transatoshi/grin-explorer
1
0
Fork 0
mirror of https://github.com/transatoshi-mw/grin-explorer.git synced 2025-10-22 05:43:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

disallow get_outputs rpc

Browse Source
This commit is contained in:
aglkm
2024-06-05 06:31:54 +03:00
parent 5f6ad8ca2c
commit da61d470e7
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/main.rs
View File

@@ -223,7 +223,8 @@ async fn api_owner(data: &str) -> String {
// Foreign API. // Foreign API.
// All methods are whitelisted. // All methods are whitelisted, except get_outputs.
// get_outputs consumes CPU and blocks certain other rpc calls.
#[post("/v2/foreign", data="<data>")] #[post("/v2/foreign", data="<data>")]
async fn api_foreign(data: &str) -> String { async fn api_foreign(data: &str) -> String {
if CONFIG.public_api == "enabled" { if CONFIG.public_api == "enabled" {
@@ -239,6 +240,7 @@ async fn api_foreign(data: &str) -> String {
_ => return "{\"error\":\"bad syntax\"}".to_string(), _ => return "{\"error\":\"bad syntax\"}".to_string(),
}; };
if method != "get_outputs" {
let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await; let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
let result = match resp { let result = match resp {
@@ -246,7 +248,10 @@ async fn api_foreign(data: &str) -> String {
Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(), Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
}; };
result.to_string() return result.to_string();
}
"{\"error\":\"not allowed\"}".to_string()
} else { } else {
"{\"error\":\"not allowed\"}".to_string() "{\"error\":\"not allowed\"}".to_string()
} }