add ability to disable public api

Explorer.toml

@@ -19,8 +19,11 @@ foreign_api_secret_path = "~/.grin/main/.foreign_api_secret"
 # Path to Grin directory.
 grin_dir = "~/.grin"
 
-# CoinGecko API on/off switch.
+# Enable or disable CoinGecko API.
-coingecko_api = "on"
+coingecko_api = "enabled"
+
+# Enable or disable node POST API public access.
+public_api = "enabled"
 
 
 # Testnet config
@@ -31,5 +34,6 @@ coingecko_api = "on"
 # api_secret_path = "~/.grin/test/.api_secret"
 # foreign_api_secret_path = "~/.grin/test/.foreign_api_secret"
 # grin_dir = "~/.grin"
-# coingecko_api = "off"
+# coingecko_api = "disabled"
+# public_api = "enabled"
 

src/data.rs

@@ -167,6 +167,7 @@ pub struct ExplorerConfig {
     pub api_secret:              String,
     pub foreign_api_secret:      String,
     pub coingecko_api:           String,
+    pub public_api:              String,
 }
 
 impl ExplorerConfig {
@@ -182,6 +183,7 @@ impl ExplorerConfig {
             api_secret:              String::new(),
             foreign_api_secret:      String::new(),
             coingecko_api:           String::new(),
+            public_api:              String::new(),
         }
     }
 }

src/main.rs

@@ -190,31 +190,35 @@ fn search(input: Option<&str>) -> Either<Template, Redirect> {
 // Owner API.
 #[post("/v2/owner", data="<data>")]
 async fn api_owner(data: &str) -> String {
-    let result = serde_json::from_str(data);
+    if CONFIG.public_api == "enabled" {
+        let result = serde_json::from_str(data);
 
-    let v: Value = match result {
+        let v: Value = match result {
-        Ok(value) => value,
-        Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
-
-    let method = match v["method"].as_str() {
-        Some(value) => value,
-        _ => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
-    
-    // Whitelisted methods: get_connected_peer, get_peers, get_status.
-    if method == "get_connected_peers" || method == "get_peers" || method == "get_status" {
-        let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "owner").await;
-
-        let result = match resp {
             Ok(value) => value,
-            Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+            Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
         };
 
-        return result.to_string();
+        let method = match v["method"].as_str() {
-    }
+            Some(value) => value,
+            _ => return "{\"error\":\"bad syntax\"}".to_string(),
+        };
+    
+        // Whitelisted methods: get_connected_peer, get_peers, get_status.
+        if method == "get_connected_peers" || method == "get_peers" || method == "get_status" {
+            let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "owner").await;
 
-    "{\"error\":\"not allowed\"}".to_string()
+            let result = match resp {
+                Ok(value) => value,
+                Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+            };
+
+            return result.to_string();
+        }
+
+        "{\"error\":\"not allowed\"}".to_string()
+    } else {
+        "{\"error\":\"not allowed\"}".to_string()
+    }
 }
 
 
@@ -222,26 +226,30 @@ async fn api_owner(data: &str) -> String {
 // All methods are whitelisted.
 #[post("/v2/foreign", data="<data>")]
 async fn api_foreign(data: &str) -> String {
-    let result = serde_json::from_str(data);
+    if CONFIG.public_api == "enabled" {
+        let result = serde_json::from_str(data);
 
-    let v: Value = match result {
+        let v: Value = match result {
-        Ok(value) => value,
+            Ok(value) => value,
-        Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
+            Err(_err) => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
+        };
 
-    let method = match v["method"].as_str() {
+        let method = match v["method"].as_str() {
-        Some(value) => value,
+            Some(value) => value,
-        _ => return "{\"error\":\"bad syntax\"}".to_string(),
+            _ => return "{\"error\":\"bad syntax\"}".to_string(),
-    };
+        };
 
-    let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
+        let resp = requests::call(method, v["params"].to_string().as_str(), v["id"].to_string().as_str(), "foreign").await;
 
-    let result = match resp {
+        let result = match resp {
-        Ok(value) => value,
+            Ok(value) => value,
-        Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
+            Err(_err) => return "{\"error\":\"rpc call failed\"}".to_string(),
-    };
+        };
 
-    result.to_string()
+        result.to_string()
+    } else {
+        "{\"error\":\"not allowed\"}".to_string()
+    }
 }
 
 

src/requests.rs

@@ -38,6 +38,7 @@ lazy_static! {
                 "foreign_api_secret_path" => cfg.foreign_api_secret_path = value,
                 "grin_dir"                => cfg.grin_dir                = value,
                 "coingecko_api"           => cfg.coingecko_api           = value,
+                "public_api"              => cfg.public_api              = value,
                 _ => println!("{} Unknown config setting '{}'.", "[ ERROR   ]".red(), name),
             }
         }
@@ -147,7 +148,7 @@ pub async fn get_market(dashboard: Arc<Mutex<Dashboard>>) -> Result<(), Error> {
     let result;
     let mut val = Value::Null;
 
-    if CONFIG.coingecko_api == "on" {
+    if CONFIG.coingecko_api == "enabled" {
         client = reqwest::Client::new();
         result = client.get("https://api.coingecko.com/api/v3/simple/price?ids=grin&vs_currencies=usd%2Cbtc&include_24hr_vol=true").send().await?;
         val    = serde_json::from_str(&result.text().await.unwrap()).unwrap();
@@ -170,7 +171,7 @@ pub async fn get_market(dashboard: Arc<Mutex<Dashboard>>) -> Result<(), Error> {
         data.soft_supply = format!("{:.2}",
                                    supply.to_string().parse::<f64>().unwrap() / 3150000000.0 * 100.0);
     
-        if CONFIG.coingecko_api == "on" && val != Value::Null {
+        if CONFIG.coingecko_api == "enabled" && val != Value::Null {
             // Check if CoingGecko API returned error
             if let Some(status) = val.get("status") {
                 println!("{} {}.", "[ WARNING ]".yellow(),
@@ -201,7 +202,7 @@ pub fn get_disk_usage(dashboard: Arc<Mutex<Dashboard>>) -> Result<(), Error> {
     let mut data = dashboard.lock().unwrap();
     let chain_data;
 
-    if CONFIG.coingecko_api == "on" {
+    if CONFIG.coingecko_api == "enabled" {
         chain_data = format!("{}/main/chain_data", CONFIG.grin_dir);
     } else {
         chain_data = format!("{}/test/chain_data", CONFIG.grin_dir);
@@ -250,7 +251,7 @@ pub async fn get_mining_stats(dashboard: Arc<Mutex<Dashboard>>) -> Result<(), an
             
             data.difficulty = net_diff.to_string();
 
-            if CONFIG.coingecko_api == "on" {
+            if CONFIG.coingecko_api == "enabled" {
                 // Calculating G1-mini production per hour
                 let coins_per_hour = 1.2 / hashrate * 60.0 * 60.0;
 

templates/base.html.tera

@@ -219,7 +219,7 @@
 		</a>
 	      </div>
             </div>
-	    {% if cg_api == "on" %}
+	    {% if cg_api == "enabled" %}
             <div class="row">
               <div class="col d-flex justify-content-center" style="color:grey">
 		Powered by CoinGecko

templates/index.html.tera

@@ -6,7 +6,7 @@
 
 {# We have different UI to display if CoinGecko API is disabled by user #}
 
-{% if cg_api == "on" %}
+{% if cg_api == "enabled" %}
 {# CoinGecko API is enabled #}
 
 <div class="d-none d-md-block"> <!-- Show on >= md screens -->