers and body
|
|
|
|
ReadHTTPMessage(conn->stream(), mapHeaders, strRequest, nProto); |
|
|
|
|
|
|
|
if (strURI != "/") { |
|
|
|
conn->stream() << HTTPReply(HTTP_NOT_FOUND, "", false) << std::flush; |
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
// Check authorization
|
|
|
|
if (mapHeaders.count("authorization") == 0) |
|
|
|
{ |
|
|
|
conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush; |
|
|
|
break; |
|
|
|
} |
|
|
|
if (!HTTPAuthorized(mapHeaders)) |
|
|
|
{ |
|
|
|
LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", conn->peer_address_to_string()); |
|
|
|
/* Deter brute-forcing short passwords.
|
|
|
|
If this results in a DoS the user really |
|
|
|
shouldn't have their RPC port exposed. */ |
|
|
|
if (mapArgs["-rpcpassword"].size() < 20) |
|
|
|
MilliSleep(250); |
|
|
|
|
|
|
|
conn->stream() << HTTPReply(HTTP_UNAUTHORIZED, "", false) << std::flush; |
|
|
|
break; |
|
|
|
} |
|
|
|
// HTTP Keep-Alive is false; close connection immediately
|
|
|
|
if (mapHeaders["connection"] == "close") |
|
|
|
fRun = false; |
|
|
|
|
|
|
|
JSONRequest jreq; |
|
|
|
try |
|
|
|
{ |
|
|
|
// Parse request
|
|
|
|
Value valRequest; |
|
|
|
if (!read_string(strRequest, valRequest)) |
|
|
|
throw JSONRPCError(RPC_PARSE_ERROR, "Parse error"); |
|
|
|
|
|
|
|
string strReply; |
|
|
|
|
|
|
|
// singleton request
|
|
|
|
if (valRequest.type() == obj_type) { |
|
|
|
jreq.parse(valRequest); |
|
|
|
|
|
|
|
Value result = tableRPC.execute(jreq.strMethod, jreq.params); |
|
|
|
|
|
|
|
// Send reply
|
|
|
|
strReply = JSONRPCReply(result, Value::null, jreq.id); |
|
|
|
|
|
|
|
// array of requests
|
|
|
|
} else if (valRequest.type() == array_type) |
|
|
|
strReply = JSONRPCExecBatch(valRequest.get_array()); |
|
|
|
else |
|
|
|
throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error"); |
|
|
|
|
|
|
|
conn->stream() << HTTPReply(HTTP_OK, strReply, fRun) << std::flush; |
|
|
|
} |
|
|
|
catch (Object& objError) |
|
|
|
{ |
|
|
|
ErrorReply(conn->stream(), objError, jreq.id); |
|
|
|
break; |
|
|
|
if (strURI == "/") { |
|
|
|
if (!HTTPReq_JSONRPC(conn, strRequest, mapHeaders, fRun)) |
|
|
|
break; |
|
|
|
} |
|
|
|
catch (std::exception& e) |
|
|
|
{ |
|
|
|
ErrorReply(conn->stream(), JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id); |
|
|
|
|
|
|
|
else { |
|
|
|
conn->stream() << HTTPReply(HTTP_NOT_FOUND, "", false) << std::flush; |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
|
Jeff Garzik
10 years ago