From da61d470e79bc293ca6c42b5d364f342b597e43b Mon Sep 17 00:00:00 2001
From: aglkm <39521015+aglkm@users.noreply.github.com>
Date: Wed, 5 Jun 2024 06:31:54 +0300
Subject: [PATCH] disallow get_outputs rpc

---
 src/main.rs | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 4d2ac5a..c452509 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -223,7 +223,8 @@ async fn api_owner(data: &str) -> String {
 
 
 // Foreign API.
-// All methods are whitelisted.
+// All methods are whitelisted, except get_outputs.
+// get_outputs consumes CPU and blocks certain other rpc calls.
 #[post("/v2/foreign", data="<data>")]
 async fn api_foreign(data: &str) -> String {
     if CONFIG.public_api == "enabled" {
@@ -239,14 +240,18 @@ async fn api_foreign(data: &str) -> String {
             _ => return "{\"error\":\"bad syntax\"}".to_string(),
         };
 
-        let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
+        if method != "get_outputs" {
+            let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
 
-        let result = match resp {
-            Ok(value) => value,
-            Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
-        };
+            let result = match resp {
+                Ok(value) => value,
+                Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+            };
 
-        result.to_string()
+            return result.to_string();
+        }
+
+        "{\"error\":\"not allowed\"}".to_string()
     } else {
         "{\"error\":\"not allowed\"}".to_string()
     }