Warn about using --rpc-external and --ws-external options (#4448)

* Warn about using --rpc-external and --ws-external options * Apply review comments * Remove links placeholders * Add links to wiki

Warn about using --rpc-external and --ws-external options (#4448)
* Warn about using --rpc-external and --ws-external options * Apply review comments * Remove links placeholders * Add links to wiki
d46eaf79 · Stanislav Tkach · Gavin Wood · bbda30c7 · d46eaf79 · d46eaf79
Commit d46eaf79 authored 5 years ago by Stanislav Tkach Committed by Gavin Wood 5 years ago
--- a/substrate/client/cli/src/lib.rs
+++ b/substrate/client/cli/src/lib.rs
@@ -890,8 +890,8 @@ where
 			}
 		});

-	let rpc_interface: &str = if cli.rpc_external { "0.0.0.0" } else { "127.0.0.1" };
-	let ws_interface: &str = if cli.ws_external { "0.0.0.0" } else { "127.0.0.1" };
+	let rpc_interface: &str = interface_str(cli.rpc_external, cli.unsafe_rpc_external, cli.validator)?;
+	let ws_interface: &str = interface_str(cli.ws_external, cli.unsafe_ws_external, cli.validator)?;
 	let grafana_interface: &str = if cli.grafana_external { "0.0.0.0" } else { "127.0.0.1" };

 	config.rpc_http = Some(parse_address(&format!("{}:{}", rpc_interface, 9933), cli.rpc_port)?);
@@ -931,6 +931,27 @@ where
 	Ok(config)
 }

+fn interface_str(
+	is_external: bool,
+	is_unsafe_external: bool,
+	is_validator: bool,
+) -> Result<&'static str, error::Error> {
+	if is_external && is_validator {
+		return Err(error::Error::Input("--rpc-external and --ws-external options shouldn't be \
+		used if the node is running as a validator. Use `--unsafe-rpc-external` if you understand \
+		the risks. See the options description for more information.".to_owned()));
+	}
+
+	if is_external || is_unsafe_external {
+		log::warn!("It isn't safe to expose RPC publicly without a proxy server that filters \
+		available set of RPC methods.");
+
+		Ok("0.0.0.0")
+	} else {
+		Ok("127.0.0.1")
+	}
+}
+
 /// Creates a configuration including the database path.
 pub fn create_config_with_db_path<C, G, E, S>(
 	spec_factory: S, cli: &SharedParams, version: &VersionInfo,

--- a/substrate/client/cli/src/params.rs
+++ b/substrate/client/cli/src/params.rs
@@ -438,16 +438,32 @@ pub struct RunCmd {

 	/// Listen to all RPC interfaces.
 	///
-	/// Default is local.
+	/// Default is local. Note: not all RPC methods are safe to be exposed publicly. Use a RPC proxy
+	/// server to filter out dangerous methods. More details: https://github.com/paritytech/substrate/wiki/Public-RPC.
+	/// Use `--unsafe-rpc-external` to suppress the warning if you understand the risks.
 	#[structopt(long = "rpc-external")]
 	pub rpc_external: bool,

+	/// Listen to all RPC interfaces.
+	///
+	/// Same as `--rpc-external`.
+	#[structopt(long = "unsafe-rpc-external")]
+	pub unsafe_rpc_external: bool,
+
 	/// Listen to all Websocket interfaces.
 	///
-	/// Default is local.
+	/// Default is local. Note: not all RPC methods are safe to be exposed publicly. Use a RPC proxy
+	/// server to filter out dangerous methods. More details: https://github.com/paritytech/substrate/wiki/Public-RPC.
+	/// Use `--unsafe-ws-external` to suppress the warning if you understand the risks.
 	#[structopt(long = "ws-external")]
 	pub ws_external: bool,

+	/// Listen to all Websocket interfaces.
+	///
+	/// Same as `--ws-external`.
+	#[structopt(long = "unsafe-ws-external")]
+	pub unsafe_ws_external: bool,
+
 	/// Listen to all Grafana data source interfaces.
 	///
 	/// Default is local.