From 93d2ac7048e9b237a1e985aa0e5b68c3fd812de1 Mon Sep 17 00:00:00 2001 From: Acha Bill <57879913+acha-bill@users.noreply.github.com> Date: Tue, 30 Apr 2024 18:15:41 +0100 Subject: [PATCH] feat: merge bee and debug APis (part 1) (#4651) --- cmd/bee/cmd/start.go | 1 + openapi/Swarm.yaml | 313 ++++++++++++++++++++++++++++++++++----- openapi/SwarmCommon.yaml | 5 + openapi/SwarmDebug.yaml | 16 +- pkg/api/api_test.go | 3 +- pkg/api/router.go | 15 +- pkg/auth/auth.go | 10 ++ pkg/node/devnode.go | 11 +- pkg/node/node.go | 108 ++++++++------ 9 files changed, 376 insertions(+), 106 deletions(-) diff --git a/cmd/bee/cmd/start.go b/cmd/bee/cmd/start.go index 4e967285428..e659d125116 100644 --- a/cmd/bee/cmd/start.go +++ b/cmd/bee/cmd/start.go @@ -73,6 +73,7 @@ func (c *command) initStartCmd() (err error) { fmt.Print(beeWelcomeMessage) fmt.Printf("\n\nversion: %v - planned to be supported until %v, please follow https://ethswarm.org/\n\n", bee.Version, endSupportDate()) + fmt.Printf("DEPRECATION NOTICE:\nThe Debug API is deprecated and will be removed in the next release, version [2.2.0].\nPlease update your integrations to use the main Bee API to avoid service disruptions.\n\n") logger.Info("bee version", "version", bee.Version) go startTimeBomb(logger) diff --git a/openapi/Swarm.yaml b/openapi/Swarm.yaml index 72e41ec5665..7bcd224a7d0 100644 --- a/openapi/Swarm.yaml +++ b/openapi/Swarm.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: - version: 5.2.0 + version: 6.0.0 title: Bee API description: "A list of the currently provided Interfaces to interact with the swarm, implementing file operations and sending messages" @@ -930,7 +930,7 @@ paths: "/addresses": get: summary: Get overlay and underlay addresses of the node - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. tags: - Connectivity responses: @@ -982,7 +982,7 @@ paths: "/balances": get: summary: Get the balances with all known peers including prepaid services - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1002,7 +1002,7 @@ paths: "/balances/{address}": get: summary: Get the balances with a specific peer including prepaid services - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1031,7 +1031,7 @@ paths: "/blocklist": get: summary: Get a list of blocklisted peers - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1051,7 +1051,7 @@ paths: "/consumed": get: summary: Get the past due consumption balances with all known peers - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1071,7 +1071,7 @@ paths: "/consumed/{address}": get: summary: Get the past due consumption balance with a specific peer - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1100,7 +1100,7 @@ paths: "/chequebook/address": get: summary: Get the address of the chequebook contract used - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1116,7 +1116,7 @@ paths: "/chequebook/balance": get: summary: Get the balance of the chequebook - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1190,7 +1190,7 @@ paths: "/connect/{multiAddress}": post: summary: Connect to address - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1220,7 +1220,7 @@ paths: "/reservestate": get: summary: Get reserve state - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1238,7 +1238,7 @@ paths: "/chainstate": get: summary: Get chain state - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1256,7 +1256,7 @@ paths: "/node": get: summary: Get information about the node - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. tags: - Status responses: @@ -1272,7 +1272,7 @@ paths: "/peers": get: summary: Get a list of peers - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1290,7 +1290,7 @@ paths: "/peers/{address}": delete: summary: Remove peer - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1319,7 +1319,7 @@ paths: "/pingpong/{address}": post: summary: Try connection to node - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1350,7 +1350,7 @@ paths: "/settlements/{address}": get: summary: Get amount of sent and received from settlements with a peer - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1379,7 +1379,7 @@ paths: "/settlements": get: summary: Get settlements with all known peers and total amount sent or received - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1399,7 +1399,7 @@ paths: "/timesettlements": get: summary: Get time based settlements with all known peers and total amount sent or received - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1419,7 +1419,7 @@ paths: "/topology": get: summary: Get topology of known network - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1435,7 +1435,7 @@ paths: "/welcome-message": get: summary: Get configured P2P welcome message - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1453,7 +1453,7 @@ paths: description: Default response post: summary: Set P2P welcome message - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1480,7 +1480,7 @@ paths: "/chequebook/cashout/{peer-id}": get: summary: Get last cashout action for the peer - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] parameters: @@ -1507,7 +1507,7 @@ paths: description: Default response post: summary: Cashout the last cheque for the peer - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] parameters: @@ -1540,7 +1540,7 @@ paths: "/chequebook/cheque/{peer-id}": get: summary: Get last cheques for the peer - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] parameters: @@ -1569,7 +1569,7 @@ paths: "/chequebook/cheque": get: summary: Get last cheques for all peers - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1591,7 +1591,7 @@ paths: "/chequebook/deposit": post: summary: Deposit tokens from overlay address into chequebook - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] parameters: @@ -1621,7 +1621,7 @@ paths: "/chequebook/withdraw": post: summary: Withdraw tokens from the chequebook to the overlay address - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] parameters: @@ -1651,7 +1651,7 @@ paths: "/transactions": get: summary: Get list of pending transactions - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. tags: - Transaction responses: @@ -1669,7 +1669,7 @@ paths: "/transactions/{txHash}": get: summary: Get information about a sent transaction - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. parameters: - in: path name: txHash @@ -1694,7 +1694,7 @@ paths: description: Default response post: summary: Rebroadcast existing transaction - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. parameters: - in: path name: txHash @@ -1719,7 +1719,7 @@ paths: description: Default response delete: summary: Cancel existing transaction - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. parameters: - in: path name: txHash @@ -1747,7 +1747,7 @@ paths: "/stamps": get: summary: Get stamps for this node - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1775,7 +1775,7 @@ paths: description: Swarm address of the stamp get: summary: Get an individual postage batch status - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1804,7 +1804,7 @@ paths: description: Swarm address of the stamp get: summary: Get extended bucket data of a batch - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -1831,7 +1831,7 @@ paths: description: | Be aware, this endpoint creates an on-chain transactions and transfers BZZ from the node's Ethereum account and hence directly manipulates the wallet balance! - This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + This endpoint can be restricted if the node is spawned with the `--restricted` flag. tags: - Postage Stamps parameters: @@ -1882,7 +1882,7 @@ paths: description: | Be aware, this endpoint creates on-chain transactions and transfers BZZ from the node's Ethereum account and hence directly manipulates the wallet balance! - This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + This endpoint can be restricted if the node is spawned with the `--restricted` flag. tags: - Postage Stamps parameters: @@ -1924,7 +1924,7 @@ paths: description: | Be aware, this endpoint creates on-chain transactions and transfers BZZ from the node's Ethereum account and hence directly manipulates the wallet balance! - This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + This endpoint can be restricted if the node is spawned with the `--restricted` flag. tags: - Postage Stamps parameters: @@ -1961,7 +1961,7 @@ paths: "/batches": get: summary: Get all globally available batches that were purchased by all nodes. - description: This endpoint is available on the main API only if the node is spawned with the `--restricted` flag along with a bearer authentication token. + description: This endpoint can be restricted if the node is spawned with the `--restricted` flag. security: - bearerAuth: [ ] tags: @@ -2015,6 +2015,241 @@ paths: default: description: Default response + "/accounting": + get: + summary: Get all accounting associated values with all known peers + tags: + - Balance + responses: + "200": + description: Own accounting associated values with all known peers + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/PeerAccountingData" + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + + "/redistributionstate": + get: + summary: Get current status of node in redistribution game + tags: + - RedistributionState + responses: + "200": + description: Redistribution status info + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/RedistributionStatusResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + "/wallet": + get: + summary: Get wallet balance for BZZ and xDai + tags: + - Wallet + responses: + "200": + description: Wallet balance info + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/WalletResponse" + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + "/wallet/withdraw/{coin}": + post: + summary: Allows withdrawals of BZZ or xDAI to provided (whitelisted) address + tags: + - Wallet + parameters: + - in: query + name: amount + required: true + schema: + $ref: "#/components/schemas/BigInt" + - in: query + name: address + required: true + schema: + $ref: "#/components/schemas/EthereumAddress" + - in: path + name: coin + required: true + schema: + $ref: "#/components/schemas/SwarmAddress" + responses: + "200": + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/WalletTxResponse" + description: OK + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + description: Amount greater than ballance or coin is other than BZZ/xDAI + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + + "/stake/{amount}": + post: + summary: Deposit some amount for staking. + description: Be aware, this endpoint creates an on-chain transactions and transfers BZZ from the node's Ethereum account and hence directly manipulates the wallet balance. + tags: + - Staking + parameters: + - in: path + name: amount + schema: + type: string + description: Amount of BZZ added that will be deposited for staking. + - $ref: "SwarmCommon.yaml#/components/parameters/GasPriceParameter" + - $ref: "SwarmCommon.yaml#/components/parameters/GasLimitParameter" + responses: + "200": + $ref: "SwarmCommon.yaml#/components/schemas/StakeDepositResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + + "/stake": + get: + summary: Get the staked amount. + description: This endpoint fetches the staked amount from the blockchain. + tags: + - Staking + responses: + "200": + $ref: "SwarmCommon.yaml#/components/schemas/GetStakeResponse" + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + delete: + summary: Withdraw all staked amount. + description: Be aware, this endpoint creates an on-chain transactions and transfers BZZ from the node's Ethereum account and hence directly manipulates the wallet balance. + tags: + - Staking + parameters: + - $ref: "SwarmCommon.yaml#/components/parameters/GasPriceParameter" + - $ref: "SwarmCommon.yaml#/components/parameters/GasLimitParameter" + responses: + "200": + $ref: "SwarmCommon.yaml#/components/schemas/WithdrawAllStakeResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + "500": + $ref: "SwarmCommon.yaml#/components/responses/500" + default: + description: Default response + + "/loggers": + get: + summary: Get all available loggers. + tags: + - Logging + responses: + "200": + description: Returns an array of all available loggers, also represented in short form in a tree. + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/LoggerResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + default: + description: Default response + + "/loggers/{exp}": + get: + summary: Get all available loggers that match the specified expression. + parameters: + - in: path + name: exp + schema: + $ref: "SwarmCommon.yaml#/components/schemas/LoggerExp" + required: true + description: Regular expression or a subsystem that matches the logger(s). + tags: + - Logging + responses: + "200": + description: Returns an array of all available loggers that matches given expression, also represented in short form in a tree. + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/LoggerResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + default: + description: Default response + put: + summary: Set logger(s) verbosity level. + parameters: + - in: path + name: exp + schema: + $ref: "SwarmCommon.yaml#/components/schemas/LoggerExp" + required: true + description: Regular expression or a subsystem that matches the logger(s). + tags: + - Logging + responses: + "200": + description: The verbosity was changed successfully. + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + default: + description: Default response + + "/status": + get: + summary: Get the current status snapshot of this node. + tags: + - Node Status + responses: + "200": + description: Returns the current node status snapshot. + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/StatusSnapshotResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + default: + description: Default response. + + "/status/peers": + get: + summary: Get the current status snapshot of this node connected peers. + tags: + - Node Status + responses: + "200": + description: Returns the status snapshot of this node connected peers + content: + application/json: + schema: + $ref: "SwarmCommon.yaml#/components/schemas/StatusResponse" + "400": + $ref: "SwarmCommon.yaml#/components/responses/400" + default: + description: Default response. + components: securitySchemes: basicAuth: diff --git a/openapi/SwarmCommon.yaml b/openapi/SwarmCommon.yaml index 21ede2e5400..84d690fc64f 100644 --- a/openapi/SwarmCommon.yaml +++ b/openapi/SwarmCommon.yaml @@ -956,6 +956,11 @@ components: signer: type: string + WalletTxResponse: + type: object + properties: + transactionHash: + $ref: "#/components/schemas/TransactionHash" headers: SwarmTag: description: "Tag UID" diff --git a/openapi/SwarmDebug.yaml b/openapi/SwarmDebug.yaml index 516fba3399d..e2091171729 100644 --- a/openapi/SwarmDebug.yaml +++ b/openapi/SwarmDebug.yaml @@ -699,23 +699,23 @@ paths: name: amount required: true schema: - $ref: "#/components/schemas/BigInt" + $ref: "SwarmCommon.yaml#/components/schemas/BigInt" - in: query name: address required: true schema: - $ref: "#/components/schemas/EthereumAddress" + $ref: "SwarmCommon.yaml#/components/schemas/EthereumAddress" - in: path name: coin required: true schema: - $ref: "#/components/schemas/SwarmAddress" + $ref: "SwarmCommon.yaml#/components/schemas/SwarmAddress" responses: "200": content: application/json: schema: - $ref: '#/components/schemas/WalletTxResponse' + $ref: 'SwarmCommon.yaml#/components/schemas/WalletTxResponse' description: OK "400": $ref: "SwarmCommon.yaml#/components/responses/400" @@ -1168,11 +1168,3 @@ paths: $ref: "SwarmCommon.yaml#/components/responses/400" default: description: Default response. - -components: - schemas: - WalletTxResponse: - type: object - properties: - transactionHash: - $ref: "#/components/schemas/TransactionHash" diff --git a/pkg/api/api_test.go b/pkg/api/api_test.go index 164709b7ca9..6a96812a908 100644 --- a/pkg/api/api_test.go +++ b/pkg/api/api_test.go @@ -235,10 +235,9 @@ func newTestServer(t *testing.T, o testServerOptions) (*http.Client, *websocket. WsPingPeriod: o.WsPingPeriod, Restricted: o.Restricted, }, extraOpts, 1, erc20) - if o.DebugAPI { s.MountTechnicalDebug() - s.MountDebug(false) + s.MountDebug() } else { s.MountAPI() } diff --git a/pkg/api/router.go b/pkg/api/router.go index 18c2bfb9a46..c0c6d02782c 100644 --- a/pkg/api/router.go +++ b/pkg/api/router.go @@ -42,8 +42,8 @@ func (s *Service) MountTechnicalDebug() { ) } -func (s *Service) MountDebug(restricted bool) { - s.mountBusinessDebug(restricted) +func (s *Service) MountDebug() { + s.mountBusinessDebug() s.Handler = web.ChainHandlers( httpaccess.NewHTTPAccessLogHandler(s.logger, s.tracer, "debug api access"), @@ -141,8 +141,12 @@ func (s *Service) mountTechnicalDebug() { s.router.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile)) s.router.Handle("/debug/pprof/symbol", http.HandlerFunc(pprof.Symbol)) s.router.Handle("/debug/pprof/trace", http.HandlerFunc(pprof.Trace)) - s.router.PathPrefix("/debug/pprof/").Handler(http.HandlerFunc(pprof.Index)) + pprofRootHandlerF := pprof.Index + if s.Restricted { + pprofRootHandlerF = web.ChainHandlers(auth.PermissionCheckHandler(s.auth), web.FinalHandler(http.HandlerFunc(pprof.Index))).ServeHTTP + } + s.router.PathPrefix("/debug/pprof/").Handler(http.HandlerFunc(pprofRootHandlerF)) s.router.Handle("/debug/vars", expvar.Handler()) s.router.Handle("/loggers", jsonhttp.MethodHandler{ @@ -364,9 +368,10 @@ func (s *Service) mountAPI() { } } -func (s *Service) mountBusinessDebug(restricted bool) { +func (s *Service) mountBusinessDebug() { handle := func(path string, handler http.Handler) { - if restricted { + s.logger.Warning("DEPRECATION NOTICE: This endpoint is now part of the main Bee API. The Debug API will be removed in the next release, version [2.2.0]. Update your integrations to use the main Bee API to avoid service disruptions.") + if s.Restricted { handler = web.ChainHandlers(auth.PermissionCheckHandler(s.auth), web.FinalHandler(handler)) } s.router.Handle(path, handler) diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index ee3b8a65290..a5aaec89dd2 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -308,6 +308,16 @@ func applyPolicies(e *casbin.Enforcer) error { {"maintainer", "/redistributionstate", "GET"}, {"maintainer", "/debugstore", "GET"}, {"consumer", "/rchash", "GET"}, + {"maintainer", "/debug/*", "GET"}, + {"maintainer", "/metrics", "GET"}, + {"maintainer", "/node", "GET"}, + {"maintainer", "/loggers", "GET"}, + {"maintainer", "/loggers/*", "(GET)|(PUT)"}, + {"maintainer", "/status", "GET"}, + {"maintainer", "/status/peers", "GET"}, + {"maintainer", "/rcash/*", "GET"}, + {"maintainer", "/batches", "GET"}, + {"maintainer", "/timesettlements", "GET"}, }) if err != nil { diff --git a/pkg/node/devnode.go b/pkg/node/devnode.go index b45715bd152..1b090654295 100644 --- a/pkg/node/devnode.go +++ b/pkg/node/devnode.go @@ -405,19 +405,18 @@ func NewDevBee(logger log.Logger, o *DevOptions) (b *DevBee, err error) { WsPingPeriod: 60 * time.Second, Restricted: o.Restricted, }, debugOpts, 1, erc20) + apiService.MountTechnicalDebug() apiService.MountAPI() apiService.SetProbe(probe) - if o.Restricted { - apiService.SetP2P(p2ps) - apiService.SetSwarmAddress(&swarmAddress) - apiService.MountDebug(true) - } + apiService.SetP2P(p2ps) + apiService.SetSwarmAddress(&swarmAddress) + apiService.MountDebug() if o.DebugAPIAddr != "" { debugApiService.SetP2P(p2ps) debugApiService.SetSwarmAddress(&swarmAddress) - debugApiService.MountDebug(false) + debugApiService.MountDebug() debugApiService.Configure(signer, authenticator, tracer, api.Options{ CORSAllowedOrigins: o.CORSAllowedOrigins, diff --git a/pkg/node/node.go b/pkg/node/node.go index 2996b8d77d5..60046ebd678 100644 --- a/pkg/node/node.go +++ b/pkg/node/node.go @@ -62,7 +62,7 @@ import ( "github.com/ethersphere/bee/v2/pkg/storageincentives" "github.com/ethersphere/bee/v2/pkg/storageincentives/redistribution" "github.com/ethersphere/bee/v2/pkg/storageincentives/staking" - storer "github.com/ethersphere/bee/v2/pkg/storer" + "github.com/ethersphere/bee/v2/pkg/storer" "github.com/ethersphere/bee/v2/pkg/swarm" "github.com/ethersphere/bee/v2/pkg/topology" "github.com/ethersphere/bee/v2/pkg/topology/kademlia" @@ -402,6 +402,7 @@ func NewBee( } b.stamperStoreCloser = stamperStore + var apiService *api.Service var debugService *api.Service if o.DebugAPIAddr != "" { @@ -433,6 +434,7 @@ func NewBee( o.CORSAllowedOrigins, stamperStore, ) + debugService.Restricted = o.Restricted debugService.MountTechnicalDebug() debugService.SetProbe(probe) @@ -455,9 +457,19 @@ func NewBee( b.debugAPIServer = debugAPIServer } - var apiService *api.Service + if o.APIAddr != "" { + if o.MutexProfile { + _ = runtime.SetMutexProfileFraction(1) + } + if o.BlockProfile { + runtime.SetBlockProfileRate(1) + } + + apiListener, err := net.Listen("tcp", o.APIAddr) + if err != nil { + return nil, fmt.Errorf("api listener: %w", err) + } - if o.Restricted { apiService = api.New( *publicKey, pssPrivateKey.PublicKey, @@ -473,6 +485,7 @@ func NewBee( o.CORSAllowedOrigins, stamperStore, ) + apiService.Restricted = o.Restricted apiService.MountTechnicalDebug() apiService.SetProbe(probe) @@ -483,11 +496,6 @@ func NewBee( ErrorLog: stdlog.New(b.errorLogWriter, "", 0), } - apiListener, err := net.Listen("tcp", o.APIAddr) - if err != nil { - return nil, fmt.Errorf("api listener: %w", err) - } - go func() { logger.Info("starting debug & api server", "address", apiListener.Addr()) @@ -558,8 +566,6 @@ func NewBee( ) } - apiService.SetSwarmAddress(&swarmAddress) - lightNodes := lightnode.NewContainer(swarmAddress) bootnodes := make([]ma.Multiaddr, 0, len(o.Bootnodes)) @@ -635,6 +641,8 @@ func NewBee( if debugService != nil { registry = debugService.MetricsRegistry() + } else if apiService != nil { + registry = apiService.MetricsRegistry() } p2ps, err := libp2p.New(ctx, signer, networkID, swarmAddress, addr, addressbook, stateStore, lightNodes, logger, tracer, libp2p.Options{ @@ -1096,10 +1104,49 @@ func NewBee( } if o.APIAddr != "" { - if apiService == nil { - apiService = api.New(*publicKey, pssPrivateKey.PublicKey, overlayEthAddress, o.WhitelistedWithdrawalAddress, logger, transactionService, batchStore, beeNodeMode, o.ChequebookEnable, o.SwapEnable, chainBackend, o.CORSAllowedOrigins, stamperStore) - apiService.SetProbe(probe) - apiService.SetRedistributionAgent(agent) + // register metrics from components + apiService.MustRegisterMetrics(p2ps.Metrics()...) + apiService.MustRegisterMetrics(pingPong.Metrics()...) + apiService.MustRegisterMetrics(acc.Metrics()...) + apiService.MustRegisterMetrics(localStore.Metrics()...) + apiService.MustRegisterMetrics(kad.Metrics()...) + apiService.MustRegisterMetrics(saludService.Metrics()...) + apiService.MustRegisterMetrics(stateStoreMetrics.Metrics()...) + + if pullerService != nil { + apiService.MustRegisterMetrics(pullerService.Metrics()...) + } + + if agent != nil { + apiService.MustRegisterMetrics(agent.Metrics()...) + } + + apiService.MustRegisterMetrics(pushSyncProtocol.Metrics()...) + apiService.MustRegisterMetrics(pusherService.Metrics()...) + apiService.MustRegisterMetrics(pullSyncProtocol.Metrics()...) + apiService.MustRegisterMetrics(retrieval.Metrics()...) + apiService.MustRegisterMetrics(lightNodes.Metrics()...) + apiService.MustRegisterMetrics(hive.Metrics()...) + + if bs, ok := batchStore.(metrics.Collector); ok { + apiService.MustRegisterMetrics(bs.Metrics()...) + } + if ls, ok := eventListener.(metrics.Collector); ok { + apiService.MustRegisterMetrics(ls.Metrics()...) + } + if pssServiceMetrics, ok := pssService.(metrics.Collector); ok { + apiService.MustRegisterMetrics(pssServiceMetrics.Metrics()...) + } + if swapBackendMetrics, ok := chainBackend.(metrics.Collector); ok { + apiService.MustRegisterMetrics(swapBackendMetrics.Metrics()...) + } + + if l, ok := logger.(metrics.Collector); ok { + apiService.MustRegisterMetrics(l.Metrics()...) + } + apiService.MustRegisterMetrics(pseudosettleService.Metrics()...) + if swapService != nil { + apiService.MustRegisterMetrics(swapService.Metrics()...) } apiService.Configure(signer, authenticator, tracer, api.Options{ @@ -1109,34 +1156,11 @@ func NewBee( }, extraOpts, chainID, erc20Service) apiService.MountAPI() + apiService.MountDebug() - if !o.Restricted { - apiServer := &http.Server{ - IdleTimeout: 30 * time.Second, - ReadHeaderTimeout: 3 * time.Second, - Handler: apiService, - ErrorLog: stdlog.New(b.errorLogWriter, "", 0), - } - - apiListener, err := net.Listen("tcp", o.APIAddr) - if err != nil { - return nil, fmt.Errorf("api listener: %w", err) - } - - go func() { - logger.Info("starting api server", "address", apiListener.Addr()) - if err := apiServer.Serve(apiListener); err != nil && !errors.Is(err, http.ErrServerClosed) { - logger.Debug("api server failed to start", "error", err) - logger.Error(nil, "api server failed to start") - } - }() - - b.apiServer = apiServer - b.apiCloser = apiService - } else { - // in Restricted mode we mount debug endpoints - apiService.MountDebug(o.Restricted) - } + debugService.SetP2P(p2ps) + debugService.SetSwarmAddress(&swarmAddress) + debugService.SetRedistributionAgent(agent) } if o.DebugAPIAddr != "" { @@ -1195,7 +1219,7 @@ func NewBee( debugService.SetP2P(p2ps) debugService.SetSwarmAddress(&swarmAddress) - debugService.MountDebug(false) + debugService.MountDebug() debugService.SetRedistributionAgent(agent) }