From be7892a2ae91722e8b8fbe536d6de0fd52f7402a Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Wed, 28 Sep 2022 23:06:49 -0700 Subject: [PATCH] config: unify lbcd and lbcwallet RPC credentails 1. remove lbcdusername and lbcdpassword 2. rename (username, password) to (rpcuser, rpcpass) Most users are confused with the lbcduser and username at first, and choose to use the same credentials between lbcd and lbcwallet. --- README.md | 35 ++++++++++------------------------- config.go | 19 +++---------------- lbcwallet.go | 2 +- rpcserver.go | 8 ++++---- sample-lbcwallet.conf | 11 ++--------- 5 files changed, 20 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index aa2928826d..a1c4c0326f 100644 --- a/README.md +++ b/README.md @@ -22,25 +22,12 @@ does mean they could track all transactions involving your addresses and therefore know your exact balance. In a future release, public data encryption will extend to transactions as well. -Wallet clients can use one of two RPC servers: - - 1. A legacy JSON-RPC server mostly compatible with Bitcoin Core - - The JSON-RPC server exists to ease the migration of wallet applications - from Core, but complete compatibility is not guaranteed. Some portions of - the API (and especially accounts) have to work differently due to other - design decisions (mostly due to BIP0044). However, if you find a - compatibility issue and feel that it could be reasonably supported, please - report an issue. This server is enabled by default. - - 2. An experimental gRPC server - - The gRPC server uses a new API built for lbcwallet, but the API is not - stabilized and the server is feature gated behind a config option - (`--experimentalrpclisten`). If you don't mind applications breaking due - to API changes, don't want to deal with issues of the legacy API, or need - notifications for changes to the wallet, this is the RPC server to use. - The gRPC server is documented [here](./rpc/documentation/README.md). +The JSON-RPC server exists to ease the migration of wallet applications +from Core, but complete compatibility is not guaranteed. Some portions of +the API (and especially accounts) have to work differently due to other +design decisions (mostly due to BIP0044). However, if you find a +compatibility issue and feel that it could be reasonably supported, please +report an issue. This server is enabled by default. ## Security @@ -93,25 +80,23 @@ Start a local instance of `lbcd` and have the `lbcwallet` connecting to it. ``` sh # Start a lbcd with its RPC credentials -./lbcd --txindex --rpcuser=lbcduser --rpcpass=lbcdpass +./lbcd --txindex --rpcuser=rpcuser --rpcpass=rpcpass # Start a lbcwallet with its RPC credentials along with the lbcd's RPC credentials # The default lbcd instance to conect to is already localhost:9245 so we don't need to specify it explicitly here. -./lbcwallet --username=rpcuser --password=rpcpass --lbcdusername=lbcduser --lbcdpassword=lbcdpass # --rpcconnect=localhost:9245 +./lbcwallet --rpcuser=rpcuser --rpcpass=rpcpass # --rpcconnect=localhost:9245 # -# rpcuser/rpcpass lbcduser/lbcdpass +# rpcuser/rpcpass rpcuser/rpcpass # lbcctl <-------------------> lbcwallet <--------------------> lbcd # RPC port 9244 RPC port 9245 # ``` -If the `lbcd` and `lbcwallet` use the same RPC credentials, we can skip the `--lbcdusername` and `--lbcdpassword` - ``` sh ./lbcd --txindex --rpcuser=rpcuser --rpcpass=rpcpass -./lbcwallet --username=rpcuser --password=rpcpass +./lbcwallet --rpcuser=rpcuser --rpcpass=rpcpass # # rpcuser/rpcpass rpcuser/rpcpass diff --git a/config.go b/config.go index 060bc6e043..cbb0e620c3 100644 --- a/config.go +++ b/config.go @@ -70,8 +70,6 @@ type config struct { CAFile *cfgutil.ExplicitString `long:"cafile" description:"File containing root certificates to authenticate a TLS connections with lbcd"` DisableClientTLS bool `long:"noclienttls" description:"Disable TLS for the RPC client"` SkipVerify bool `long:"skipverify" description:"Skip verifying TLS for the RPC client"` - LbcdUsername string `long:"lbcdusername" description:"Username for lbcd authentication"` - LbcdPassword string `long:"lbcdpassword" default-mask:"-" description:"Password for lbcd authentication"` Proxy string `long:"proxy" description:"Connect via SOCKS5 proxy (eg. 127.0.0.1:9050)"` ProxyUser string `long:"proxyuser" description:"Username for proxy server"` ProxyPass string `long:"proxypass" default-mask:"-" description:"Password for proxy server"` @@ -90,9 +88,9 @@ type config struct { DisableServerTLS bool `long:"noservertls" description:"Disable TLS for the RPC server"` LegacyRPCListeners []string `long:"rpclisten" description:"Listen for legacy RPC connections on this interface/port (default port: 9244, testnet: 19244, regtest: 29244, simnet: 29244)"` LegacyRPCMaxClients int64 `long:"rpcmaxclients" description:"Max number of legacy RPC clients for standard connections"` - LegacyRPCMaxWebsockets int64 `long:"rpcmaxwebsockets" description:"Max number of legacy RPC websocket connections"` - Username string `short:"u" long:"username" description:"Username for legacy RPC and lbcd authentication (if lbcdusername is unset)"` - Password string `short:"P" long:"password" default-mask:"-" description:"Password for legacy RPC and lbcd authentication (if lbcdpassword is unset)"` + LegacyRPCMaxWebsockets int64 `long:"rpcmaxwebsockets" description:"Max number of RPC websocket connections"` + RPCUser string `short:"u" long:"rpcuser" description:"Username for RPC and lbcd authentication"` + RPCPass string `short:"P" long:"rpcpass" default-mask:"-" description:"Password for RPC and lbcd authentication"` // Deprecated options DataDir *cfgutil.ExplicitString `short:"b" long:"datadir" default-mask:"-" description:"DEPRECATED -- use appdata instead"` @@ -601,17 +599,6 @@ func loadConfig() (*config, []string, error) { cfg.RPCCert.Value = cleanAndExpandPath(cfg.RPCCert.Value) cfg.RPCKey.Value = cleanAndExpandPath(cfg.RPCKey.Value) - // If the lbcd username or password are unset, use the same auth as for - // the client. The two settings were previously shared for lbcd and - // client auth, so this avoids breaking backwards compatibility while - // allowing users to use different auth settings for lbcd and wallet. - if cfg.LbcdUsername == "" { - cfg.LbcdUsername = cfg.Username - } - if cfg.LbcdPassword == "" { - cfg.LbcdPassword = cfg.Password - } - // Warn about missing config file after the final command line parse // succeeds. This prevents the warning on help messages and invalid // options. diff --git a/lbcwallet.go b/lbcwallet.go index c2b4f4cebe..f0b9a83ddd 100644 --- a/lbcwallet.go +++ b/lbcwallet.go @@ -214,7 +214,7 @@ func readCAFile() []byte { func startChainRPC(certs []byte) (*chain.RPCClient, error) { log.Infof("Attempting RPC client connection to %v", cfg.RPCConnect) rpcc, err := chain.NewRPCClient(activeNet.Params, cfg.RPCConnect, - cfg.LbcdUsername, cfg.LbcdPassword, certs, cfg.DisableClientTLS, + cfg.RPCPass, cfg.RPCPass, certs, cfg.DisableClientTLS, cfg.SkipVerify, 0) if err != nil { return nil, err diff --git a/rpcserver.go b/rpcserver.go index 939e92cbfa..03a3bab8ca 100644 --- a/rpcserver.go +++ b/rpcserver.go @@ -126,8 +126,8 @@ func startRPCServers(walletLoader *wallet.Loader) (*legacyrpc.Server, error) { } - if cfg.Username == "" || cfg.Password == "" { - log.Info("Legacy RPC server disabled (requires username and password)") + if cfg.RPCUser == "" || cfg.RPCPass == "" { + log.Info("RPC server disabled (requires rpcuser and rpcpass)") } else if len(cfg.LegacyRPCListeners) != 0 { listeners := makeListeners(cfg.LegacyRPCListeners, legacyListen) if len(listeners) == 0 { @@ -135,8 +135,8 @@ func startRPCServers(walletLoader *wallet.Loader) (*legacyrpc.Server, error) { return nil, err } opts := legacyrpc.Options{ - Username: cfg.Username, - Password: cfg.Password, + Username: cfg.RPCUser, + Password: cfg.RPCPass, MaxPOSTClients: cfg.LegacyRPCMaxClients, MaxWebsocketClients: cfg.LegacyRPCMaxWebsockets, } diff --git a/sample-lbcwallet.conf b/sample-lbcwallet.conf index d30eda46dd..72a495c898 100644 --- a/sample-lbcwallet.conf +++ b/sample-lbcwallet.conf @@ -88,15 +88,8 @@ ; Username and password to authenticate to lbcd a RPC server and authenticate ; new client connections -; username= -; password= - -; Alternative username and password for lbcd. If set, these will be used -; instead of the username and password set above for authentication to a -; lbcd RPC server. -; lbcdusername= -; lbcdpassword= - +; rpcuser= +; rpcpass= ; ------------------------------------------------------------------------------ ; Debug