diff --git a/factom-walletd.go b/factom-walletd.go index eed1233..452dbc1 100644 --- a/factom-walletd.go +++ b/factom-walletd.go @@ -45,6 +45,7 @@ func main() { factomdRpcUser = flag.String("factomduser", "", "Username for API connections to factomd") factomdRpcPassword = flag.String("factomdpassword", "", "Password for API connections to factomd") corsDomains = flag.String("corsdomains", "", "CORS Domains") + whitelist = flag.String("whitelist", "", "If not empty, only whitelisted IPs will be able to connect. Comma separated list of IP addresses. Local addresses will always be able to connect.") factomdLocation = flag.String("s", "", "IPAddr:port# of factomd API to use to access blockchain (default localhost:8088)") walletdLocation = flag.String("selfaddr", "", "comma seperated IPAddresses and DNS names of this factom-walletd to use when creating a cert file") @@ -53,7 +54,6 @@ func main() { ) flag.Parse() - // see if the config file has values which should be used instead of null strings filename := util.ConfigFilename() if *configPath != "" { @@ -61,7 +61,6 @@ func main() { } cfg := util.ReadConfig(filename) - if !*encryptedDB { if cfg.Walletd.WalletEncrypted { fmt.Printf("WalletEncryption enabled in config file at: %s\n", filename) @@ -79,6 +78,17 @@ func main() { } } + if *whitelist != "" { + ips := strings.Split(*whitelist, ",") + for _, ip := range ips { + ip = strings.TrimSpace(ip) + if err := wsapi.WhiteListIP(ip); err != nil { + fmt.Printf("Unable to whitelist \"%s\": %v\n", ip, err) + os.Exit(1) + } + } + } + encryptedPath := util.GetHomeDir() + "/.factom/wallet/factom_wallet_encrypted.db" isEncryptedFirstBoot := false @@ -86,7 +96,6 @@ func main() { walletPath = *wflag } - // Conditions around using the encrypted wallet if *encryptedDB { // Check if regular wallet exists, exit if the wrong wallet exists, assuming an unsafe configuration issue. @@ -240,13 +249,14 @@ func main() { port := *pflag RPCConfig := factom.RPCConfig{ - WalletTLSEnable: *walletTLSflag, - WalletTLSKeyFile: *walletTLSKey, - WalletTLSCertFile: *walletTLSCert, - WalletRPCUser: *walletRpcUser, - WalletRPCPassword: *walletRpcPassword, - WalletServer: *walletdLocation, - WalletCORSDomains: *corsDomains, + WalletTLSEnable: *walletTLSflag, + WalletTLSKeyFile: *walletTLSKey, + WalletTLSCertFile: *walletTLSCert, + WalletRPCUser: *walletRpcUser, + WalletRPCPassword: *walletRpcPassword, + WalletServer: *walletdLocation, + WalletCORSDomains: *corsDomains, + WalletWhiteListEnable: *whitelist != "", } factom.SetFactomdRpcConfig(*factomdRpcUser, *factomdRpcPassword) factom.SetFactomdServer(*factomdLocation)