mirror of
https://github.com/XRPLF/rippled.git
synced 2025-12-06 17:27:55 +00:00
78076a6903
The API would allow seeds (and public keys) to be used in place of accounts at several locations in the API. For example, when calling account_info, you could pass `"account": "foo"`. The string "foo" is treated like a seed, so the method returns `actNotFound` (instead of `actMalformed`, as most developers would expect). In the early days, this was a convenience to make testing easier. However, it allows for poor security practices, so it is no longer a good idea. Allowing a secret or passphrase is now considered a bug. Previously, it was controlled by the `strict` option on some methods. With this commit, since the API does not interpret `account` as `seed`, the option `strict` is no longer needed and is removed. Removing this behavior from the API is a [breaking change](https://xrpl.org/request-formatting.html#breaking-changes). One could argue that it shouldn't be done without bumping the API version; however, in this instance, there is no evidence that anyone is using the API in the "legacy" way. Furthermore, it is a potential security hole, as it allows users to send secrets to places where they are not needed, where they could end up in logs, error messages, etc. There's no reason to take such a risk with a seed/secret, since only the public address is needed. Resolves: #3329, #3330, #4337 BREAKING CHANGE: Remove non-strict account parsing (#3330)
256 lines
8.7 KiB
C++
256 lines
8.7 KiB
C++
//------------------------------------------------------------------------------
|
|
/*
|
|
This file is part of rippled: https://github.com/ripple/rippled
|
|
Copyright (c) 2012-2014 Ripple Labs Inc.
|
|
|
|
Permission to use, copy, modify, and/or distribute this software for any
|
|
purpose with or without fee is hereby granted, provided that the above
|
|
copyright notice and this permission notice appear in all copies.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*/
|
|
//==============================================================================
|
|
|
|
#include <ripple/app/main/Application.h>
|
|
#include <ripple/app/paths/TrustLine.h>
|
|
#include <ripple/ledger/ReadView.h>
|
|
#include <ripple/net/RPCErr.h>
|
|
#include <ripple/protocol/ErrorCodes.h>
|
|
#include <ripple/protocol/jss.h>
|
|
#include <ripple/resource/Fees.h>
|
|
#include <ripple/rpc/Context.h>
|
|
#include <ripple/rpc/impl/RPCHelpers.h>
|
|
#include <ripple/rpc/impl/Tuning.h>
|
|
|
|
namespace ripple {
|
|
|
|
void
|
|
addLine(Json::Value& jsonLines, RPCTrustLine const& line)
|
|
{
|
|
STAmount const& saBalance(line.getBalance());
|
|
STAmount const& saLimit(line.getLimit());
|
|
STAmount const& saLimitPeer(line.getLimitPeer());
|
|
Json::Value& jPeer(jsonLines.append(Json::objectValue));
|
|
|
|
jPeer[jss::account] = to_string(line.getAccountIDPeer());
|
|
// Amount reported is positive if current account holds other
|
|
// account's IOUs.
|
|
//
|
|
// Amount reported is negative if other account holds current
|
|
// account's IOUs.
|
|
jPeer[jss::balance] = saBalance.getText();
|
|
jPeer[jss::currency] = to_string(saBalance.issue().currency);
|
|
jPeer[jss::limit] = saLimit.getText();
|
|
jPeer[jss::limit_peer] = saLimitPeer.getText();
|
|
jPeer[jss::quality_in] = line.getQualityIn().value;
|
|
jPeer[jss::quality_out] = line.getQualityOut().value;
|
|
if (line.getAuth())
|
|
jPeer[jss::authorized] = true;
|
|
if (line.getAuthPeer())
|
|
jPeer[jss::peer_authorized] = true;
|
|
if (line.getNoRipple() || !line.getDefaultRipple())
|
|
jPeer[jss::no_ripple] = line.getNoRipple();
|
|
if (line.getNoRipplePeer() || !line.getDefaultRipple())
|
|
jPeer[jss::no_ripple_peer] = line.getNoRipplePeer();
|
|
if (line.getFreeze())
|
|
jPeer[jss::freeze] = true;
|
|
if (line.getFreezePeer())
|
|
jPeer[jss::freeze_peer] = true;
|
|
}
|
|
|
|
// {
|
|
// account: <account>
|
|
// ledger_hash : <ledger>
|
|
// ledger_index : <ledger_index>
|
|
// limit: integer // optional
|
|
// marker: opaque // optional, resume previous query
|
|
// ignore_default: bool // do not return lines in default state (on
|
|
// this account's side)
|
|
// }
|
|
Json::Value
|
|
doAccountLines(RPC::JsonContext& context)
|
|
{
|
|
auto const& params(context.params);
|
|
if (!params.isMember(jss::account))
|
|
return RPC::missing_field_error(jss::account);
|
|
|
|
std::shared_ptr<ReadView const> ledger;
|
|
auto result = RPC::lookupLedger(ledger, context);
|
|
if (!ledger)
|
|
return result;
|
|
|
|
auto id = parseBase58<AccountID>(params[jss::account].asString());
|
|
if (!id)
|
|
{
|
|
RPC::inject_error(rpcACT_MALFORMED, result);
|
|
return result;
|
|
}
|
|
auto const accountID{std::move(id.value())};
|
|
|
|
if (!ledger->exists(keylet::account(accountID)))
|
|
return rpcError(rpcACT_NOT_FOUND);
|
|
|
|
std::string strPeer;
|
|
if (params.isMember(jss::peer))
|
|
strPeer = params[jss::peer].asString();
|
|
|
|
auto const raPeerAccount = [&]() -> std::optional<AccountID> {
|
|
return strPeer.empty() ? std::nullopt : parseBase58<AccountID>(strPeer);
|
|
}();
|
|
if (!strPeer.empty() && !raPeerAccount)
|
|
{
|
|
RPC::inject_error(rpcACT_MALFORMED, result);
|
|
return result;
|
|
}
|
|
|
|
unsigned int limit;
|
|
if (auto err = readLimitField(limit, RPC::Tuning::accountLines, context))
|
|
return *err;
|
|
|
|
if (limit == 0)
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
|
|
// this flag allows the requester to ask incoming trustlines in default
|
|
// state be omitted
|
|
bool ignoreDefault = params.isMember(jss::ignore_default) &&
|
|
params[jss::ignore_default].asBool();
|
|
|
|
Json::Value& jsonLines(result[jss::lines] = Json::arrayValue);
|
|
struct VisitData
|
|
{
|
|
std::vector<RPCTrustLine> items;
|
|
AccountID const& accountID;
|
|
std::optional<AccountID> const& raPeerAccount;
|
|
bool ignoreDefault;
|
|
uint32_t foundCount;
|
|
};
|
|
VisitData visitData = {{}, accountID, raPeerAccount, ignoreDefault, 0};
|
|
uint256 startAfter = beast::zero;
|
|
std::uint64_t startHint = 0;
|
|
|
|
if (params.isMember(jss::marker))
|
|
{
|
|
if (!params[jss::marker].isString())
|
|
return RPC::expected_field_error(jss::marker, "string");
|
|
|
|
// Marker is composed of a comma separated index and start hint. The
|
|
// former will be read as hex, and the latter using boost lexical cast.
|
|
std::stringstream marker(params[jss::marker].asString());
|
|
std::string value;
|
|
if (!std::getline(marker, value, ','))
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
|
|
if (!startAfter.parseHex(value))
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
|
|
if (!std::getline(marker, value, ','))
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
|
|
try
|
|
{
|
|
startHint = boost::lexical_cast<std::uint64_t>(value);
|
|
}
|
|
catch (boost::bad_lexical_cast&)
|
|
{
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
}
|
|
|
|
// We then must check if the object pointed to by the marker is actually
|
|
// owned by the account in the request.
|
|
auto const sle = ledger->read({ltANY, startAfter});
|
|
|
|
if (!sle)
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
|
|
if (!RPC::isRelatedToAccount(*ledger, sle, accountID))
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
}
|
|
|
|
auto count = 0;
|
|
std::optional<uint256> marker = {};
|
|
std::uint64_t nextHint = 0;
|
|
{
|
|
if (!forEachItemAfter(
|
|
*ledger,
|
|
accountID,
|
|
startAfter,
|
|
startHint,
|
|
limit + 1,
|
|
[&visitData, &count, &marker, &limit, &nextHint](
|
|
std::shared_ptr<SLE const> const& sleCur) {
|
|
if (!sleCur)
|
|
{
|
|
assert(false);
|
|
return false;
|
|
}
|
|
|
|
if (++count == limit)
|
|
{
|
|
marker = sleCur->key();
|
|
nextHint =
|
|
RPC::getStartHint(sleCur, visitData.accountID);
|
|
}
|
|
|
|
if (sleCur->getType() != ltRIPPLE_STATE)
|
|
return true;
|
|
|
|
bool ignore = false;
|
|
if (visitData.ignoreDefault)
|
|
{
|
|
if (sleCur->getFieldAmount(sfLowLimit).getIssuer() ==
|
|
visitData.accountID)
|
|
ignore =
|
|
!(sleCur->getFieldU32(sfFlags) & lsfLowReserve);
|
|
else
|
|
ignore = !(
|
|
sleCur->getFieldU32(sfFlags) & lsfHighReserve);
|
|
}
|
|
|
|
if (!ignore && count <= limit)
|
|
{
|
|
auto const line =
|
|
RPCTrustLine::makeItem(visitData.accountID, sleCur);
|
|
|
|
if (line &&
|
|
(!visitData.raPeerAccount ||
|
|
*visitData.raPeerAccount ==
|
|
line->getAccountIDPeer()))
|
|
{
|
|
visitData.items.emplace_back(*line);
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}))
|
|
{
|
|
return rpcError(rpcINVALID_PARAMS);
|
|
}
|
|
}
|
|
|
|
// Both conditions need to be checked because marker is set on the limit-th
|
|
// item, but if there is no item on the limit + 1 iteration, then there is
|
|
// no need to return a marker.
|
|
if (count == limit + 1 && marker)
|
|
{
|
|
result[jss::limit] = limit;
|
|
result[jss::marker] =
|
|
to_string(*marker) + "," + std::to_string(nextHint);
|
|
}
|
|
|
|
result[jss::account] = toBase58(accountID);
|
|
|
|
for (auto const& item : visitData.items)
|
|
addLine(jsonLines, item);
|
|
|
|
context.loadType = Resource::feeMediumBurdenRPC;
|
|
return result;
|
|
}
|
|
|
|
} // namespace ripple
|