diff --git a/wasmsdk/auth_txn.go b/wasmsdk/auth_txn.go index 5e2357787..cd34f925c 100644 --- a/wasmsdk/auth_txn.go +++ b/wasmsdk/auth_txn.go @@ -42,17 +42,29 @@ func registerZauthServer(serverAddr string) { sys.SetAuthCommon(zcncore.ZauthAuthCommon(serverAddr)) } -// zvaultNewWallet generates new split wallet -func zvaultNewWallet(serverAddr, token string) (string, error) { - return zcncore.CallZvaultNewWalletString(serverAddr, token, "") +func zauthRetrieveKey(clientID, peerPublicKey, serverAddr, token string) (string, error) { + return zcncore.CallZauthRetreiveKey(serverAddr, token, clientID, peerPublicKey) } -// zvaultNewSplit generates new split wallet from existing clientID -func zvaultNewSplit(clientID, serverAddr, token string) (string, error) { - return zcncore.CallZvaultNewWalletString(serverAddr, token, clientID) +// zvaultNewWallet generates new wallet +func zvaultNewWallet(serverAddr, token string) error { + return zcncore.CallZvaultNewWallet(serverAddr, token) } -func zvaultStoreKey(serverAddr, token, privateKey string) (string, error) { +// zvaultNewSplit generates new split key for saved wallet +func zvaultNewSplit(clientID, serverAddr, token string) error { + return zcncore.CallZvaultNewSplit(serverAddr, token, clientID) +} + +func zvaultRetrieveRestrictions(peerPublicKey, serverAddr, token string) (string, error) { + return zcncore.CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey) +} + +func zvaultUpdateRestrictions(clientID, peerPublicKey, serverAddr, token string, restrictions []string) error { + return zcncore.CallZvaultUpdateRestrictions(serverAddr, token, clientID, peerPublicKey, restrictions) +} + +func zvaultStoreKey(serverAddr, token, privateKey string) error { return zcncore.CallZvaultStoreKeyString(serverAddr, token, privateKey) } @@ -92,7 +104,8 @@ func registerAuthCommon(this js.Value, args []js.Value) interface{} { } // authResponse Publishes the response to the authorization request. -// `response` is the response to the authorization request. +// +// `response` is the response to the authorization request. func authResponse(response string) { authResponseC <- response } diff --git a/wasmsdk/proxy.go b/wasmsdk/proxy.go index 555e7125f..226872214 100644 --- a/wasmsdk/proxy.go +++ b/wasmsdk/proxy.go @@ -82,11 +82,7 @@ func main() { return "", fmt.Errorf("failed to sign with split key: %v", err) } - data, err := json.Marshal(struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` - }{ + data, err := json.Marshal(zcncore.AuthMessage{ Hash: hash, Signature: sig, ClientID: client.GetClient().ClientID, @@ -327,9 +323,12 @@ func main() { // zauth "registerZauthServer": registerZauthServer, + "zauthRetrieveKey": zauthRetrieveKey, // zvault "zvaultNewWallet": zvaultNewWallet, "zvaultNewSplit": zvaultNewSplit, + "zvaultRetrieveRestrictions": zvaultRetrieveRestrictions, + "zvaultUpdateRestrictions": zvaultUpdateRestrictions, "zvaultStoreKey": zvaultStoreKey, "zvaultRetrieveKeys": zvaultRetrieveKeys, "zvaultRevokeKey": zvaultRevokeKey, @@ -383,11 +382,7 @@ func main() { return "", fmt.Errorf("failed to sign with split key: %v", err) } - data, err := json.Marshal(struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` - }{ + data, err := json.Marshal(zcncore.AuthMessage{ Hash: hash, Signature: sig, ClientID: client.GetClient().ClientID, diff --git a/zboxapi/sdk.go b/zboxapi/sdk.go index 6fabacf3e..af733d88a 100644 --- a/zboxapi/sdk.go +++ b/zboxapi/sdk.go @@ -113,7 +113,7 @@ func (c *Client) createResty(ctx context.Context, csrfToken, userID string, head h["X-App-Timestamp"] = strconv.FormatInt(time.Now().Unix(), 10) if _, ok := h["X-App-ID-Token"]; !ok { - h["X-App-ID-Token"] = "*" //ignore firebase token in jwt requests + h["X-App-ID-Token"] = "*" } h["X-App-Type"] = c.appType diff --git a/zboxcore/sdk/rollback.go b/zboxcore/sdk/rollback.go index 3a2a8485d..52849ef11 100644 --- a/zboxcore/sdk/rollback.go +++ b/zboxcore/sdk/rollback.go @@ -217,6 +217,7 @@ func (rb *RollbackBlobber) processRollback(ctx context.Context, tx string) error } if strings.Contains(string(respBody), "pending_markers:") { + fmt.Println("=======================\n" , string(respBody), "\n=======================") l.Logger.Info("Commit pending for blobber ", rb.blobber.Baseurl, " Retrying") time.Sleep(5 * time.Second) diff --git a/zcncore/zauth.go b/zcncore/zauth.go index 0ab96d5c0..7e5b97908 100644 --- a/zcncore/zauth.go +++ b/zcncore/zauth.go @@ -12,28 +12,133 @@ import ( "github.com/pkg/errors" ) -// SplitWallet represents wallet info for split wallet -// The client id and client key are the same as the primary wallet client id and client key -type SplitWallet struct { - ClientID string `json:"client_id"` - ClientKey string `json:"client_key"` - PublicKey string `json:"public_key"` - PrivateKey string `json:"private_key"` - PeerPublicKey string `json:"peer_public_key"` - IsRevoked bool `json:"is_revoked"` - ExpiredAt int64 `json:"expired_at"` +// AvailableRestrictions represents supported restrictions mapping. +var AvailableRestrictions = map[string][]string{ + "token_transfers": {"transfer"}, + "allocation_file_operations": { + "read_redeem", + "commit_connection", + }, + "allocation_storage_operations": { + "new_allocation_request", + "update_allocation_request", + "finalize_allocation", + "cancel_allocation", + "add_free_storage_assigner", + "free_allocation_request", + }, + "allocation_token_operations": { + "read_pool_lock", + "read_pool_unlock", + "write_pool_lock", + }, + "storage_rewards": { + "collect_reward", + "stake_pool_lock", + "stake_pool_unlock", + }, + "storage_operations": { + "challenge_response", + "add_validator", + "add_blobber", + "blobber_health_check", + "validator_health_check", + }, + "storage_management": { + "kill_blobber", + "kill_validator", + "shutdown_blobber", + "shutdown_validator", + "update_blobber_settings", + "update_validator_settings", + }, + "miner_operations": { + "add_miner", + "add_sharder", + "miner_health_check", + "sharder_health_check", + "contributeMpk", + "shareSignsOrShares", + "wait", + "sharder_keep", + }, + "miner_management_operations": { + "delete_miner", + "delete_sharder", + "update_miner_settings", + "kill_miner", + "kill_sharder", + }, + "miner_financial_operations": { + "addToDelegatePool", + "deleteFromDelegatePool", + "collect_reward", + }, + "token_bridging": { + "mint", + "burn", + }, + "authorizer_management_operations": { + "delete-authorizer", + }, + "authorizer_operations": { + "add-authorizer", + "authorizer-health-check", + "add-to-delegate-pool", + "delete-from-delegate-pool", + }, } -// CallZauthSetup calls the zauth setup endpoint -func CallZauthSetup(serverAddr string, token string, splitWallet SplitWallet) error { - // Add your code here - endpoint := serverAddr + "/setup" - wData, err := json.Marshal(splitWallet) +type updateRestrictionsRequest struct { + Restrictions []string `json:"restrictions"` +} + +type AuthMessage struct { + Hash string `json:"hash"` + Signature string `json:"signature"` + ClientID string `json:"client_id"` +} + +type AuthResponse struct { + Sig string `json:"sig"` +} + +func CallZauthRetreiveKey(serverAddr, token, clientID, peerPublicKey string) (string, error) { + endpoint := fmt.Sprintf("%s/key/%s", serverAddr, clientID) + + req, err := http.NewRequest("GET", endpoint, nil) if err != nil { - return errors.Wrap(err, "failed to marshal split wallet") + return "", errors.Wrap(err, "failed to create HTTP request") } - req, err := http.NewRequest("POST", endpoint, bytes.NewBuffer(wData)) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return "", errors.Wrap(err, "failed to send HTTP request") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + return "", fmt.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + d, err := io.ReadAll(resp.Body) + if err != nil { + return "", errors.Wrap(err, "failed to read response body") + } + + return string(d), nil +} + +func CallZauthRevoke(serverAddr, token, clientID, peerPublicKey string) error { + endpoint := serverAddr + "/revoke/" + clientID + "?peer_public_key=" + peerPublicKey + + req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") } @@ -57,23 +162,11 @@ func CallZauthSetup(serverAddr string, token string, splitWallet SplitWallet) er return errors.Errorf("code: %d", resp.StatusCode) } - var rsp struct { - Result string `json:"result"` - } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") - } - - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") - } - return nil } -func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { - endpoint := serverAddr + "/revoke/" + clientID - endpoint += "?peer_public_key=" + publicKey +func CallZauthDelete(serverAddr, token, clientID string) error { + endpoint := serverAddr + "/delete/" + clientID req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") @@ -87,8 +180,8 @@ func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { if err != nil { return errors.Wrap(err, "failed to send HTTP request") } - defer resp.Body.Close() + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) if len(errMsg) > 0 { @@ -97,23 +190,42 @@ func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { return errors.Errorf("code: %d", resp.StatusCode) } + return nil +} - var rsp struct { - Result string `json:"result"` +func CallZvaultNewWallet(serverAddr, token string) error { + endpoint := serverAddr + "/wallet" + + req, err := http.NewRequest("POST", endpoint, nil) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") } + defer resp.Body.Close() - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + return errors.Errorf("code: %d", resp.StatusCode) } return nil } -func CallZauthDelete(serverAddr, token, clientID string) error { - endpoint := serverAddr + "/delete/" + clientID +func CallZvaultNewSplit(serverAddr, token, clientID string) error { + endpoint := serverAddr + "/key/" + clientID + req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") @@ -127,8 +239,8 @@ func CallZauthDelete(serverAddr, token, clientID string) error { if err != nil { return errors.Wrap(err, "failed to send HTTP request") } - defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) if len(errMsg) > 0 { @@ -138,37 +250,19 @@ func CallZauthDelete(serverAddr, token, clientID string) error { return errors.Errorf("code: %d", resp.StatusCode) } - var rsp struct { - Result string `json:"result"` - } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") - } - - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") - } - return nil } -func CallZvaultNewWalletString(serverAddr, token, clientID string) (string, error) { - // Add your code here - endpoint := serverAddr + "/generate" - if clientID != "" { - endpoint = endpoint + "/" + clientID - } +func CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey string) (string, error) { + endpoint := serverAddr + "/restrictions" - req, err := http.NewRequest("POST", endpoint, nil) + req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("new wallet endpoint:", endpoint) - fmt.Println("new wallet: serverAddr:", serverAddr) - fmt.Println("new wallet: clientID:", clientID) - req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} @@ -195,8 +289,45 @@ func CallZvaultNewWalletString(serverAddr, token, clientID string) (string, erro return string(d), nil } -func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, error) { - // Add your code here +func CallZvaultUpdateRestrictions(serverAddr, token, clientID, peerPublicKey string, restrictions []string) error { + endpoint := serverAddr + "/restrictions/" + clientID + + data, err := json.Marshal(updateRestrictionsRequest{ + Restrictions: restrictions, + }) + if err != nil { + return errors.Wrap(err, "failed to serialize request") + } + + req, err := http.NewRequest("PUT", endpoint, bytes.NewReader(data)) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + return errors.Errorf("code: %d", resp.StatusCode) + } + + return nil +} + +func CallZvaultStoreKeyString(serverAddr, token, privateKey string) error { endpoint := serverAddr + "/store" reqData := struct { @@ -211,57 +342,43 @@ func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, err err := encoder.Encode(reqData) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } var req *http.Request req, err = http.NewRequest("POST", endpoint, &buff) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /store:", endpoint) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Jwt-Token", token) - - fmt.Println(req) - client := &http.Client{} resp, err := client.Do(req) if err != nil { - fmt.Println(err.Error()) - - return "", errors.Wrap(err, "failed to send HTTP request") + return errors.Wrap(err, "failed to send HTTP request") } + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) if len(errMsg) > 0 { - return "", errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - return "", errors.Errorf("code: %d", resp.StatusCode) - } - - d, err := io.ReadAll(resp.Body) - if err != nil { - return "", errors.Wrap(err, "failed to read response body") + return errors.Errorf("code: %d", resp.StatusCode) } - return string(d), nil + return nil } func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) { - // Add your code here endpoint := fmt.Sprintf("%s/keys/%s", serverAddr, clientID) req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -286,14 +403,13 @@ func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) } func CallZvaultDeletePrimaryKey(serverAddr, token, clientID string) error { - // Add your code here endpoint := serverAddr + "/delete/" + clientID + req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /delete:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -325,7 +441,6 @@ func CallZvaultRevokeKey(serverAddr, token, clientID, publicKey string) error { return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /revoke:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -357,7 +472,6 @@ func CallZvaultRetrieveWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -389,7 +503,6 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -416,7 +529,6 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { // ZauthSignTxn returns a function that sends a txn signing request to the zauth server func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc { return func(msg string) (string, error) { - fmt.Println("zvault sign txn - in sign txn...") req, err := http.NewRequest("POST", serverAddr+"/sign/txn", bytes.NewBuffer([]byte(msg))) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") @@ -452,7 +564,6 @@ func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc { func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc { return func(msg string) (string, error) { - // return func(msg string) (string, error) { req, err := http.NewRequest("POST", serverAddr+"/sign/msg", bytes.NewBuffer([]byte(msg))) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") @@ -486,49 +597,3 @@ func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc { return string(d), nil } } - -type AuthMessage struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` -} - -type AuthResponse struct { - Sig string `json:"sig"` -} - -func ZauthSignMsg(serverAddr string) sys.SignFunc { - return func(hash string, signatureScheme string, keys []sys.KeyPair) (string, error) { - sig, err := SignWithKey(keys[0].PrivateKey, hash) - if err != nil { - return "", err - } - - data, err := json.Marshal(AuthMessage{ - Hash: hash, - Signature: sig, - ClientID: client.GetClient().ClientID, - }) - if err != nil { - return "", err - } - - // fmt.Println("auth - sys.AuthCommon:", sys.AuthCommon) - if sys.AuthCommon == nil { - return "", errors.New("authCommon is not set") - } - - rsp, err := sys.AuthCommon(string(data)) - if err != nil { - return "", err - } - - var ar AuthResponse - err = json.Unmarshal([]byte(rsp), &ar) - if err != nil { - return "", err - } - - return AddSignature(client.GetClientPrivateKey(), ar.Sig, hash) - } -}