#!/usr/bin/env bash # Verify RPC Node Account Permissioning Configuration # Checks if account permissioning is enabled and if deployer is whitelisted set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" source "$PROJECT_ROOT/.env" 2>/dev/null || source "$PROJECT_ROOT/../.env" 2>/dev/null || true RPC_URL="${RPC_URL_138:-http://192.168.11.250:8545}" DEPLOYER=$(cast wallet address "$PRIVATE_KEY" 2>/dev/null || echo "") if [ -z "$DEPLOYER" ]; then echo "Error: PRIVATE_KEY not set or invalid" exit 1 fi echo "╔══════════════════════════════════════════════════════════════╗" echo "║ RPC NODE ACCOUNT PERMISSIONING CHECK ║" echo "╚══════════════════════════════════════════════════════════════╝" echo "" echo "RPC Endpoint: $RPC_URL" echo "Deployer: $DEPLOYER" echo "" # Check if we can query the RPC echo "=== RPC Connectivity ===" BLOCK=$(cast block-number --rpc-url "$RPC_URL" 2>/dev/null || echo "") if [ -z "$BLOCK" ]; then echo "❌ Cannot connect to RPC endpoint" exit 1 fi echo "✅ RPC is accessible (Block: $BLOCK)" echo "" # Check configuration files echo "=== Configuration Files ===" CONFIG_DIRS=( "$PROJECT_ROOT/../smom-dbis-138/config" "$PROJECT_ROOT/../smom-dbis-138-proxmox/config" ) PERM_ACCOUNTS_FILE="" for dir in "${CONFIG_DIRS[@]}"; do if [ -f "$dir/permissions-accounts.toml" ]; then PERM_ACCOUNTS_FILE="$dir/permissions-accounts.toml" break fi done if [ -n "$PERM_ACCOUNTS_FILE" ]; then echo "Found: $PERM_ACCOUNTS_FILE" echo "" echo "Contents:" cat "$PERM_ACCOUNTS_FILE" echo "" # Check if allowlist is empty if grep -q "accounts-allowlist=\[\]" "$PERM_ACCOUNTS_FILE" || grep -q "^accounts-allowlist=\[$" "$PERM_ACCOUNTS_FILE"; then echo "✅ Allowlist is EMPTY - All accounts are allowed" else # Check if deployer is in allowlist if grep -qi "$DEPLOYER" "$PERM_ACCOUNTS_FILE"; then echo "✅ Deployer is in allowlist" else echo "⚠️ Deployer is NOT in allowlist" echo " Add deployer address to allowlist:" echo " $DEPLOYER" fi fi else echo "⚠️ permissions-accounts.toml not found in standard locations" fi echo "" # Check RPC node config files echo "=== RPC Node Configuration ===" RPC_CONFIG_FILES=( "$PROJECT_ROOT/../smom-dbis-138/config/config-rpc-core.toml" "$PROJECT_ROOT/../smom-dbis-138/config/config-rpc-perm.toml" "$PROJECT_ROOT/../smom-dbis-138/config/config-rpc-public.toml" ) for config_file in "${RPC_CONFIG_FILES[@]}"; do if [ -f "$config_file" ]; then echo "Checking: $(basename "$config_file")" if grep -q "permissions-accounts-config-file-enabled=true" "$config_file"; then echo " ⚠️ Account permissioning is ENABLED" PERM_FILE=$(grep "permissions-accounts-config-file=" "$config_file" | cut -d'"' -f2 || echo "") if [ -n "$PERM_FILE" ]; then echo " Config file: $PERM_FILE" fi else echo " ✅ Account permissioning is DISABLED or not configured" fi echo "" fi done echo "=== Recommendations ===" if [ -n "$PERM_ACCOUNTS_FILE" ] && ! grep -qi "$DEPLOYER" "$PERM_ACCOUNTS_FILE" && ! grep -q "accounts-allowlist=\[\]" "$PERM_ACCOUNTS_FILE"; then echo "1. Add deployer to account allowlist:" echo " $DEPLOYER" echo "" echo "2. Update permissions-accounts.toml on all RPC nodes" echo "" echo "3. Restart RPC nodes after updating configuration" else echo "✅ Account permissioning configuration appears correct" echo " (Allowlist is empty or deployer is whitelisted)" fi echo ""