From e83febf5826bdfe444d63082a93a500eb64cb755 Mon Sep 17 00:00:00 2001 From: Victor Allombert Date: Wed, 24 Jan 2024 13:21:38 +0100 Subject: [PATCH] RPC_server: enforce default secure ACLs --- src/lib_rpc_http/RPC_server.ml | 38 ++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/src/lib_rpc_http/RPC_server.ml b/src/lib_rpc_http/RPC_server.ml index 319c6046b8c3..f30baa04c58e 100644 --- a/src/lib_rpc_http/RPC_server.ml +++ b/src/lib_rpc_http/RPC_server.ml @@ -97,7 +97,26 @@ module Acl = struct [ "GET /chains/*/blocks"; "GET /chains/*/blocks/*"; - "GET /chains/*/blocks/*/context/**"; + "GET /chains/*/chain_id"; + "GET /chains/*/checkpoint"; + "GET /chains/*/blocks/*/context/adaptive_issuance_launch_cycle"; + "GET /chains/*/blocks/*/context/big_maps/*/*"; + "GET /chains/*/blocks/*/context/cache/**"; + "GET /chains/*/blocks/*/context/constants"; + "GET /chains/*/blocks/*/context/contracts/**"; + "GET /chains/*/blocks/*/context/delegates/**"; + "GET /chains/*/blocks/*/context/denunciations"; + "GET /chains/*/blocks/*/context/issuance"; + "GET /chains/*/blocks/*/context/issuance/*"; + "GET /chains/*/blocks/*/context/liquidity_baking/*"; + "GET /chains/*/blocks/*/context/merkle_tree/**"; + "GET /chains/*/blocks/*/context/merkle_tree_v2/**"; + "GET /chains/*/blocks/*/context/nonces/*"; + "GET /chains/*/blocks/*/context/sapling/**"; + "GET /chains/*/blocks/*/context/seed_computation"; + "GET /chains/*/blocks/*/context/selected_snapshot"; + "GET /chains/*/blocks/*/context/total_frozen_stake"; + "GET /chains/*/blocks/*/context/total_supply"; "GET /chains/*/blocks/*/hash"; "GET /chains/*/blocks/*/header"; "GET /chains/*/blocks/*/header/**"; @@ -108,38 +127,31 @@ module Acl = struct "GET /chains/*/blocks/*/minimal_valid_time"; "GET /chains/*/blocks/*/operation_hashes"; "GET /chains/*/blocks/*/operation_hashes/**"; - "GET /chains/*/blocks/*/operation_metadata_hash"; + "GET /chains/*/blocks/*/operation_metadata_hashes"; "GET /chains/*/blocks/*/operations"; "GET /chains/*/blocks/*/operations/**"; "GET /chains/*/blocks/*/operations_metadata_hash"; "GET /chains/*/blocks/*/protocols"; + "GET /chains/*/blocks/*/resulting_context_hash"; "GET /chains/*/blocks/*/votes/**"; - "GET /chains/*/chain_id"; - "GET /chains/*/checkpoint"; "GET /chains/*/invalid_blocks"; "GET /chains/*/invalid_blocks/*"; "GET /chains/*/is_bootstrapped"; + "GET /chains/*/levels/*"; "GET /chains/*/mempool/filter"; - "GET /chains/*/mempool/monitor_operations"; "GET /chains/*/mempool/pending_operations"; + "GET /config/history_mode"; "GET /config/network/user_activated_protocol_overrides"; "GET /config/network/user_activated_upgrades"; "GET /config/network/dal"; - "GET /describe/**"; - "GET /errors"; - "GET /monitor/**"; - "GET /network/greylist/ips"; - "GET /network/greylist/peers"; - "GET /network/self"; - "GET /network/self"; "GET /network/stat"; "GET /network/version"; "GET /network/versions"; "GET /protocols"; - "GET /protocols/*"; "GET /protocols/*/environment"; "GET /version"; "POST /chains/*/blocks/*/context/contracts/*/big_map_get"; + "POST /chains/*/blocks/*/context/seed"; "POST /injection/operation"; ]; } -- GitLab