d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c1fe6ec6e3a7b22d8d7f9f089ca0104f907da218
explorer-monorepo/scripts/verify-rpc-permissions.sh

116 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Verify RPC Node Account Permissioning Configuration
# Checks if account permissioning is enabled and if deployer is whitelisted
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "$PROJECT_ROOT/.env" 2>/dev/null || source "$PROJECT_ROOT/../.env" 2>/dev/null || true
RPC_URL="${RPC_URL_138:-http://192.168.11.250:8545}"
DEPLOYER=$(cast wallet address "$PRIVATE_KEY" 2>/dev/null || echo "")
if [ -z "$DEPLOYER" ]; then
echo "Error: PRIVATE_KEY not set or invalid"
exit 1
fi
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ RPC NODE ACCOUNT PERMISSIONING CHECK ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
echo "RPC Endpoint: $RPC_URL"
echo "Deployer: $DEPLOYER"
echo ""
# Check if we can query the RPC
echo "=== RPC Connectivity ==="
BLOCK=$(cast block-number --rpc-url "$RPC_URL" 2>/dev/null || echo "")
if [ -z "$BLOCK" ]; then
echo "❌ Cannot connect to RPC endpoint"
exit 1
fi
echo "✅ RPC is accessible (Block: $BLOCK)"
echo ""
# Check configuration files
echo "=== Configuration Files ==="
CONFIG_DIRS=(
"$PROJECT_ROOT/../smom-dbis-138/config"
"$PROJECT_ROOT/../smom-dbis-138-proxmox/config"
)
PERM_ACCOUNTS_FILE=""
for dir in "${CONFIG_DIRS[@]}"; do
if [ -f "$dir/permissions-accounts.toml" ]; then
PERM_ACCOUNTS_FILE="$dir/permissions-accounts.toml"
break
fi
done
if [ -n "$PERM_ACCOUNTS_FILE" ]; then
echo "Found: $PERM_ACCOUNTS_FILE"
echo ""
echo "Contents:"
cat "$PERM_ACCOUNTS_FILE"
echo ""
# Check if allowlist is empty
if grep -q "accounts-allowlist=\[\]" "$PERM_ACCOUNTS_FILE" || grep -q "^accounts-allowlist=\[$" "$PERM_ACCOUNTS_FILE"; then
echo "✅ Allowlist is EMPTY - All accounts are allowed"
else
# Check if deployer is in allowlist
if grep -qi "$DEPLOYER" "$PERM_ACCOUNTS_FILE"; then
echo "✅ Deployer is in allowlist"
else
echo "⚠️ Deployer is NOT in allowlist"
echo " Add deployer address to allowlist:"
echo " $DEPLOYER"
fi
fi
else
echo "⚠️ permissions-accounts.toml not found in standard locations"
fi
echo ""
# Check RPC node config files
echo "=== RPC Node Configuration ==="
RPC_CONFIG_FILES=(
"$PROJECT_ROOT/../smom-dbis-138/config/config-rpc-core.toml"
"$PROJECT_ROOT/../smom-dbis-138/config/config-rpc-perm.toml"
"$PROJECT_ROOT/../smom-dbis-138/config/config-rpc-public.toml"
)
for config_file in "${RPC_CONFIG_FILES[@]}"; do
if [ -f "$config_file" ]; then
echo "Checking: $(basename "$config_file")"
if grep -q "permissions-accounts-config-file-enabled=true" "$config_file"; then
echo " ⚠️ Account permissioning is ENABLED"
PERM_FILE=$(grep "permissions-accounts-config-file=" "$config_file" | cut -d'"' -f2 || echo "")
if [ -n "$PERM_FILE" ]; then
echo " Config file: $PERM_FILE"
fi
else
echo " ✅ Account permissioning is DISABLED or not configured"
fi
echo ""
fi
done
echo "=== Recommendations ==="
if [ -n "$PERM_ACCOUNTS_FILE" ] && ! grep -qi "$DEPLOYER" "$PERM_ACCOUNTS_FILE" && ! grep -q "accounts-allowlist=\[\]" "$PERM_ACCOUNTS_FILE"; then
echo "1. Add deployer to account allowlist:"
echo " $DEPLOYER"
echo ""
echo "2. Update permissions-accounts.toml on all RPC nodes"
echo ""
echo "3. Restart RPC nodes after updating configuration"
else
echo "✅ Account permissioning configuration appears correct"
echo " (Allowlist is empty or deployer is whitelisted)"
fi
echo ""
Reference in New Issue View Git Blame Copy Permalink