Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
whqwjb
go-ethereum
提交
059c767a
G
go-ethereum
项目概览
whqwjb
/
go-ethereum
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
go-ethereum
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
059c767a
编写于
8月 18, 2017
作者:
P
Péter Szilágyi
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
cmd/puppeth: support blacklisting malicious IPs on ethstats
上级
104375f3
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
60 addition
and
7 deletion
+60
-7
cmd/puppeth/module_ethstats.go
cmd/puppeth/module_ethstats.go
+19
-6
cmd/puppeth/wizard.go
cmd/puppeth/wizard.go
+24
-0
cmd/puppeth/wizard_ethstats.go
cmd/puppeth/wizard_ethstats.go
+17
-1
未找到文件。
cmd/puppeth/module_ethstats.go
浏览文件 @
059c767a
...
...
@@ -42,7 +42,7 @@ RUN \
WORKDIR /eth-netstats
EXPOSE 3000
RUN echo 'module.exports = {trusted: [{{.Trusted}}], banned: []};' > lib/utils/config.js
RUN echo 'module.exports = {trusted: [{{.Trusted}}], banned: [
{{.Banned}}
]};' > lib/utils/config.js
CMD ["npm", "start"]
`
...
...
@@ -59,7 +59,8 @@ services:
- "{{.Port}}:3000"{{end}}
environment:
- WS_SECRET={{.Secret}}{{if .VHost}}
- VIRTUAL_HOST={{.VHost}}{{end}}
- VIRTUAL_HOST={{.VHost}}{{end}}{{if .Banned}}
- BANNED={{.Banned}}{{end}}
logging:
driver: "json-file"
options:
...
...
@@ -71,18 +72,24 @@ services:
// deployEthstats deploys a new ethstats container to a remote machine via SSH,
// docker and docker-compose. If an instance with the specified network name
// already exists there, it will be overwritten!
func
deployEthstats
(
client
*
sshClient
,
network
string
,
port
int
,
secret
string
,
vhost
string
,
trusted
[]
string
)
([]
byte
,
error
)
{
func
deployEthstats
(
client
*
sshClient
,
network
string
,
port
int
,
secret
string
,
vhost
string
,
trusted
[]
string
,
banned
[]
string
)
([]
byte
,
error
)
{
// Generate the content to upload to the server
workdir
:=
fmt
.
Sprintf
(
"%d"
,
rand
.
Int63
())
files
:=
make
(
map
[
string
][]
byte
)
trustedLabels
:=
make
([]
string
,
len
(
trusted
))
for
i
,
address
:=
range
trusted
{
trusted
[
i
]
=
fmt
.
Sprintf
(
"
\"
%s
\"
"
,
address
)
trustedLabels
[
i
]
=
fmt
.
Sprintf
(
"
\"
%s
\"
"
,
address
)
}
bannedLabels
:=
make
([]
string
,
len
(
banned
))
for
i
,
address
:=
range
banned
{
bannedLabels
[
i
]
=
fmt
.
Sprintf
(
"
\"
%s
\"
"
,
address
)
}
dockerfile
:=
new
(
bytes
.
Buffer
)
template
.
Must
(
template
.
New
(
""
)
.
Parse
(
ethstatsDockerfile
))
.
Execute
(
dockerfile
,
map
[
string
]
interface
{}{
"Trusted"
:
strings
.
Join
(
trusted
,
", "
),
"Trusted"
:
strings
.
Join
(
trustedLabels
,
", "
),
"Banned"
:
strings
.
Join
(
bannedLabels
,
", "
),
})
files
[
filepath
.
Join
(
workdir
,
"Dockerfile"
)]
=
dockerfile
.
Bytes
()
...
...
@@ -92,6 +99,7 @@ func deployEthstats(client *sshClient, network string, port int, secret string,
"Port"
:
port
,
"Secret"
:
secret
,
"VHost"
:
vhost
,
"Banned"
:
strings
.
Join
(
banned
,
","
),
})
files
[
filepath
.
Join
(
workdir
,
"docker-compose.yaml"
)]
=
composefile
.
Bytes
()
...
...
@@ -112,11 +120,12 @@ type ethstatsInfos struct {
port
int
secret
string
config
string
banned
[]
string
}
// String implements the stringer interface.
func
(
info
*
ethstatsInfos
)
String
()
string
{
return
fmt
.
Sprintf
(
"host=%s, port=%d, secret=%s
"
,
info
.
host
,
info
.
port
,
info
.
secret
)
return
fmt
.
Sprintf
(
"host=%s, port=%d, secret=%s
, banned=%v"
,
info
.
host
,
info
.
port
,
info
.
secret
,
info
.
banned
)
}
// checkEthstats does a health-check against an ethstats server to verify whether
...
...
@@ -150,6 +159,9 @@ func checkEthstats(client *sshClient, network string) (*ethstatsInfos, error) {
if
port
!=
80
&&
port
!=
443
{
config
+=
fmt
.
Sprintf
(
":%d"
,
port
)
}
// Retrieve the IP blacklist
banned
:=
strings
.
Split
(
infos
.
envvars
[
"BANNED"
],
","
)
// Run a sanity check to see if the port is reachable
if
err
=
checkPort
(
host
,
port
);
err
!=
nil
{
log
.
Warn
(
"Ethstats service seems unreachable"
,
"server"
,
host
,
"port"
,
port
,
"err"
,
err
)
...
...
@@ -160,5 +172,6 @@ func checkEthstats(client *sshClient, network string) (*ethstatsInfos, error) {
port
:
port
,
secret
:
secret
,
config
:
config
,
banned
:
banned
,
},
nil
}
cmd/puppeth/wizard.go
浏览文件 @
059c767a
...
...
@@ -22,6 +22,7 @@ import (
"fmt"
"io/ioutil"
"math/big"
"net"
"os"
"path/filepath"
"sort"
...
...
@@ -277,3 +278,26 @@ func (w *wizard) readJSON() string {
return
string
(
blob
)
}
}
// readIPAddress reads a single line from stdin, trimming if from spaces and
// converts it to a network IP address.
func
(
w
*
wizard
)
readIPAddress
()
net
.
IP
{
for
{
// Read the IP address from the user
fmt
.
Printf
(
"> "
)
text
,
err
:=
w
.
in
.
ReadString
(
'\n'
)
if
err
!=
nil
{
log
.
Crit
(
"Failed to read user input"
,
"err"
,
err
)
}
if
text
=
strings
.
TrimSpace
(
text
);
text
==
""
{
return
nil
}
// Make sure it looks ok and return it if so
ip
:=
net
.
ParseIP
(
text
)
if
ip
==
nil
{
log
.
Error
(
"Invalid IP address, please retry"
)
continue
}
return
ip
}
}
cmd/puppeth/wizard_ethstats.go
浏览文件 @
059c767a
...
...
@@ -60,6 +60,22 @@ func (w *wizard) deployEthstats() {
fmt
.
Printf
(
"What should be the secret password for the API? (default = %s)
\n
"
,
infos
.
secret
)
infos
.
secret
=
w
.
readDefaultString
(
infos
.
secret
)
}
// Gather any blacklists to ban from reporting
fmt
.
Println
()
fmt
.
Printf
(
"Keep existing IP %v blacklist (y/n)? (default = yes)
\n
"
,
infos
.
banned
)
if
w
.
readDefaultString
(
"y"
)
!=
"y"
{
infos
.
banned
=
nil
fmt
.
Println
()
fmt
.
Println
(
"Which IP addresses should be blacklisted?"
)
for
{
if
ip
:=
w
.
readIPAddress
();
ip
!=
nil
{
infos
.
banned
=
append
(
infos
.
banned
,
ip
.
String
())
continue
}
break
}
}
// Try to deploy the ethstats server on the host
trusted
:=
make
([]
string
,
0
,
len
(
w
.
servers
))
for
_
,
client
:=
range
w
.
servers
{
...
...
@@ -67,7 +83,7 @@ func (w *wizard) deployEthstats() {
trusted
=
append
(
trusted
,
client
.
address
)
}
}
if
out
,
err
:=
deployEthstats
(
client
,
w
.
network
,
infos
.
port
,
infos
.
secret
,
infos
.
host
,
trusted
);
err
!=
nil
{
if
out
,
err
:=
deployEthstats
(
client
,
w
.
network
,
infos
.
port
,
infos
.
secret
,
infos
.
host
,
trusted
,
infos
.
banned
);
err
!=
nil
{
log
.
Error
(
"Failed to deploy ethstats container"
,
"err"
,
err
)
if
len
(
out
)
>
0
{
fmt
.
Printf
(
"%s
\n
"
,
out
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录