feat(core-manager): implement IP whitelisting (#3686)

Author: sebastijankuzner

__tests__/unit/core-manager/server-boot-dispose.test.ts

@@ -8,9 +8,12 @@ import { Sandbox } from "@packages/core-test-framework";
 import { Identifiers } from "@packages/core-manager/src/ioc";
 import { Server } from "@packages/core-manager/src/server";
 import { ActionReader } from "@packages/core-manager/src/action-reader";
+import { PluginFactory } from "@packages/core-manager/src/plugins/plugin-factory";
+import { defaults } from "@packages/core-manager/src/defaults";
 
 let sandbox: Sandbox;
 let server: Server;
+let pluginsConfiguration = defaults.plugins
 
 let logger = {
     info: jest.fn(),
@@ -42,10 +45,16 @@ beforeEach(() => {
 
     sandbox.app.bind(Identifiers.HTTP).to(Server).inSingletonScope();
     sandbox.app.bind(Identifiers.ActionReader).to(ActionReader).inSingletonScope();
+    sandbox.app.bind(Identifiers.PluginFactory).to(PluginFactory).inSingletonScope();
     sandbox.app.bind(Container.Identifiers.LogService).toConstantValue(logger);
+    sandbox.app.bind(Container.Identifiers.PluginConfiguration).toConstantValue({
+        get: jest.fn().mockReturnValue(pluginsConfiguration)
+    });
+
 
     sandbox.app.terminate = jest.fn();
 
+
     server = sandbox.app.get<Server>(Identifiers.HTTP);
 });
 

__tests__/unit/core-manager/server.test.ts

@@ -7,6 +7,8 @@ import { Identifiers } from "@packages/core-manager/src/ioc";
 import { Actions } from "@packages/core-manager/src/contracts";
 import { Server } from "@packages/core-manager/src/server";
 import { ActionReader } from "@packages/core-manager/src/action-reader";
+import { PluginFactory } from "@packages/core-manager/src/plugins/plugin-factory";
+import { defaults } from "@packages/core-manager/src/defaults";
 import { Assets } from "./__fixtures__";
 
 let sandbox: Sandbox;
@@ -19,6 +21,8 @@ let logger = {
     error: jest.fn(),
 }
 
+let pluginsConfiguration = defaults.plugins
+
 beforeEach(() => {
     let dummyAction = new Assets.DummyAction();
     spyOnMethod = jest.spyOn(dummyAction, "method")
@@ -34,6 +38,10 @@ beforeEach(() => {
     sandbox.app.bind(Identifiers.HTTP).to(Server).inSingletonScope();
     sandbox.app.bind(Identifiers.ActionReader).toConstantValue(actionReader);
     sandbox.app.bind(Container.Identifiers.LogService).toConstantValue(logger);
+    sandbox.app.bind(Identifiers.PluginFactory).to(PluginFactory).inSingletonScope();
+    sandbox.app.bind(Container.Identifiers.PluginConfiguration).toConstantValue({
+        get: jest.fn().mockReturnValue(pluginsConfiguration)
+    });
 
     sandbox.app.terminate = jest.fn();
 
@@ -45,17 +53,15 @@ afterEach(() => {
 })
 
 describe("Server", () => {
-    beforeEach(async () => {
-        await server.initialize("serverName", {})
-        await server.boot()
-    })
-
     afterEach(async () => {
         await server.dispose();
     })
 
     describe("inject", () => {
         it("should be ok", async () => {
+            await server.initialize("serverName", {})
+            await server.boot()
+
             const injectOptions = {
                 method: "POST",
                 url: "/",
@@ -77,6 +83,9 @@ describe("Server", () => {
         });
 
         it("should return RCP error if called with invalid action params", async () => {
+            await server.initialize("serverName", {})
+            await server.boot()
+
             const injectOptions = {
                 method: "POST",
                 url: "/",
@@ -99,6 +108,9 @@ describe("Server", () => {
         });
 
         it("should return RCP error if error inside Action method", async () => {
+            await server.initialize("serverName", {})
+            await server.boot()
+
             const injectOptions = {
                 method: "POST",
                 url: "/",
@@ -126,6 +138,9 @@ describe("Server", () => {
         });
 
         it("should return RCP error if RPC schema is invalid", async () => {
+            await server.initialize("serverName", {})
+            await server.boot()
+
             const injectOptions = {
                 method: "POST",
                 url: "/",
@@ -148,6 +163,9 @@ describe("Server", () => {
         });
 
         it("should return RCP error if error in Validator", async () => {
+            await server.initialize("serverName", {})
+            await server.boot()
+
             const injectOptions = {
                 method: "POST",
                 url: "/",
@@ -172,5 +190,38 @@ describe("Server", () => {
             expect(parsedResponse.statusCode).toBe(200)
             expect(parsedResponse.body.error.code).toBe(-32600)
         });
+
+        it("should return RCP error if whitelisted", async () => {
+            pluginsConfiguration.whitelist = []
+
+            await server.initialize("serverName", {})
+            await server.boot()
+
+            const injectOptions = {
+                method: "POST",
+                url: "/",
+                payload: {
+                    jsonrpc: "2.0",
+                    id: "1",
+                    method: "dummy",
+                    params: { id: 123 },
+                },
+                headers: {
+                    "content-type": "application/vnd.api+json",
+                },
+            };
+
+            const response = await server.inject(injectOptions);
+            const parsedResponse: Record<string, any> = { body: response.result, statusCode: response.statusCode };
+
+            expect(parsedResponse).toEqual({
+                body: {
+                    jsonrpc: '2.0',
+                    error: { code: -32001, message: 'Unauthorized' },
+                    id: null
+                },
+                statusCode: 200
+            })
+        });
     })
 });

packages/core-manager/src/contracts/index.ts

@@ -1 +1,2 @@
 export * as Actions from "./action"
+export * as Plugins from "./plugins"

packages/core-manager/src/contracts/plugins.ts

@@ -0,0 +1,8 @@
+export interface RegisterPluginObject {
+    plugin: any,
+    options?: any
+}
+
+export interface PluginFactory {
+    preparePlugins(): Array<RegisterPluginObject>
+}

packages/core-manager/src/defaults.ts

@@ -15,5 +15,8 @@ export const defaults = {
                 cert: process.env.CORE_MONITOR_SSL_CERT,
             },
         },
+    },
+    plugins: {
+        whitelist: ["*"]
     }
 };

packages/core-manager/src/ioc/identifiers.ts

@@ -2,4 +2,5 @@ export const Identifiers = {
     HTTP: Symbol.for("API<HTTP>"),
     HTTPS: Symbol.for("API<HTTPS>"),
     ActionReader: Symbol.for("Discover<Action>"),
+    PluginFactory: Symbol.for("Factory<Plugin>"),
 };

packages/core-manager/src/plugins/index.ts

@@ -0,0 +1 @@
+export * from "./plugin-factory"

packages/core-manager/src/plugins/plugin-factory.ts

@@ -0,0 +1,74 @@
+import * as rpc from "@hapist/json-rpc";
+import * as whitelist from "@hapist/whitelist";
+
+import { Container, Providers } from "@arkecosystem/core-kernel";
+import { Validation } from "@arkecosystem/crypto";
+
+import { Identifiers } from "../ioc";
+import { Plugins } from "../contracts";
+import { ActionReader } from "../action-reader";
+import { rpcResponseHandler } from "./rpc-response-handler";
+
+@Container.injectable()
+export class PluginFactory implements Plugins.PluginFactory {
+    @Container.inject(Container.Identifiers.PluginConfiguration)
+    @Container.tagged("plugin", "@arkecosystem/core-manager")
+    private readonly configuration!: Providers.PluginConfiguration;
+
+    @Container.inject(Identifiers.ActionReader)
+    private readonly actionReader!: ActionReader;
+
+    public preparePlugins(): Array<Plugins.RegisterPluginObject> {
+        let pluginConfig = this.configuration.get("plugins")
+
+        return [
+            {
+              plugin: rpcResponseHandler
+            },
+            {
+                plugin: whitelist,
+                options: {
+                    // @ts-ignore
+                    whitelist: pluginConfig.whitelist
+                    // whitelist: ["*"],
+                    // whitelist: [],
+                },
+            },
+            {
+                plugin: rpc,
+                options: {
+                    methods: this.actionReader.discoverActions(),
+                    processor: {
+                        schema: {
+                            properties: {
+                                id: {
+                                    type: ["number", "string"],
+                                },
+                                jsonrpc: {
+                                    pattern: "2.0",
+                                    type: "string",
+                                },
+                                method: {
+                                    type: "string",
+                                },
+                                params: {
+                                    type: "object",
+                                },
+                            },
+                            required: ["jsonrpc", "method", "id"],
+                            type: "object",
+                        },
+                        validate(data: object, schema: object) {
+                            try {
+                                const { error } = Validation.validator.validate(schema, data);
+                                return { value: data, error: error ? error : null };
+                            } catch (error) {
+                                return { value: null, error: error.stack };
+                            }
+                        },
+                    },
+                },
+            }
+        ]
+    }
+}

packages/core-manager/src/plugins/rpc-response-handler.ts

@@ -0,0 +1,39 @@
+import { Server as HapiServer } from "@hapi/hapi";
+
+const getRpcResponseCode = (httpResponseCode: number) => {
+    return -32001
+
+    // TODO: Implement after auth plugin
+    // if (httpResponseCode === 401) {
+    //     return -32001
+    // } if (httpResponseCode === 403) {
+    //     return -32001
+    // }
+    //
+    // throw new Error("Unsupported status code")
+}
+
+export const rpcResponseHandler = {
+    name: "rcpResponseHandler",
+    version: "0.1.0",
+    register: (server: HapiServer) => {
+        server.ext({
+            type: "onPreResponse",
+            method(request, h) {
+                let response = request.response;
+                if (!response.isBoom) {
+                    return h.continue;
+                }
+
+                return h.response({
+                    jsonrpc: "2.0",
+                    error: {
+                        code: getRpcResponseCode(response.output.statusCode),
+                        message: response.output.payload.message,
+                    },
+                    id: null
+                });
+            }
+        })
+    }
+}

packages/core-manager/src/server.ts

@@ -1,13 +1,10 @@
 import { Server as HapiServer, ServerInjectOptions, ServerInjectResponse } from "@hapi/hapi";
-import * as rpc from "@hapist/json-rpc";
-
 import { readFileSync } from "fs";
 
 import { Container, Contracts, Types } from "@arkecosystem/core-kernel";
-import { Validation } from "@arkecosystem/crypto";
 
 import { Identifiers } from "./ioc";
-import { ActionReader } from "./action-reader";
+import { Plugins } from "./contracts";
 
 @Container.injectable()
 export class Server {
@@ -17,53 +14,19 @@ export class Server {
     @Container.inject(Container.Identifiers.LogService)
     private readonly logger!: Contracts.Kernel.Logger;
 
-    @Container.inject(Identifiers.ActionReader)
-    private readonly actionReader!: ActionReader;
+    @Container.inject(Identifiers.PluginFactory)
+    private readonly pluginFactory!: Plugins.PluginFactory;
 
-    private server: HapiServer;
+    private server!: HapiServer;
 
     private name!: string;
 
-    public async initialize(name: string, optionsServer: Types.JsonObject): Promise<void> {
+    public async initialize(name: string, serverOptions: Types.JsonObject): Promise<void> {
         this.name = name;
-        this.server = new HapiServer(this.getServerOptions(optionsServer));
-        this.server.app.app = this.app;
-
-        await this.server.register({
-            plugin: rpc,
-            options: {
-                methods: this.actionReader.discoverActions(),
-                processor: {
-                    schema: {
-                        properties: {
-                            id: {
-                                type: ["number", "string"],
-                            },
-                            jsonrpc: {
-                                pattern: "2.0",
-                                type: "string",
-                            },
-                            method: {
-                                type: "string",
-                            },
-                            params: {
-                                type: "object",
-                            },
-                        },
-                        required: ["jsonrpc", "method", "id"],
-                        type: "object",
-                    },
-                    validate(data: object, schema: object) {
-                        try {
-                            const { error } = Validation.validator.validate(schema, data);
-                            return { value: data, error: error ? error : null };
-                        } catch (error) {
-                            return { value: null, error: error.stack };
-                        }
-                    },
-                },
-            },
-        });
+        this.server = new HapiServer(this.getServerOptions(serverOptions));
+        // this.server.app.app = this.app;
+
+        await this.server.register(this.pluginFactory.preparePlugins());
     }
 
     public async inject(options: string | ServerInjectOptions): Promise<ServerInjectResponse> {