# Diode Local Client API for Firefox Plugin (Future webext API)/ Diode GUI To browse internet through diodechain network in Firefox, we can start a diode client in local computer, and install diodechain Firefox plugin. In this plugin, you can control local diode client including configuration. This is a api documentation for diode client and diode firefox plugin. ## Security 1. Port sniffing/Malicous provider (CORS Headers) In order to avoid some malicious website to sniff ports, or to do something bad with diode_client, eg: connect to malicious websocket provider in user's browser, it's might be helpful if api server returns CORS headers (should include CORS in websocket server). Browser will block the request if domain is not whitelisted. 2. Update config with malicious diodeaddrs If some bad guy knows how diode server/client works, and he might want to change client diodeaddrs to his own node. In order to prevent client from this issue, it might be good to have authentication in client http api. When user want to update config or do some critical action, they should unlock their account, api server will return 403 if the request is not authenticated. ## Authentication/Authorization Maybe encrypt private with ethereum wallet. Client should decrypt wallet when call put /config api. (Need cookie session) ## Object ### config The config for diode client. ```JS Config { cert string pubKey . string privKey string // should not return to browser host string // always be 127.0.0.1 metrics boolean port integer initialized boolean lvbn integer lvbn2 integer lvbh string } ``` > Host/Port Host must be 127.0.0.1 and user cannot change by config api. Default port is 1080 (user might change in config). ## API ### GET: /config Returns current config of diode client. #### response status: 200 ```JS { success: true, config: { cert: '', pubKey: '0x......', metrics: true, port: 1080, initialized: true, lvbn: 102, lvbn2: 108, lvbh: '0x......' } } ``` #### error response status: 200 ```JS { success: false, error: "config file had been deleted" } { success: false, error: "cannot read config file" } ``` ### PUT: /config Update the current config of diode client, should restart after port is changed. The config are allowed to update: fleet, registry, diodeaddrs, blacklists, whitelists. #### body ```JS Config { fleet: '0x......', } ``` #### response status: 200 ```JS { success: true, config: { cert: '', pubKey: '0x......', port: 1080, initialized: true, lvbn: 102, lvbn2: 108, lvbh: '0x......' } } ``` #### error response status: 200 ```JS { success: false, error: "cannot update config file" } { success: false, error: "the port was not allowed" } ``` ### PUT /unlock Unlock the wallet (private key) in client. #### body ```JS Object { password: '' } ``` ## Maybe ### POST /initialize Initialize the diode client, setup private/cert when user use firefox plugin at first time. #### body ```JS empty body? ``` #### response status: 200 ```JS { success: true, } ``` ### POST /restart Restart the diode client. #### body ```JS empty body? ``` #### response status: 200 ```JS { success: true, } ``` ### POST /update Update client if there is a newer version of client. #### body ```JS empty body? ``` #### response status: 200 ```JS { success: true, } ``` ### GET /metrics Returns current metrics of client, including average rpc time, average read/write time. #### response status: 200 ```JS { success: true, metrics: { TODO...... } } ``` #### error response status: 200 ```JS { success: false, error: "didn't enable metrics in client" } ```