[ ] https://github.com/clemahieu/raiblocks/commit/661d5ed94c116a9038a4290a025b134127b3a61c https://github.com/clemahieu/raiblocks/commit/26f9bebf7ab80dc6dca27756fcf609ca4a7d4895 All node options to be available via RPC, such as account_get, account_key, key_create, key_expand, wallet_change_seed, wallet_decrypt_unsafe, wallet_list
Some of them are not safe to print in logs, perhaps just replace seeds/private keys in log files with zeroes.
[ ] [mikerow] Username and Password authentication for RPC. Or perhaps default username and random password is enough — SergiySW
[ ] RPC command to stop bootstrap
[x] https://github.com/clemahieu/raiblocks/commit/094708d3a4ac5b5e0c94969f60bc425f2ee50e26 RPC command to rebroadcast block
[x] https://github.com/clemahieu/raiblocks/commit/26f9bebf7ab80dc6dca27756fcf609ca4a7d4895 RPC command to retrieve frontiers for wallet
{ "action": "wallet_frontiers", "wallet": "000D1BAEC8EC208142C99059B393051BAC8380F9B5A2E6B2489A277D81789F3F" }
[x] https://github.com/clemahieu/raiblocks/commit/34e9a9c943cf74d669100ac9fa89939af193a5d0 RCP command to force bootstrap to specific peer like
{ "action": "bootstrap", "peer": "::ffff:128.199.199.97:7075" }
[x] Return error message as JSON. Now you can view error output only in curl. In JavaScript it's just empty server answer. Sample
{ "error": "Invalid block hash" }
[x] Add HTTP response header “Access-Control-Allow-Origin: *” to RPC answers would be useful to control node via browsers JavaScript. Otherwise modern browsers block JSON response.
[x] Add RPC command to retrieve release version e.g. 7.5.0
[x] [mikerow] RPC to change an account representative instead compile a block by yourself with "publish_block".
[x] RPC to see blocks downloaded but not yet in the ledger. Perhaps just expand response of { "action": "block_count" }
[x] RPC to see pending incoming transactions for account
For invalid block you can seek if there is any "type" set. It' the method I'm using in Explorer to reveal invalid block.
New proposal:
Added access control header https://github.com/clemahieu/raiblocks/commit/f5c0f6dffbd099ea83f81eea391ed5eb70be385c
Added vendor_version to version RPC
https://github.com/clemahieu/raiblocks/commit/6f68d923a07ed241445b570c649c47e4a09405fc
Added json errors instead of http errors.
https://github.com/clemahieu/raiblocks/commit/d7a8698d3790405187b619079b5a1fbcef7b796c
New proposal:
RPC to see blocks downloaded but not yet in the ledger. Perhaps just expand response of { "action": "block_count" }
New proposal:
RPC to see pending incoming transactions for account
Additional
{ "action": "bootstrap", "peer": "::ffff:128.199.199.97:7075" }Additional
Additional
Regarding the "Username and Password authentication for RPC" proposal (and apologies in advance if this is a dumb question, RaiBlocks/Nano newbie here..):
Is the rai_node RPC similar to JSONRPC from here https://github.com/spesmilo/electrum-docs/blob/master/cve.rst ?
(TLDR: the BTC Electrum wallet had a potential vulnerability whereby, if you opened a web browser and Electrum at the same time, some malicious webpage's JS code could probe the localhost RPC ports; since the request came from localhost, the wallet falsely believed they were legitimate user requests, they were not filtered/ignored like external access would have been)
If so, should the implementation of the password protection be prioritized ? I looked at this repo's issues, at the wiki, but could not find anything definite; thanks to anyone who can shed light on this.
@ttcoder FWIW I'm going to submit a PR soon with TLS + client certificates, which may be interesting for some. When configured with client certs, only users with a trusted client cert will be able to connect. A user/pwd sign-in API sounds useful too.
I think these were all implemented, otherwise we can make new issues.
Most helpful comment
Added access control header https://github.com/clemahieu/raiblocks/commit/f5c0f6dffbd099ea83f81eea391ed5eb70be385c
Added vendor_version to version RPC
https://github.com/clemahieu/raiblocks/commit/6f68d923a07ed241445b570c649c47e4a09405fc