IP anonymization implementation

Author: Mariusz Reichert

Cargo.lock

@@ -75,6 +75,8 @@ tracing = { version = "0.1.40", default-features = false, features = ["attribute
 electrum-client = { version = "0.8", optional = true }
 zmq = "0.10.0"
 electrs_macros = { path = "electrs_macros", default-features = false }
+rand = "0.9.0"
+hex = "0.4"
 
 [dev-dependencies]
 bitcoind = { version = "0.36", features = ["25_0"] }

Cargo.toml

@@ -6,9 +6,11 @@ extern crate electrs;
 
 use crossbeam_channel::{self as channel};
 use error_chain::ChainedError;
-use std::process;
+use std::{process, thread};
 use std::sync::{Arc, RwLock};
 use std::time::Duration;
+use rand;
+use hex;
 
 use electrs::{
     config::Config,
@@ -44,7 +46,7 @@ fn fetch_from(config: &Config, store: &Store) -> FetchFrom {
     }
 }
 
-fn run_server(config: Arc<Config>) -> Result<()> {
+fn run_server(config: Arc<Config>, salt_rwlock: Arc<RwLock<String>>) -> Result<()> {
     let (block_hash_notify, block_hash_receive) = channel::bounded(1);
     let signal = Waiter::start(block_hash_receive);
     let metrics = Metrics::new(config.monitoring_addr);
@@ -116,7 +118,12 @@ fn run_server(config: Arc<Config>) -> Result<()> {
 
     // TODO: configuration for which servers to start
     let rest_server = rest::start(Arc::clone(&config), Arc::clone(&query));
-    let electrum_server = ElectrumRPC::start(Arc::clone(&config), Arc::clone(&query), &metrics);
+    let electrum_server = ElectrumRPC::start(
+        Arc::clone(&config),
+        Arc::clone(&query),
+        &metrics,
+        Arc::clone(&salt_rwlock),
+    );
 
     let main_loop_count = metrics.gauge(MetricOpts::new(
         "electrs_main_loop_count",
@@ -151,9 +158,32 @@ fn run_server(config: Arc<Config>) -> Result<()> {
     Ok(())
 }
 
+fn generate_salt() -> String {
+    let random_bytes: [u8; 32] = rand::random();
+    hex::encode(random_bytes)
+}
+
+fn rotate_salt(salt: &mut String) {
+    *salt = generate_salt();
+}
+
 fn main_() {
+    let salt = generate_salt();
+    let salt_rwlock = Arc::new(RwLock::new(salt));
+    let writer_arc = Arc::clone(&salt_rwlock);
+    thread::spawn(move || {
+        loop {
+            thread::sleep(Duration::from_secs(24 * 3600)); // 24 hours
+            {
+                let mut guard = writer_arc.write().unwrap();
+                rotate_salt(&mut *guard);
+                info!("Salt rotated");
+            }
+        }
+    });
+
     let config = Arc::new(Config::from_args());
-    if let Err(e) = run_server(config) {
+    if let Err(e) = run_server(config, Arc::clone(&salt_rwlock)) {
         error!("server failed: {}", e.display_chain());
         process::exit(1);
     }

src/bin/electrs.rs

@@ -421,12 +421,10 @@ impl Config {
             electrum_rpc_addr,
             electrum_txs_limit: value_t_or_exit!(m, "electrum_txs_limit", usize),
             electrum_banner,
-            rpc_logging_modes: m
-                .values_of("rpc_logging_modes")
-                .map(|vals| {
-                    let collected = vals.collect::<Vec<_>>();
-                    RpcLoggingModes::from_values(&collected)
-                }),
+            rpc_logging_modes: m.values_of("rpc_logging_modes").map(|vals| {
+                let collected = vals.collect::<Vec<_>>();
+                RpcLoggingModes::from_values(&collected)
+            }),
             http_addr,
             http_socket_file,
             monitoring_addr,
@@ -471,27 +469,31 @@ impl Config {
 #[derive(Debug, Default, Clone)]
 pub struct RpcLoggingModes {
     pub with_params: bool,
-    pub no_params: bool,
     pub anonymised: bool,
 }
 
 impl RpcLoggingModes {
     pub fn from_values(values: &[&str]) -> Self {
         let mut modes = Self::default();
+        let mut no_params = false;
 
         for v in values {
             match *v {
                 "with-params" => modes.with_params = true,
-                "no-params"   => modes.no_params = true,
-                "anonymised"  => modes.anonymised = true,
+                "no-params"  => no_params = true,
+                "anonymised" => modes.anonymised = true,
                 _ => panic!("Unsupported RPC logging option: {}", v),
             }
         }
 
-        if modes.with_params && modes.no_params {
+        if modes.with_params && no_params {
             panic!("Contradiction: 'with-params' and 'no-params' cannot both be set.");
         }
 
+        if no_params {
+            modes.with_params = false;
+        }
+
         modes
     }