Add ability to toggle BTC RPC Explorer token

This commit is contained in:
Taylor Helsper 2021-11-20 17:39:10 -06:00
parent 799c54e6d4
commit 37f9209bd5
11 changed files with 115 additions and 10 deletions

View File

@ -10,6 +10,7 @@ After=bitcoin.service
ExecStartPre=/usr/bin/is_not_shutting_down.sh
ExecStartPre=/usr/bin/wait_on_bitcoin.sh
ExecStartPre=/usr/bin/wait_on_electrs.sh
ExecStartPre=+/usr/bin/mynode_pre_btcrpcexplorer.sh
WorkingDirectory=/opt/mynode/btc-rpc-explorer
ExecStart=/usr/bin/npm start

View File

@ -0,0 +1,21 @@
#!/bin/bash
source /usr/share/mynode/mynode_config.sh
set -x
# Initialize BTC RPC Explorer Config
mkdir -p /opt/mynode/btc-rpc-explorer
cp /usr/share/mynode/btcrpcexplorer_env /opt/mynode/btc-rpc-explorer/.env
chown -R bitcoin:bitcoin /opt/mynode/btc-rpc-explorer
# Update Bitcoin RPC Password
BTCRPCPW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw)
if [ -f /opt/mynode/btc-rpc-explorer/.env ]; then
sed -i "s/BTCEXP_BITCOIND_PASS=.*/BTCEXP_BITCOIND_PASS=$BTCRPCPW/g" /opt/mynode/btc-rpc-explorer/.env
fi
# Enable / disable token requirement
if [ -f /mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token ]; then
sed -i "s/BTCEXP_SSO_TOKEN_FILE/#BTCEXP_SSO_TOKEN_FILE/g" /opt/mynode/btc-rpc-explorer/.env
fi

View File

@ -412,11 +412,6 @@ if [ -f /opt/mynode/btcpayserver/.env ]; then
sed -i "s/NBXPLORER_VERSION.*/NBXPLORER_VERSION=$BTCPAYSERVER_NBXPLORER_VERSION/g" /opt/mynode/btcpayserver/.env || true
fi
# BTC RPC Explorer Config
mkdir -p /opt/mynode/btc-rpc-explorer
cp /usr/share/mynode/btcrpcexplorer_env /opt/mynode/btc-rpc-explorer/.env
chown -R bitcoin:bitcoin /opt/mynode/btc-rpc-explorer
# LNBits Config
if [ -d /opt/mynode/lnbits ]; then
cp /usr/share/mynode/lnbits.env /opt/mynode/lnbits/.env

View File

@ -83,7 +83,6 @@ BTCEXP_PRIVACY_MODE=true
# File where the SSO token is stored; ignored if BTCEXP_BASIC_AUTH_PASSWORD is provided.
# Enables SSO if present.
# Default: none
#BTCEXP_SSO_TOKEN_FILE=/var/run/btc-rpc-explorer/sso_token
BTCEXP_SSO_TOKEN_FILE=/opt/mynode/btc-rpc-explorer/token
# URL of an optional external SSO provider

View File

@ -78,6 +78,7 @@ def api_get_service_status():
data["status"] = get_application_status(service)
data["color"] = get_application_status_color(service)
data["sso_token"] = get_application_sso_token(service)
data["sso_token_enabled"] = get_application_sso_token_enabled(service)
return jsonify(data)
@mynode_api.route("/api/get_app_info")

View File

@ -349,9 +349,15 @@ def get_application_status_color(short_name):
def get_application_sso_token(short_name):
# Make sure app is valid
if not is_application_valid(short_name):
return "APP NOT FOUND"
return "APP_NOT_FOUND"
return get_sso_token(short_name)
def get_application_sso_token_enabled(short_name):
# Make sure app is valid
if not is_application_valid(short_name):
return "APP_NOT_FOUND"
return get_sso_token_enabled(short_name)
def restart_application(short_name):
try:
subprocess.check_output('systemctl restart {}'.format(short_name), shell=True)

View File

@ -930,6 +930,27 @@ def reset_specter_config():
os.system("rm -rf /mnt/hdd/mynode/specter/config.json")
os.system("systemctl restart specter")
#==================================
# BTC RPC Explorer Functions
#==================================
def is_btcrpcexplorer_token_enabled():
if os.path.isfile("/mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token"):
return False
return True
def enable_btcrpcexplorer_token():
os.system("rm -rf /mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token")
os.system("sync")
if is_service_enabled("btcrpcexplorer"):
restart_service("btcrpcexplorer")
def disable_btcrpcexplorer_token():
os.system("touch /mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token")
os.system("sync")
if is_service_enabled("btcrpcexplorer"):
restart_service("btcrpcexplorer")
#==================================
# Tor Functions
#==================================
@ -1105,6 +1126,12 @@ def get_sso_token(short_name):
token = "UNKOWN_APP"
return to_string(token)
def get_sso_token_enabled(short_name):
enabled = False
if short_name == "btcrpcexplorer":
enabled = is_btcrpcexplorer_token_enabled()
return enabled
#==================================
# QR Code Functions

View File

@ -532,6 +532,7 @@ def index():
"lnd_channels": get_lightning_channels(),
"electrs_active": electrs_active,
"btcpayserver_onion": get_onion_url_btcpay(),
"btcrpcexplorer_token_enabled": is_btcrpcexplorer_token_enabled(),
"lndhub_onion": get_onion_url_lndhub(),
"lnbits_onion": get_onion_url_lnbits(),
"is_testnet_enabled": is_testnet_enabled(),

View File

@ -89,6 +89,7 @@ def page_settings():
"is_uploader_device": is_uploader(),
"download_rate": download_rate,
"upload_rate": upload_rate,
"btcrpcexplorer_token_enabled": is_btcrpcexplorer_token_enabled(),
"is_btc_lnd_tor_enabled": is_btc_lnd_tor_enabled(),
"is_aptget_tor_enabled": is_aptget_tor_enabled(),
"skip_fsck": skip_fsck(),
@ -782,17 +783,31 @@ def page_set_https_forced_page():
return redirect(url_for(".page_settings"))
@mynode_settings.route("/settings/btcrpcexplorer_token")
def page_btcrpcexplorer_token():
check_logged_in()
enable = request.args.get('enable')
if enable == "1":
enable_btcrpcexplorer_token()
else:
disable_btcrpcexplorer_token()
flash("BTC RPC Explorer Token Setting Saved", category="message")
return redirect(url_for(".page_settings"))
@mynode_settings.route("/settings/enable_aptget_tor")
def page_enable_aptget_tor():
check_logged_in()
check_and_mark_reboot_action("enable_aptget_tor")
enable = request.args.get('enable')
if enable == "1":
enable_aptget_tor()
else:
disable_aptget_tor()
flash("Tor Setting Saved", category="message")
return redirect(url_for(".page_settings"))
@mynode_settings.route("/settings/mynode_logs.tar.gz")

View File

@ -100,6 +100,9 @@
if ("sso_token" in data && data["sso_token"] != null && data["sso_token"] != "") {
application_data[short_name]["sso_token"] = data["sso_token"]
}
if ("sso_token_enabled" in data) {
application_data[short_name]["sso_token_enabled"] = data["sso_token_enabled"]
}
}
function refresh_page() {
@ -473,7 +476,11 @@
if (location.protocol == "https:") {
port="3003"
}
url = location.protocol+'//'+hostname+':'+port+'/?'+'token='+application_data["btcrpcexplorer"]["sso_token"]
token_string=""
if (application_data["btcrpcexplorer"]["sso_token_enabled"]) {
token_string='?'+'token='+application_data["btcrpcexplorer"]["sso_token"]
}
url = location.protocol+'//'+hostname+':'+port+'/'+token_string
window.open(url,'_blank');
})

View File

@ -445,6 +445,21 @@
}
});
$('#btcrpcexplorer_token_checkbox').change(function () {
$("#btcrpcexplorer_token").show();
});
$("#btcrpcexplorer_token").on("click", function() {
enabled=$('#btcrpcexplorer_token_checkbox').is(":checked")
if (enabled)
{
window.location.href='/settings/btcrpcexplorer_token?enable=1'
}
else
{
window.location.href='/settings/btcrpcexplorer_token?enable=0'
}
});
$('#aptget_tor_checkbox').change(function () {
$("#aptget_tor").show();
});
@ -800,6 +815,23 @@
</div>
<div class="settings_block">
<a id="btcrpcexplorer"></a>
<div class="settings_block_header">BTC RPC Explorer</div>
<div class="settings_block_subheader">Access Token</div>
To improve security, a token is required to access BTC RPC Explorer. This restricts access to people who have logged into myNode and navigated to
BTC RPC Explorer via the interface. To allow access to all users on the network, you can disable requiring the token. This is less secure.
<br/><br/>
<label class="switch">
<input type="checkbox" id="btcrpcexplorer_token_checkbox" {% if btcrpcexplorer_token_enabled %}checked{% endif %}>
<span class="slider round"></span>
</label>
<br/><br/>
<button id="btcrpcexplorer_token" style="display: none;" class="ui-button ui-widget ui-corner-all settings_button_small">Save</button>
</div>
<div class="settings_block">
<a id="mempool"></a>
<div class="settings_block_header">Mempool</div>