diff --git a/daemon/algod/api/server/router.go b/daemon/algod/api/server/router.go index cd0899c176..0b02bb8566 100644 --- a/daemon/algod/api/server/router.go +++ b/daemon/algod/api/server/router.go @@ -19,10 +19,11 @@ package server import ( "fmt" - "golang.org/x/sync/semaphore" "net" "net/http" + "golang.org/x/sync/semaphore" + "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" @@ -74,18 +75,26 @@ func registerHandlers(router *echo.Echo, prefix string, routes lib.Routes, ctx l // NewRouter builds and returns a new router with our REST handlers registered. func NewRouter(logger logging.Logger, node APINodeInterface, shutdown <-chan struct{}, apiToken string, adminAPIToken string, listener net.Listener, numConnectionsLimit uint64) *echo.Echo { - if err := tokens.ValidateAPIToken(apiToken); err != nil { - logger.Errorf("Invalid apiToken was passed to NewRouter ('%s'): %v", apiToken, err) - } + // check admin token and init admin middleware if err := tokens.ValidateAPIToken(adminAPIToken); err != nil { logger.Errorf("Invalid adminAPIToken was passed to NewRouter ('%s'): %v", adminAPIToken, err) } adminMiddleware := []echo.MiddlewareFunc{ middlewares.MakeAuth(TokenHeader, []string{adminAPIToken}), } + + // check public api tokens and init public middleware publicMiddleware := []echo.MiddlewareFunc{ middleware.BodyLimit(MaxRequestBodyBytes), - middlewares.MakeAuth(TokenHeader, []string{adminAPIToken, apiToken}), + } + if apiToken == "" { + logger.Warn("Running with public API authentication disabled") + } else { + if err := tokens.ValidateAPIToken(apiToken); err != nil { + logger.Errorf("Invalid apiToken was passed to NewRouter ('%s'): %v", apiToken, err) + } + publicMiddleware = append(publicMiddleware, middlewares.MakeAuth(TokenHeader, []string{adminAPIToken, apiToken})) + } e := echo.New() diff --git a/test/e2e-go/restAPI/other/misc_test.go b/test/e2e-go/restAPI/other/misc_test.go index 3f9da07c4a..eeaff9fcd1 100644 --- a/test/e2e-go/restAPI/other/misc_test.go +++ b/test/e2e-go/restAPI/other/misc_test.go @@ -39,12 +39,12 @@ func TestDisabledAPIConfig(t *testing.T) { localFixture.Setup(t, filepath.Join("nettemplates", "DisableAPIAuth.json")) defer localFixture.Shutdown() - testClient := localFixture.LibGoalClient + libgoalClient := localFixture.LibGoalClient - statusResponse, err := testClient.Status() + statusResponse, err := libgoalClient.Status() a.NoError(err) a.NotEmpty(statusResponse) - statusResponse2, err := testClient.Status() + statusResponse2, err := libgoalClient.Status() a.NoError(err) a.NotEmpty(statusResponse2) a.True(statusResponse2.LastRound >= statusResponse.LastRound) @@ -58,12 +58,21 @@ func TestDisabledAPIConfig(t *testing.T) { assert.True(t, os.IsNotExist(err)) // check public api works without a token - testClient.WaitForRound(1) + url, err := localFixture.NC.ServerURL() + a.NoError(err) + testClient := client.MakeRestClient(url, "") // empty token + + _, err = testClient.WaitForBlock(1) + assert.NoError(t, err) _, err = testClient.Block(1) assert.NoError(t, err) + _, err = testClient.Status() + a.NoError(err) + // check admin api works with the generated token - _, err = testClient.GetParticipationKeys() + _, err = libgoalClient.GetParticipationKeys() assert.NoError(t, err) + // check admin api doesn't work with an invalid token algodURL, err := nc.ServerURL() assert.NoError(t, err) diff --git a/test/framework/fixtures/libgoalFixture.go b/test/framework/fixtures/libgoalFixture.go index de1a06623d..bd4f615ae7 100644 --- a/test/framework/fixtures/libgoalFixture.go +++ b/test/framework/fixtures/libgoalFixture.go @@ -390,7 +390,7 @@ func (f *LibGoalFixture) dumpLogs(filePath string) { fmt.Fprintf(os.Stderr, "%s/%s:\n", parts[len(parts)-2], parts[len(parts)-1]) // Primary/node.log scanner := bufio.NewScanner(file) for scanner.Scan() { - fmt.Fprint(os.Stderr, scanner.Text()) + fmt.Fprintln(os.Stderr, scanner.Text()) } fmt.Fprintln(os.Stderr) }