allow full transparent mode

Signed-off-by: p4u <[email protected]>
vocdoni · Aug 1, 2024 · b1e3cf1 · b1e3cf1
1 parent fc307a0
commit b1e3cf1
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 40 deletions.
diff --git a/api/api.go b/api/api.go
@@ -19,6 +19,9 @@ const (
 	passwordSalt  = "vocdoni365"    // salt for password hashing
 )
 
+// FullTransparentMode if true allows signing all transactions and does not modify any of them.
+var FullTransparentMode = false
+
 // API type represents the API HTTP server with JWT authentication capabilities.
 type API struct {
 	Router *chi.Mux

diff --git a/api/transaction.go b/api/transaction.go
@@ -61,49 +61,52 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// check the tx payload
-	switch tx.Payload.(type) {
-	case *models.Tx_SetAccount:
-		// check the account is the same as the user
-		txSetAccount := tx.GetSetAccount()
-		if txSetAccount == nil || txSetAccount.Account == nil || txSetAccount.InfoURI == nil {
-			ErrInvalidTxFormat.With("missing fields").Write(w)
-			return
-		}
-		if !bytes.Equal(txSetAccount.GetAccount(), organizationSigner.Address().Bytes()) {
-			ErrUnauthorized.With("invalid account").Write(w)
-			return
-		}
-		log.Infow("signing SetAccount transaction", "user", userID, "type", txSetAccount.Txtype.String())
+	if !FullTransparentMode {
+		switch tx.Payload.(type) {
+		case *models.Tx_SetAccount:
+			// check the account is the same as the user
+			txSetAccount := tx.GetSetAccount()
+			if txSetAccount == nil || txSetAccount.Account == nil || txSetAccount.InfoURI == nil {
+				ErrInvalidTxFormat.With("missing fields").Write(w)
+				return
+			}
+			if !bytes.Equal(txSetAccount.GetAccount(), organizationSigner.Address().Bytes()) {
+				ErrUnauthorized.With("invalid account").Write(w)
+				return
+			}
+			log.Infow("signing SetAccount transaction", "user", userID, "type", txSetAccount.Txtype.String())
 
-		// check the tx subtype
-		switch txSetAccount.Txtype {
-		case models.TxType_CREATE_ACCOUNT:
-			// generate a new faucet package if it's not present and include it in the tx
-			if txSetAccount.FaucetPackage == nil {
-				faucetPkg, err := a.acc.FaucetPackage(organizationSigner.AddressString(), bootStrapFaucetAmount)
-				if err != nil {
-					ErrCouldNotCreateFaucetPackage.WithErr(err).Write(w)
-					return
-				}
-				txSetAccount.FaucetPackage = faucetPkg
-				tx = &models.Tx{
-					Payload: &models.Tx_SetAccount{
-						SetAccount: txSetAccount,
-					},
+			// check the tx subtype
+			switch txSetAccount.Txtype {
+			case models.TxType_CREATE_ACCOUNT:
+				// generate a new faucet package if it's not present and include it in the tx
+				if txSetAccount.FaucetPackage == nil {
+					faucetPkg, err := a.acc.FaucetPackage(organizationSigner.AddressString(), bootStrapFaucetAmount)
+					if err != nil {
+						ErrCouldNotCreateFaucetPackage.WithErr(err).Write(w)
+						return
+					}
+					txSetAccount.FaucetPackage = faucetPkg
+					tx = &models.Tx{
+						Payload: &models.Tx_SetAccount{
+							SetAccount: txSetAccount,
+						},
+					}
 				}
 			}
+		case *models.Tx_SetProcess:
+			log.Infow("signing SetProcess transaction", "user", userID)
+		case *models.Tx_CollectFaucet:
+			log.Infow("signing CollectFaucet transaction", "user", userID)
+		case *models.Tx_NewProcess:
+			log.Infow("signing NewProcess transaction", "user", userID)
+		default:
+			log.Warnw("transaction type not allowed", "user", userID, "type", fmt.Sprintf("%T", tx.Payload))
+			ErrTxTypeNotAllowed.Write(w)
+			return
 		}
-
-	case *models.Tx_SetProcess:
-		log.Infow("signing SetProcess transaction", "user", userID)
-	case *models.Tx_CollectFaucet:
-		log.Infow("signing CollectFaucet transaction", "user", userID)
-	case *models.Tx_NewProcess:
-		log.Infow("signing NewProcess transaction", "user", userID)
-	default:
-		log.Warnw("transaction type not allowed", "user", userID, "type", fmt.Sprintf("%T", tx.Payload))
-		ErrTxTypeNotAllowed.Write(w)
-		return
+	} else {
+		log.Infow("signing transaction in full transparent mode", "user", userID, "type", fmt.Sprintf("%T", tx.Payload))
 	}
 
 	// sign the tx

diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/vocdoni/saas-backend
 go 1.22.5
 
 require (
+	github.com/ethereum/go-ethereum v1.14.0
 	github.com/go-chi/chi/v5 v5.1.0
 	github.com/go-chi/cors v1.2.1
 	github.com/go-chi/jwtauth/v5 v5.3.1
@@ -67,7 +68,6 @@ require (
 	github.com/elastic/gosigar v0.14.2 // indirect
 	github.com/elgris/jsondiff v0.0.0-20160530203242-765b5c24c302 // indirect
 	github.com/ethereum/c-kzg-4844 v1.0.0 // indirect
-	github.com/ethereum/go-ethereum v1.14.0 // indirect
 	github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/flynn/noise v1.1.0 // indirect

diff --git a/main.go b/main.go
@@ -21,6 +21,7 @@ func main() {
 	flag.IntP("port", "p", 8080, "listen port")
 	flag.StringP("secret", "s", "", "API secret")
 	flag.StringP("privateKey", "k", "", "private key for the Vocdoni account")
+	flag.BoolP("fullTransparentMode", "a", false, "allow all transactions and do not modify any of them")
 	// parse flags
 	flag.Parse()
 
@@ -36,6 +37,7 @@ func main() {
 	apiEndpoint := viper.GetString("vocdoniApi")
 	secret := viper.GetString("secret")
 	privKey := viper.GetString("privateKey")
+	api.FullTransparentMode = viper.GetBool("fullTransparentMode")
 
 	if secret == "" || privKey == "" {
 		log.Fatal("secret and privateKey are required")