Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/feature/heartbeats' into track…
Browse files Browse the repository at this point in the history
…-incentive-candidates
  • Loading branch information
cce committed Oct 30, 2024
2 parents c558d59 + 8b6c443 commit a843630
Show file tree
Hide file tree
Showing 47 changed files with 989 additions and 443 deletions.
4 changes: 0 additions & 4 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,10 @@ executors:
macos:
xcode: 14.2.0
resource_class: macos.m1.medium.gen1
environment:
HOMEBREW_NO_AUTO_UPDATE: "true"
mac_arm64_large:
macos:
xcode: 14.2.0
resource_class: macos.m1.large.gen1
environment:
HOMEBREW_NO_AUTO_UPDATE: "true"

slack-fail-stop-step: &slack-fail-post-step
post-steps:
Expand Down
1 change: 0 additions & 1 deletion .golangci-warnings.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ linters:
enable:
- gosec
- partitiontest
- unused

linters-settings:
gosec: # we are mostly only interested in G601
Expand Down
11 changes: 11 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ linters:
- staticcheck
- typecheck
- paralleltest
- unused

severity:
default-severity: error
Expand Down Expand Up @@ -115,6 +116,14 @@ issues:
- "^superfluous-else: if block ends with"

exclude-rules:
- path: cmd/algofix/
linters: unused
- path: cmd/algocfg/
linters: unused
- path: cmd/catchpointdump/
linters: unused
- path: tools/
linters: unused
- path: _test\.go
linters:
- errcheck
Expand All @@ -129,6 +138,7 @@ issues:
# - revive
# - staticcheck
- typecheck
- unused
- path: _test\.go
linters:
- staticcheck
Expand Down Expand Up @@ -206,3 +216,4 @@ issues:
- govet
- ineffassign
- misspell
- unused
3 changes: 3 additions & 0 deletions config/localTemplate.go
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,9 @@ type Local struct {
// EndpointAddress configures the address the node listens to for REST API calls. Specify an IP and port or just port. For example, 127.0.0.1:0 will listen on a random port on the localhost (preferring 8080).
EndpointAddress string `version[0]:"127.0.0.1:0"`

// Respond to Private Network Access preflight requests sent to the node. Useful when a public website is trying to access a node that's hosted on a local network.
EnablePrivateNetworkAccessHeader bool `version[34]:"false"`

// RestReadTimeoutSeconds is passed to the API servers rest http.Server implementation.
RestReadTimeoutSeconds int `version[4]:"15"`

Expand Down
1 change: 1 addition & 0 deletions config/local_defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ var defaultLocal = Local{
EnableP2P: false,
EnableP2PHybridMode: false,
EnablePingHandler: true,
EnablePrivateNetworkAccessHeader: false,
EnableProcessBlockStats: false,
EnableProfiler: false,
EnableRequestLogger: false,
Expand Down
20 changes: 0 additions & 20 deletions daemon/algod/api/client/restClient.go
Original file line number Diff line number Diff line change
Expand Up @@ -347,26 +347,6 @@ type pendingTransactionsByAddrParams struct {
Max uint64 `url:"max"`
}

type transactionsByAddrParams struct {
FirstRound uint64 `url:"firstRound"`
LastRound uint64 `url:"lastRound"`
Max uint64 `url:"max"`
}

type assetsParams struct {
AssetIdx uint64 `url:"assetIdx"`
Max uint64 `url:"max"`
}

type appsParams struct {
AppIdx uint64 `url:"appIdx"`
Max uint64 `url:"max"`
}

type rawblockParams struct {
Raw uint64 `url:"raw"`
}

type rawFormat struct {
Format string `url:"format"`
}
Expand Down
13 changes: 13 additions & 0 deletions daemon/algod/api/server/lib/middlewares/cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,16 @@ func MakeCORS(tokenHeader string) echo.MiddlewareFunc {
AllowMethods: []string{http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete, http.MethodOptions},
})
}

// MakePNA constructs the Private Network Access middleware function
func MakePNA() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(ctx echo.Context) error {
req := ctx.Request()
if req.Method == http.MethodOptions && req.Header.Get("Access-Control-Request-Private-Network") == "true" {
ctx.Response().Header().Set("Access-Control-Allow-Private-Network", "true")
}
return next(ctx)
}
}
}
148 changes: 148 additions & 0 deletions daemon/algod/api/server/lib/middlewares/cors_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
// Copyright (C) 2019-2024 Algorand, Inc.
// This file is part of go-algorand
//
// go-algorand is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// go-algorand is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with go-algorand. If not, see <https://www.gnu.org/licenses/>.

package middlewares

import (
"net/http"
"net/http/httptest"
"testing"

"github.com/algorand/go-algorand/test/partitiontest"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
)

func TestMakeCORS(t *testing.T) {
partitiontest.PartitionTest(t)
e := echo.New()
tokenHeader := "X-Algo-API-Token"
corsMiddleware := MakeCORS(tokenHeader)

testCases := []struct {
name string
method string
headers map[string]string
expectedStatus int
expectedHeaders map[string]string
}{
{
name: "OPTIONS request",
method: http.MethodOptions,
headers: map[string]string{
"Origin": "http://algorand.com",
"Access-Control-Request-Headers": "Content-Type," + tokenHeader,
},
expectedStatus: http.StatusNoContent,
expectedHeaders: map[string]string{
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS",
"Access-Control-Allow-Headers": tokenHeader + ",Content-Type",
},
},
{
name: "GET request",
method: http.MethodGet,
headers: map[string]string{
"Origin": "http://algorand.com",
},
expectedStatus: http.StatusOK,
expectedHeaders: map[string]string{
"Access-Control-Allow-Origin": "*",
},
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
req := httptest.NewRequest(tc.method, "/health", nil)
for key, value := range tc.headers {
req.Header.Set(key, value)
}
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)

handler := corsMiddleware(func(c echo.Context) error {
return c.NoContent(http.StatusOK)
})

err := handler(c)

assert.NoError(t, err)
assert.Equal(t, tc.expectedStatus, rec.Code)
for key, value := range tc.expectedHeaders {
assert.Equal(t, value, rec.Header().Get(key))
}
})
}
}

func TestMakePNA(t *testing.T) {
partitiontest.PartitionTest(t)
e := echo.New()
pnaMiddleware := MakePNA()

testCases := []struct {
name string
method string
headers map[string]string
expectedStatusCode int
expectedHeader string
}{
{
name: "OPTIONS request with PNA header",
method: http.MethodOptions,
headers: map[string]string{"Access-Control-Request-Private-Network": "true"},
expectedStatusCode: http.StatusOK,
expectedHeader: "true",
},
{
name: "OPTIONS request without PNA header",
method: http.MethodOptions,
headers: map[string]string{},
expectedStatusCode: http.StatusOK,
expectedHeader: "",
},
{
name: "GET request",
method: http.MethodGet,
headers: map[string]string{},
expectedStatusCode: http.StatusOK,
expectedHeader: "",
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
req := httptest.NewRequest(tc.method, "/", nil)
for key, value := range tc.headers {
req.Header.Set(key, value)
}
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)

handler := pnaMiddleware(func(c echo.Context) error {
return c.NoContent(http.StatusOK)
})

err := handler(c)

assert.NoError(t, err)
assert.Equal(t, tc.expectedStatusCode, rec.Code)
assert.Equal(t, tc.expectedHeader, rec.Header().Get("Access-Control-Allow-Private-Network"))
})
}
}
6 changes: 6 additions & 0 deletions daemon/algod/api/server/router.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,12 @@ func NewRouter(logger logging.Logger, node APINodeInterface, shutdown <-chan str
middleware.RemoveTrailingSlash())
e.Use(
middlewares.MakeLogger(logger),
)
// Optional middleware for Private Network Access Header (PNA). Must come before CORS middleware.
if node.Config().EnablePrivateNetworkAccessHeader {
e.Use(middlewares.MakePNA())
}
e.Use(
middlewares.MakeCORS(TokenHeader),
)

Expand Down
5 changes: 4 additions & 1 deletion daemon/kmd/api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,10 +137,13 @@ func SwaggerHandler(w http.ResponseWriter, r *http.Request) {

// Handler returns the root mux router for the kmd API. It sets up handlers on
// subrouters specific to each API version.
func Handler(sm *session.Manager, log logging.Logger, allowedOrigins []string, apiToken string, reqCB func()) *mux.Router {
func Handler(sm *session.Manager, log logging.Logger, allowedOrigins []string, apiToken string, pnaHeader bool, reqCB func()) *mux.Router {
rootRouter := mux.NewRouter()

// Send the appropriate CORS headers
if pnaHeader {
rootRouter.Use(AllowPNA())
}
rootRouter.Use(corsMiddleware(allowedOrigins))

// Handle OPTIONS requests
Expand Down
13 changes: 13 additions & 0 deletions daemon/kmd/api/cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,16 @@ func corsMiddleware(allowedOrigins []string) func(http.Handler) http.Handler {
})
}
}

// AllowPNA constructs the Private Network Access middleware function
func AllowPNA() func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Private-Network") == "true" {
w.Header().Set("Access-Control-Allow-Private-Network", "true")
}

next.ServeHTTP(w, r)
})
}
}
1 change: 1 addition & 0 deletions daemon/kmd/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ type KMDConfig struct {
SessionLifetimeSecs uint64 `json:"session_lifetime_secs"`
Address string `json:"address"`
AllowedOrigins []string `json:"allowed_origins"`
AllowHeaderPNA bool `json:"allow_header_pna"`
}

// DriverConfig contains config info specific to each wallet driver
Expand Down
1 change: 1 addition & 0 deletions daemon/kmd/kmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ func Start(startConfig StartConfig) (died chan error, sock string, err error) {
DataDir: startConfig.DataDir,
Address: kmdCfg.Address,
AllowedOrigins: kmdCfg.AllowedOrigins,
AllowHeaderPNA: kmdCfg.AllowHeaderPNA,
SessionManager: session.MakeManager(kmdCfg),
Log: startConfig.Log,
Timeout: startConfig.Timeout,
Expand Down
3 changes: 2 additions & 1 deletion daemon/kmd/server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ type WalletServerConfig struct {
DataDir string
Address string
AllowedOrigins []string
AllowHeaderPNA bool
SessionManager *session.Manager
Log logging.Logger
Timeout *time.Duration
Expand Down Expand Up @@ -211,7 +212,7 @@ func (ws *WalletServer) start(kill chan os.Signal) (died chan error, sock string
// Initialize HTTP server
watchdogCB := ws.makeWatchdogCallback(kill)
srv := http.Server{
Handler: api.Handler(ws.SessionManager, ws.Log, ws.AllowedOrigins, ws.APIToken, watchdogCB),
Handler: api.Handler(ws.SessionManager, ws.Log, ws.AllowedOrigins, ws.APIToken, ws.AllowHeaderPNA, watchdogCB),
}

// Read the kill channel and shut down the server gracefully
Expand Down
1 change: 0 additions & 1 deletion data/transactions/verify/txn.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ type GroupContext struct {
}

var errTxGroupInvalidFee = errors.New("txgroup fee requirement overflow")
var errTxGroupInsuffientLsigBudget = errors.New("txgroup lsig expectations exceed available budget")
var errTxnSigHasNoSig = errors.New("signedtxn has no sig")
var errTxnSigNotWellFormed = errors.New("signedtxn should only have one of Sig or Msig or LogicSig")
var errRekeyingNotSupported = errors.New("nonempty AuthAddr but rekeying is not supported")
Expand Down
Loading

0 comments on commit a843630

Please sign in to comment.