diff options
| author | Péter Szilágyi <peterke@gmail.com> | 2017-10-23 15:22:23 +0800 |
|---|---|---|
| committer | Péter Szilágyi <peterke@gmail.com> | 2017-11-21 21:09:36 +0800 |
| commit | 51a86f61be52fdd16a409fc93cf89a2226129697 (patch) | |
| tree | 005e972dfd90ea4e97b119ebb3d9acd02732ba84 /cmd/faucet/faucet.go | |
| parent | b5cf60389510cdfbd38b2f79936323f89388724c (diff) | |
| download | go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.gz go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.bz2 go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.lz go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.xz go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.tar.zst go-tangerine-51a86f61be52fdd16a409fc93cf89a2226129697.zip | |
cmd/faucet: protocol relative websockets, noauth mode
Diffstat (limited to 'cmd/faucet/faucet.go')
| -rw-r--r-- | cmd/faucet/faucet.go | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/cmd/faucet/faucet.go b/cmd/faucet/faucet.go index 72098e68d..94d690e53 100644 --- a/cmd/faucet/faucet.go +++ b/cmd/faucet/faucet.go @@ -83,7 +83,8 @@ var ( captchaToken = flag.String("captcha.token", "", "Recaptcha site key to authenticate client side") captchaSecret = flag.String("captcha.secret", "", "Recaptcha secret key to authenticate server side") - logFlag = flag.Int("loglevel", 3, "Log level to use for Ethereum and the faucet") + noauthFlag = flag.Bool("noauth", false, "Enables funding requests without authentication") + logFlag = flag.Int("loglevel", 3, "Log level to use for Ethereum and the faucet") ) var ( @@ -132,6 +133,7 @@ func main() { "Amounts": amounts, "Periods": periods, "Recaptcha": *captchaToken, + "NoAuth": *noauthFlag, }) if err != nil { log.Crit("Failed to render the faucet template", "err", err) @@ -374,7 +376,7 @@ func (f *faucet) apiHandler(conn *websocket.Conn) { if err = websocket.JSON.Receive(conn, &msg); err != nil { return } - if !strings.HasPrefix(msg.URL, "https://gist.github.com/") && !strings.HasPrefix(msg.URL, "https://twitter.com/") && + if !*noauthFlag && !strings.HasPrefix(msg.URL, "https://gist.github.com/") && !strings.HasPrefix(msg.URL, "https://twitter.com/") && !strings.HasPrefix(msg.URL, "https://plus.google.com/") && !strings.HasPrefix(msg.URL, "https://www.facebook.com/") { if err = sendError(conn, errors.New("URL doesn't link to supported services")); err != nil { log.Warn("Failed to send URL error to client", "err", err) @@ -442,6 +444,8 @@ func (f *faucet) apiHandler(conn *websocket.Conn) { username, avatar, address, err = authGooglePlus(msg.URL) case strings.HasPrefix(msg.URL, "https://www.facebook.com/"): username, avatar, address, err = authFacebook(msg.URL) + case *noauthFlag: + username, avatar, address, err = authNoAuth(msg.URL) default: err = errors.New("Something funky happened, please open an issue at https://github.com/ethereum/go-ethereum/issues") } @@ -776,3 +780,14 @@ func authFacebook(url string) (string, string, common.Address, error) { } return username + "@facebook", avatar, address, nil } + +// authNoAuth tries to interpret a faucet request as a plain Ethereum address, +// without actually performing any remote authentication. This mode is prone to +// Byzantine attack, so only ever use for truly private networks. +func authNoAuth(url string) (string, string, common.Address, error) { + address := common.HexToAddress(regexp.MustCompile("0x[0-9a-fA-F]{40}").FindString(url)) + if address == (common.Address{}) { + return "", "", common.Address{}, errors.New("No Ethereum address found to fund") + } + return address.Hex() + "@noauth", "", address, nil +} |