13 Commits

Author SHA1 Message Date
Quentin Le Sceller 0259ed23ea Update copyright year to 2021 (#3592)
* Update copyright year to 2021
2021-03-10 10:14:48 -05:00
jaspervdm 6bca34c6a8 Update hyper/tokio/futures dependencies (#3214)
* Update hyper, tokio, futures versions

* Update stratum server

* Update API

* Update webhooks
2020-02-18 23:45:27 +01:00
Quentin Le Sceller 04a0123752 Less cloning and additional pattern simplifications (#3223)
* API Cleanup

* Chain Cleanup

* Core Cleanup

* Keychain Cleanup

* P2P Cleanup

* Pool Cleanup

* Store Cleanup

* Util Cleanup

* Cleanup clone_from_slice

* Address jasper comments
2020-02-12 19:35:33 +01:00
Quentin Le Sceller 6e5afe496b Update License to 2020 (#3196) 2020-01-20 11:40:58 +00:00
Quentin Le Sceller cdb2d6c72c Node API v2 (#3094)
* Node API v2

* Update gitignore

* Add get_pmmr_indices method

* Add Foreign and Owner API each one with specific secret

* Fix failing tests

* Revert to 'Option<u64>'
2019-12-06 10:57:53 +00:00
Quentin Le Sceller 6be6391225 Change 2018 to 2019 in copyright files (#3072) 2019-10-02 09:40:20 +01:00
Yeastplume 95004a4b96 BasicAuthMiddleware: Add option to ignore authentication for a particular URI (#3037)
* api::BasicAuthMiddleware: Add option to ignore authentication for a particular URI

* rustfmt
2019-09-12 11:35:18 +01:00
hashmap 7fad5b040f Reduce number of unwwaps in api crate (#2681)
* Reduce number of unwwaps in api crate

* Format use section
2019-03-18 19:34:35 +01:00
Quentin Le Sceller ec1713320b Disable authenthication for OPTIONS requests (#2131) 2018-12-11 09:47:10 -08:00
hashmap aedac483f5 Convert to Rust 2018 edition (#2084)
* Convert to Rust 2018 edition

* Update gitignore
2018-12-08 00:59:40 +01:00
hashmap 8ee8043fd9 Use constant-time token verification in API (#1690)
Fixes #1641. The size of the token can be leaked, even if we pad or cut user's input we can't make it indistinguishable form the normal case.
2018-10-09 09:32:53 -04:00
Michalis Kargakis 9e6ef6f237 Conform auth check to rfc2616 (#1607)
According to rfc2616[1], the response from a server to a request with
bad credentials should be a 401 instead of a 403. Grin does not have
the concept of identities so it does not actually recognize a user
request with bad credentials.

[1] https://tools.ietf.org/html/rfc2616#section-10.4.2
2018-09-29 09:28:25 +02:00
Quentin Le Sceller 62fd8f2124 Implement Basic Auth for API and Owner API (#1566)
* Add api_secret

* Add to base64 method

* Add basic auth in API

* Add Basic Auth to owner API

* Add flag to enable disable basic auth

* Add .api_secret file
2018-09-26 22:38:44 +02:00