Merge branch 'master' into food

.github/build.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+export DOCKER_DEFAULT_PLATFORM=linux/amd64
 docker build -t pi-arm32 -f pi-arm32.dockerfile .. && \
     docker run --rm --entrypoint cat pi-arm32 /build/diode_client/diode_linux_amd64.zip > diode_linux_arm.zip && \
     docker build -t pi-arm64 -f pi-arm64.dockerfile .. && \

.github/pi-arm32.dockerfile

@@ -1,4 +1,4 @@
-FROM debian:stretch
+FROM debian:buster
 LABEL crosscompie={pi-arm32}
 
 ENV GOOS=linux
@@ -26,9 +26,9 @@ RUN ln -s `which arm-linux-gnueabihf-strip` /pitools/arm-bcm2708/gcc-linaro-arm-
 
 # install golang
 RUN echo "Build and install golang......"
-ENV GOFILE=go1.15.5.linux-amd64.tar.gz
+ENV GOFILE=go1.20.6.linux-amd64.tar.gz
 RUN wget https://dl.google.com/go/$GOFILE && \
-    [ "9a58494e8da722c3aef248c9227b0e9c528c7318309827780f16220998180a0d" = "$(sha256sum $GOFILE | cut -d ' ' -f1)" ] && \
+    [ "b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb" = "$(sha256sum $GOFILE | cut -d ' ' -f1)" ] && \
     tar -xvf $GOFILE
 RUN mv go /usr/local
 ENV GOROOT "/usr/local/go"

.github/pi-arm64.dockerfile

@@ -1,4 +1,4 @@
-FROM debian:stretch
+FROM debian:buster
 LABEL crosscompie={pi-arm64}
 
 ENV GOOS=linux
@@ -25,9 +25,10 @@ RUN ln -s `which arm-linux-gnueabihf-strip` /pitools/arm-bcm2708/gcc-linaro-arm-
 
 # install golang
 RUN echo "Build and install golang......"
-RUN wget https://dl.google.com/go/go1.15.5.linux-amd64.tar.gz && \
-    [ "9a58494e8da722c3aef248c9227b0e9c528c7318309827780f16220998180a0d" = "$(sha256sum go1.15.5.linux-amd64.tar.gz | cut -d ' ' -f1)" ] && \
-    tar -xvf go1.15.5.linux-amd64.tar.gz
+ENV GOFILE=go1.20.6.linux-amd64.tar.gz
+RUN wget https://dl.google.com/go/$GOFILE && \
+    [ "b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb" = "$(sha256sum $GOFILE | cut -d ' ' -f1)" ] && \
+    tar -xvf $GOFILE
 RUN mv go /usr/local
 ENV GOROOT "/usr/local/go"
 RUN mkdir /go

.github/workflows/ci.yml

@@ -6,8 +6,8 @@ jobs:
     name: "Run tests and build artifacts"
     strategy:
       matrix:
-        os: ["windows-latest", "ubuntu-latest", "macOS-latest"]
-        go: ["1.17.x"]
+        os: ["windows-latest", "ubuntu-20.04", "macos-11"]
+        go: ["1.20.6"]
     runs-on: ${{ matrix.os }}
     steps:
     # Install general deps
@@ -18,22 +18,23 @@ jobs:
 
     # Installing GO
     - if: runner.os == 'Windows'
-      name: "Install Golang on Windows"
+      name: "Install mingw deps"
       uses: msys2/setup-msys2@v2
       with:
-          install: pacman-mirrors pkg-config base-devel mingw-w64-x86_64-toolchain mingw-w64-x86_64-go upx mingw-w64-x86_64-dlfcn git
+          install: pacman-mirrors pkg-config base-devel mingw-w64-x86_64-toolchain upx mingw-w64-x86_64-dlfcn git
           update: false
-    - uses: actions/setup-go@v1
-      name: "Install Golang on Linux/macOS"
-      if: runner.os != 'Windows'
+
+    - uses: actions/setup-go@v3
+      name: "Install Golang on Linux/macOS/Windows"
       with:
         go-version: ${{ matrix.go }}
 
     # Building the app
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
     - if: runner.os == 'Windows'
       shell: msys2 {0}
       run: |
+        cp -r /c/hostedtoolcache/windows/go/1.20.6/x64/* /usr/
         make openssl
         make windows_test
         make dist
@@ -58,12 +59,12 @@ jobs:
         mkdir darwin_package_build
         DIODE_BUILD_DST=darwin_package_build DIODE_BINARY_DIRECTORY=dist sh darwin_package.sh
     - name: Archive production artifacts
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v3
       with:
         name: ${{ env.ZIPNAME }}
         path: dist
     - name: Archive macos package production artifacts
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v3
       if: runner.os == 'macOS'
       with:
         name: ${{ runner.os }}
@@ -74,38 +75,38 @@ jobs:
     name: "Run app"
     strategy:
       matrix:
-        os: ["windows-latest", "ubuntu-latest", "macOS-latest"]
-        go: ["1.14.x"]
+        os: ["windows-latest", "ubuntu-20.04", "macos-11"]
+        go: ["1.20.6"]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - run: echo "ZIPNAME=`./deployment/zipname.sh`" >> $GITHUB_ENV
       shell: bash
     - uses: actions/download-artifact@v2
       with:
         name: ${{ env.ZIPNAME }}
     - run: |
         chmod +x ./diode 
-        ./diode config -list
-        ./diode time
+        ./diode -update=false config -list
+        ./diode -update=false time
       shell: bash
 
   build_linux_arm:
     name: "Run build linux arm artifact"
     runs-on: "ubuntu-latest"
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
     - name: "Compile pi-arm32 & pi-arm64"
       run: |
         cd .github
         bash ./build.sh
     - name: "Archive pi-arm32 artifacts"
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v3
       with:
         name: "diode_linux_arm.zip"
         path: ${{ github.workspace }}/.github/diode_linux_arm.zip
     - name: "Archive pi-arm64 artifacts"
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v3
       with:
         name: "diode_linux_arm64.zip"
         path: ${{ github.workspace }}/.github/diode_linux_arm64.zip

.gitignore

@@ -23,9 +23,10 @@ darwin/build
 /bug_wallet
 /new_wallet*
 /gateway
+/openssl-*
 prof
 *.svg
 client.sh
 server.sh
 wpad.dat
-rpc/testdata/
+rpc/testdata/

.tool-versions

@@ -0,0 +1 @@
+golang 1.20.6

Makefile

@@ -1,6 +1,10 @@
 TESTS= $(shell go list ./... | grep -v -e gowasm_test -e cmd)
 GOPATH= $(shell go env GOPATH)
 GOMODCACHE= $(shell go env GOMODCACHE)
+# go 1.14 patch
+ifeq ($(GOMODCACHE),)
+GOMODCACHE := $(shell go env GOPATH)/pkg/mod
+endif
 COMMIT= $(shell git describe --tags --dirty)
 BUILDTIME= $(shell date +"%d %b %Y")
 GOBUILD=go build -ldflags '-s -r ./ -X "main.version=${COMMIT}${VARIANT}" -X "main.buildTime=${BUILDTIME}"' -tags patch_runtime
@@ -58,27 +62,28 @@ ci_test: runtime
 .PHONY: lint
 lint: runtime
 	go vet ./...
-	GO111MODULE=on go get honnef.co/go/tools/cmd/staticcheck@2020.1.3
+	cd tools && go install honnef.co/go/tools/cmd/staticcheck@latest
 	$(GOPATH)/bin/staticcheck -go 1.14 ./...
 
 # Exclude rules from security check:
 # G104 (CWE-703): Errors unhandled.
 # G108 (CWE-200): Profiling endpoint is automatically exposed on /debug/pprof
 # G110 (CWE-409): Potential DoS vulnerability via decompression bomb.
+# G112: Potential slowloris attack
+# G114: Use of net/http serve function that has no support for setting timeouts
 # G204 (CWE-78): Subprocess launched with variable.
 # G304 (CWE-22): Potential file inclusion via variable.
 # G402 (CWE-295): TLS InsecureSkipVerify set true.
 # G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand).
 .PHONY: seccheck
 seccheck: runtime
-	go vet ./...
-	GO111MODULE=on go get github.com/securego/gosec/v2/cmd/gosec@v2.9.3
-	$(GOPATH)/bin/gosec -exclude=G104,G108,G110,G204,G304,G402,G404 -exclude-dir .history ./...
+	cd tools && go install github.com/securego/gosec/v2/cmd/gosec@latest
+	$(GOPATH)/bin/gosec -exclude=G104,G108,G110,G112,G114,G204,G304,G402,G404 -exclude-dir .history ./...
 
 .PHONY: clean
 clean:
 	-rm $(BINS)
-	go clean -cache ./...
+	go clean -cache
 
 .PHONY: install
 install:

README.md

@@ -22,12 +22,11 @@ Name
 SYNOPSYS
   diode [-allowlists=] [-api=false] [-apiaddr=localho...]
         [-bind=] [-blocklists=] [-blockprofile=] [-blockprofilerate=1]
-        [-configpath=] [-cpuprofile=] [-dbpath=/Users/...] [-debug=false]
-        [-diodeaddrs=] [-e2etimeout=5s] [-fleet=]
-        [-keepalive=true] [-keepaliveinterval=5s] [-logdatetime=false] [-logfilepath=]
-        [-memprofile=] [-metrics=false] [-mutexprofile=] [-mutexprofilerate=1]
-        [-pprofport=0] [-retrytimes=3] [-retrywait=1s] [-rlimit_nofile=0]
-        [-timeout=5s] [-update=true] COMMAND <args>
+        [-bnscachetime=10m0s] [-configpath=] [-cpuprofile=] [-dbpath=/home/t...]
+        [-debug=false] [-diodeaddrs=] [-e2etimeout=15s] [-fleet=]
+        [-logdatetime=false] [-logfilepath=] [-memprofile=] [-metrics=false]
+        [-mutexprofile=] [-mutexprofilerate=1] [-pprofport=0] [-retrytimes=3]
+        [-retrywait=1s] [-rlimit_nofile=0] [-timeout=5s] [-update=true] COMMAND <args>
 
 COMMANDS
   bns          Register/Update name service on diode blockchain.

accounts/abi/argument.go

@@ -239,13 +239,14 @@ func (arguments Arguments) unpackTuple(v interface{}, marshalledValues []interfa
 		}
 	}
 	for i, arg := range nonIndexedArgs {
+		tmp := arg.Type
 		switch kind {
 		case reflect.Struct:
 			field := value.FieldByName(abi2struct[arg.Name])
 			if !field.IsValid() {
 				return fmt.Errorf("abi: field %s can't be found in the given value", arg.Name)
 			}
-			if err := unpack(&arg.Type, field.Addr().Interface(), marshalledValues[i]); err != nil {
+			if err := unpack(&tmp, field.Addr().Interface(), marshalledValues[i]); err != nil {
 				return err
 			}
 		case reflect.Slice, reflect.Array:
@@ -256,7 +257,7 @@ func (arguments Arguments) unpackTuple(v interface{}, marshalledValues []interfa
 			if err := requireAssignable(v, reflect.ValueOf(marshalledValues[i])); err != nil {
 				return err
 			}
-			if err := unpack(&arg.Type, v.Addr().Interface(), marshalledValues[i]); err != nil {
+			if err := unpack(&tmp, v.Addr().Interface(), marshalledValues[i]); err != nil {
 				return err
 			}
 		default:

blockquick/blockheader.go

@@ -6,6 +6,7 @@ package blockquick
 import (
 	"fmt"
 	"log"
+	"math/big"
 
 	"github.com/diodechain/diode_client/crypto"
 	"github.com/diodechain/diode_client/crypto/secp256k1"
@@ -23,11 +24,11 @@ type BlockHeader struct {
 	minerPubkey []byte
 	timestamp   uint64
 	number      uint64
-	nonce       uint64
+	nonce       big.Int
 }
 
 // NewHeader creates a new block header from existing data
-func NewHeader(txHash []byte, stateHash []byte, prevBlock []byte, minerSig []byte, minerPubkey []byte, timestamp uint64, number uint64, nonce uint64) (bh BlockHeader, err error) {
+func NewHeader(txHash []byte, stateHash []byte, prevBlock []byte, minerSig []byte, minerPubkey []byte, timestamp uint64, number uint64, nonce big.Int) (bh BlockHeader, err error) {
 	header := BlockHeader{
 		txHash:      txHash,
 		stateHash:   stateHash,

blockquick/blockheader_test.go

@@ -0,0 +1,47 @@
+// Diode Network Client
+// Copyright 2023 Diode
+// Licensed under the Diode License, Version 1.1
+package blockquick
+
+import (
+	"bytes"
+	"math/big"
+	"testing"
+
+	"github.com/diodechain/diode_client/crypto/secp256k1"
+)
+
+func TestCheckSignature(t *testing.T) {
+	// Create a new block header
+	header := BlockHeader{
+		txHash:      []byte{200, 183, 173, 94, 219, 199, 203, 146, 222, 81, 226, 35, 194, 242, 25, 106, 84, 45, 151, 139, 134, 136, 185, 158, 10, 147, 97, 204, 251, 90, 163, 84},
+		stateHash:   []byte{194, 10, 97, 79, 230, 9, 109, 13, 140, 98, 183, 88, 131, 161, 234, 129, 23, 217, 163, 185, 152, 169, 40, 201, 128, 33, 106, 164, 64, 210, 18, 117},
+		prevBlock:   []byte{0, 0, 39, 225, 2, 205, 90, 142, 203, 98, 195, 69, 19, 213, 225, 75, 37, 95, 220, 249, 148, 16, 117, 192, 187, 192, 254, 68, 82, 172, 151, 35},
+		minerSig:    []byte{0, 151, 29, 1, 22, 133, 215, 29, 173, 153, 188, 19, 243, 24, 254, 211, 246, 212, 253, 133, 116, 69, 102, 108, 209, 217, 190, 222, 15, 4, 91, 222, 199, 35, 24, 137, 45, 75, 22, 30, 123, 7, 111, 231, 12, 37, 180, 192, 30, 182, 166, 139, 165, 41, 22, 231, 88, 171, 122, 85, 9, 102, 17, 59, 155},
+		minerPubkey: []byte{4, 240, 109, 136, 233, 104, 32, 42, 9, 32, 30, 49, 36, 9, 71, 113, 84, 5, 145, 198, 153, 140, 65, 255, 115, 225, 201, 43, 238, 145, 40, 51, 57, 223, 28, 51, 5, 240, 23, 148, 82, 169, 121, 93, 195, 255, 93, 116, 12, 250, 38, 210, 124, 133, 157, 232, 176, 58, 120, 206, 87, 232, 249, 95, 7},
+		timestamp:   1700916441,
+		number:      6406857,
+		nonce:       big.Int{},
+	}
+
+	header.nonce.SetString("3463199413688948191257806122414904513570931607746675394846934843169", 10)
+
+	msgHash, err := header.HashWithoutSig()
+	if err != nil {
+		t.Errorf("hashing error: %s", err)
+	}
+
+	pubkey, err := secp256k1.RecoverPubkey(msgHash, header.minerSig)
+	if err != nil {
+		t.Errorf("recover error: %s", err)
+	}
+
+	if !bytes.Equal(pubkey, header.minerPubkey) {
+		t.Errorf("recovered pubkey and minerPubkey don't match: %v %v", pubkey, header.minerPubkey)
+	}
+
+	// Check if the signature is valid
+	if !header.ValidateSig() {
+		t.Fatal("invalid signature")
+	}
+}

cmd/diode/app.go

@@ -74,9 +74,11 @@ func init() {
 	diodeCmd.Flag.DurationVar(&cfg.RemoteRPCTimeout, "timeout", 5*time.Second, "timeout seconds to connect to the remote rpc server")
 	diodeCmd.Flag.DurationVar(&cfg.RetryWait, "retrywait", 1*time.Second, "wait seconds before next retry")
 	diodeCmd.Flag.Var(&cfg.RemoteRPCAddrs, "diodeaddrs", "addresses of Diode node server (default: asia.prenet.diode.io:41046, europe.prenet.diode.io:41046, usa.prenet.diode.io:41046)")
-	diodeCmd.Flag.Var(&cfg.SBlocklists, "blocklists", "addresses are not allowed to connect to published resource (worked when allowlists is empty)")
-	diodeCmd.Flag.Var(&cfg.SAllowlists, "allowlists", "addresses are allowed to connect to published resource (worked when blocklists is empty)")
+	diodeCmd.Flag.Var(&cfg.SBlockdomains, "blockdomains", "domains (bns names) that are not allowed")
+	diodeCmd.Flag.Var(&cfg.SBlocklists, "blocklists", "addresses are not allowed to connect to published resource (used when allowlists is empty)")
+	diodeCmd.Flag.Var(&cfg.SAllowlists, "allowlists", "addresses are allowed to connect to published resource (used when blocklists is empty)")
 	diodeCmd.Flag.Var(&cfg.SBinds, "bind", "bind a remote port to a local port. -bind <local_port>:<to_address>:<to_port>:(udp|tcp)")
+	diodeCmd.Flag.DurationVar(&cfg.BnsCacheTime, "bnscachetime", 10*time.Minute, "time for bns address resolve cache. (default: 10 minutes)")
 	config.AppConfig = cfg
 	// Add diode commands
 	diodeCmd.AddSubCommand(bnsCmd)
@@ -128,7 +130,15 @@ func prepareDiode() error {
 	} else {
 		remoteRPCAddrs := []string{}
 		for _, RPCAddr := range cfg.RemoteRPCAddrs {
-			if isValidRPCAddress(RPCAddr) && !util.StringsContain(remoteRPCAddrs, RPCAddr) {
+			if !isValidRPCAddress(RPCAddr) {
+				NewRPCAddr := RPCAddr + ":41046"
+				if !isValidRPCAddress(NewRPCAddr) {
+					return fmt.Errorf("invalid RPC address: %s", RPCAddr)
+				}
+				RPCAddr = NewRPCAddr
+			}
+
+			if !util.StringsContain(remoteRPCAddrs, RPCAddr) {
 				remoteRPCAddrs = append(remoteRPCAddrs, RPCAddr)
 			}
 		}
@@ -220,7 +230,6 @@ func (dio *Diode) Init() error {
 		var shouldUpdateDiode bool
 		lastUpdateAtByt, err = db.DB.Get("last_update_at")
 		if err != nil {
-			lastUpdateAt = time.Now()
 			shouldUpdateDiode = true
 		} else {
 			lastUpdateAtInt := util.DecodeBytesToInt(lastUpdateAtByt)

cmd/diode/fetch.go

@@ -101,7 +101,6 @@ func init() {
 	fetchCmd.Flag.BoolVar(&fetchCfg.Verbose, "verbose", false, "Print more information about the connection.")
 }
 
-//
 func fetchHandler() (err error) {
 	err = nil
 	if len(fetchCfg.URL) == 0 {
@@ -137,7 +136,7 @@ func fetchHandler() (err error) {
 	socksCfg := rpc.Config{
 		Addr:            cfg.SocksServerAddr(),
 		FleetAddr:       cfg.FleetAddr,
-		Blocklists:      cfg.Blocklists,
+		Blocklists:      cfg.Blocklists(),
 		Allowlists:      cfg.Allowlists,
 		EnableProxy:     false,
 		ProxyServerAddr: cfg.ProxyServerAddr(),