Add ability to toggle BTC RPC Explorer token

rootfs/standard/etc/systemd/system/btcrpcexplorer.service

@@ -10,6 +10,7 @@ After=bitcoin.service
 ExecStartPre=/usr/bin/is_not_shutting_down.sh
 ExecStartPre=/usr/bin/wait_on_bitcoin.sh
 ExecStartPre=/usr/bin/wait_on_electrs.sh
+ExecStartPre=+/usr/bin/mynode_pre_btcrpcexplorer.sh
 WorkingDirectory=/opt/mynode/btc-rpc-explorer
 ExecStart=/usr/bin/npm start
 

rootfs/standard/usr/bin/mynode_pre_btcrpcexplorer.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+source /usr/share/mynode/mynode_config.sh
+
+set -x
+
+# Initialize BTC RPC Explorer Config
+mkdir -p /opt/mynode/btc-rpc-explorer
+cp /usr/share/mynode/btcrpcexplorer_env /opt/mynode/btc-rpc-explorer/.env
+chown -R bitcoin:bitcoin /opt/mynode/btc-rpc-explorer
+
+# Update Bitcoin RPC Password
+BTCRPCPW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw)
+if [ -f /opt/mynode/btc-rpc-explorer/.env ]; then
+    sed -i "s/BTCEXP_BITCOIND_PASS=.*/BTCEXP_BITCOIND_PASS=$BTCRPCPW/g" /opt/mynode/btc-rpc-explorer/.env
+fi
+
+# Enable / disable token requirement
+if [ -f /mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token ]; then
+    sed -i "s/BTCEXP_SSO_TOKEN_FILE/#BTCEXP_SSO_TOKEN_FILE/g" /opt/mynode/btc-rpc-explorer/.env
+fi

rootfs/standard/usr/bin/mynode_startup.sh

@@ -412,11 +412,6 @@ if [ -f /opt/mynode/btcpayserver/.env ]; then
     sed -i "s/NBXPLORER_VERSION.*/NBXPLORER_VERSION=$BTCPAYSERVER_NBXPLORER_VERSION/g" /opt/mynode/btcpayserver/.env || true
 fi
 
-# BTC RPC Explorer Config
-mkdir -p /opt/mynode/btc-rpc-explorer
-cp /usr/share/mynode/btcrpcexplorer_env /opt/mynode/btc-rpc-explorer/.env
-chown -R bitcoin:bitcoin /opt/mynode/btc-rpc-explorer
-
 # LNBits Config
 if [ -d /opt/mynode/lnbits ]; then
     cp /usr/share/mynode/lnbits.env /opt/mynode/lnbits/.env

rootfs/standard/usr/share/mynode/btcrpcexplorer_env

@@ -83,7 +83,6 @@ BTCEXP_PRIVACY_MODE=true
 # File where the SSO token is stored; ignored if BTCEXP_BASIC_AUTH_PASSWORD is provided.
 # Enables SSO if present.
 # Default: none
-#BTCEXP_SSO_TOKEN_FILE=/var/run/btc-rpc-explorer/sso_token
 BTCEXP_SSO_TOKEN_FILE=/opt/mynode/btc-rpc-explorer/token
 
 # URL of an optional external SSO provider

rootfs/standard/var/www/mynode/api.py

@@ -78,6 +78,7 @@ def api_get_service_status():
     data["status"] = get_application_status(service)
     data["color"] = get_application_status_color(service)
     data["sso_token"] = get_application_sso_token(service)
+    data["sso_token_enabled"] = get_application_sso_token_enabled(service)
     return jsonify(data)
 
 @mynode_api.route("/api/get_app_info")

rootfs/standard/var/www/mynode/application_info.py

@@ -349,9 +349,15 @@ def get_application_status_color(short_name):
 def get_application_sso_token(short_name):
     # Make sure app is valid
     if not is_application_valid(short_name):
-        return "APP NOT FOUND"
+        return "APP_NOT_FOUND"
     return get_sso_token(short_name)
 
+def get_application_sso_token_enabled(short_name):
+    # Make sure app is valid
+    if not is_application_valid(short_name):
+        return "APP_NOT_FOUND"
+    return get_sso_token_enabled(short_name)
+
 def restart_application(short_name):
     try:
         subprocess.check_output('systemctl restart {}'.format(short_name), shell=True)

rootfs/standard/var/www/mynode/device_info.py

@@ -930,6 +930,27 @@ def reset_specter_config():
     os.system("rm -rf /mnt/hdd/mynode/specter/config.json")
     os.system("systemctl restart specter")
 
+#==================================
+# BTC RPC Explorer Functions
+#==================================
+def is_btcrpcexplorer_token_enabled():
+    if os.path.isfile("/mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token"):
+        return False
+    return True
+
+def enable_btcrpcexplorer_token():
+    os.system("rm -rf /mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token")
+    os.system("sync")
+    if is_service_enabled("btcrpcexplorer"):
+        restart_service("btcrpcexplorer")
+
+
+def disable_btcrpcexplorer_token():
+    os.system("touch /mnt/hdd/mynode/settings/.btcrpcexplorer_disable_token")
+    os.system("sync")
+    if is_service_enabled("btcrpcexplorer"):
+        restart_service("btcrpcexplorer")
+
 #==================================
 # Tor Functions
 #==================================
@@ -1105,6 +1126,12 @@ def get_sso_token(short_name):
         token = "UNKOWN_APP"
     return to_string(token)
 
+def get_sso_token_enabled(short_name):
+    enabled = False
+    if short_name == "btcrpcexplorer":
+        enabled = is_btcrpcexplorer_token_enabled()
+    return enabled
+
 
 #==================================
 # QR Code Functions

rootfs/standard/var/www/mynode/mynode.py

@@ -532,6 +532,7 @@ def index():
             "lnd_channels": get_lightning_channels(),
             "electrs_active": electrs_active,
             "btcpayserver_onion": get_onion_url_btcpay(),
+            "btcrpcexplorer_token_enabled": is_btcrpcexplorer_token_enabled(),
             "lndhub_onion": get_onion_url_lndhub(),
             "lnbits_onion": get_onion_url_lnbits(),
             "is_testnet_enabled": is_testnet_enabled(),

rootfs/standard/var/www/mynode/settings.py

@@ -89,6 +89,7 @@ def page_settings():
         "is_uploader_device": is_uploader(),
         "download_rate": download_rate,
         "upload_rate": upload_rate,
+        "btcrpcexplorer_token_enabled": is_btcrpcexplorer_token_enabled(),
         "is_btc_lnd_tor_enabled": is_btc_lnd_tor_enabled(),
         "is_aptget_tor_enabled": is_aptget_tor_enabled(),
         "skip_fsck": skip_fsck(),
@@ -780,19 +781,33 @@ def page_set_https_forced_page():
 
     flash("HTTPS Settings Saved", category="message")
     return redirect(url_for(".page_settings"))
+
+
+@mynode_settings.route("/settings/btcrpcexplorer_token")
+def page_btcrpcexplorer_token():
+    check_logged_in()
+    
+    enable = request.args.get('enable')
+    if enable == "1":
+        enable_btcrpcexplorer_token()
+    else:
+        disable_btcrpcexplorer_token()
+
+    flash("BTC RPC Explorer Token Setting Saved", category="message")
+    return redirect(url_for(".page_settings")) 
     
 
 @mynode_settings.route("/settings/enable_aptget_tor")
 def page_enable_aptget_tor():
     check_logged_in()
-
-    check_and_mark_reboot_action("enable_aptget_tor")
     
     enable = request.args.get('enable')
     if enable == "1":
         enable_aptget_tor()
     else:
         disable_aptget_tor()
+    
+    flash("Tor Setting Saved", category="message")
     return redirect(url_for(".page_settings"))
 
 @mynode_settings.route("/settings/mynode_logs.tar.gz")

rootfs/standard/var/www/mynode/templates/main.html

@@ -100,6 +100,9 @@
                 if ("sso_token" in data && data["sso_token"] != null && data["sso_token"] != "") {
                     application_data[short_name]["sso_token"] = data["sso_token"]
                 }
+                if ("sso_token_enabled" in data) {
+                    application_data[short_name]["sso_token_enabled"] = data["sso_token_enabled"]
+                }
             }
 
             function refresh_page() {
@@ -473,7 +476,11 @@
                     if (location.protocol == "https:") {
                         port="3003"
                     }
-                    url = location.protocol+'//'+hostname+':'+port+'/?'+'token='+application_data["btcrpcexplorer"]["sso_token"]
+                    token_string=""
+                    if (application_data["btcrpcexplorer"]["sso_token_enabled"]) {
+                        token_string='?'+'token='+application_data["btcrpcexplorer"]["sso_token"]
+                    }
+                    url = location.protocol+'//'+hostname+':'+port+'/'+token_string
                     window.open(url,'_blank');
                 })
 

rootfs/standard/var/www/mynode/templates/settings.html

@@ -445,6 +445,21 @@
                     }
                 });
 
+                $('#btcrpcexplorer_token_checkbox').change(function () {
+                    $("#btcrpcexplorer_token").show();
+                });
+                $("#btcrpcexplorer_token").on("click", function() {
+                    enabled=$('#btcrpcexplorer_token_checkbox').is(":checked")
+                    if (enabled)
+                    {
+                        window.location.href='/settings/btcrpcexplorer_token?enable=1'
+                    }
+                    else
+                    {
+                        window.location.href='/settings/btcrpcexplorer_token?enable=0'
+                    }
+                });
+
                 $('#aptget_tor_checkbox').change(function () {
                     $("#aptget_tor").show();
                 });
@@ -800,6 +815,23 @@
         </div>
 
 
+        <div class="settings_block">
+            <a id="btcrpcexplorer"></a>
+            <div class="settings_block_header">BTC RPC Explorer</div>
+            
+            <div class="settings_block_subheader">Access Token</div>
+            To improve security, a token is required to access BTC RPC Explorer. This restricts access to people who have logged into myNode and navigated to
+            BTC RPC Explorer via the interface. To allow access to all users on the network, you can disable requiring the token. This is less secure.
+            <br/><br/>
+            <label class="switch">
+                <input type="checkbox" id="btcrpcexplorer_token_checkbox" {% if btcrpcexplorer_token_enabled %}checked{% endif %}>
+                <span class="slider round"></span>
+            </label>
+            <br/><br/>
+            <button id="btcrpcexplorer_token" style="display: none;" class="ui-button ui-widget ui-corner-all settings_button_small">Save</button>
+        </div>
+
+
         <div class="settings_block">
             <a id="mempool"></a>
             <div class="settings_block_header">Mempool</div>