From b1e3cf153cae4089371a9a67be6290d672565dc8 Mon Sep 17 00:00:00 2001 From: p4u Date: Thu, 1 Aug 2024 17:01:03 +0200 Subject: [PATCH] allow full transparent mode Signed-off-by: p4u --- api/api.go | 3 ++ api/transaction.go | 81 ++++++++++++++++++++++++---------------------- go.mod | 2 +- main.go | 2 ++ 4 files changed, 48 insertions(+), 40 deletions(-) diff --git a/api/api.go b/api/api.go index 1ea6ddd..171a2df 100644 --- a/api/api.go +++ b/api/api.go @@ -19,6 +19,9 @@ const ( passwordSalt = "vocdoni365" // salt for password hashing ) +// FullTransparentMode if true allows signing all transactions and does not modify any of them. +var FullTransparentMode = false + // API type represents the API HTTP server with JWT authentication capabilities. type API struct { Router *chi.Mux diff --git a/api/transaction.go b/api/transaction.go index e1d22be..2db929c 100644 --- a/api/transaction.go +++ b/api/transaction.go @@ -61,49 +61,52 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) { } // check the tx payload - switch tx.Payload.(type) { - case *models.Tx_SetAccount: - // check the account is the same as the user - txSetAccount := tx.GetSetAccount() - if txSetAccount == nil || txSetAccount.Account == nil || txSetAccount.InfoURI == nil { - ErrInvalidTxFormat.With("missing fields").Write(w) - return - } - if !bytes.Equal(txSetAccount.GetAccount(), organizationSigner.Address().Bytes()) { - ErrUnauthorized.With("invalid account").Write(w) - return - } - log.Infow("signing SetAccount transaction", "user", userID, "type", txSetAccount.Txtype.String()) + if !FullTransparentMode { + switch tx.Payload.(type) { + case *models.Tx_SetAccount: + // check the account is the same as the user + txSetAccount := tx.GetSetAccount() + if txSetAccount == nil || txSetAccount.Account == nil || txSetAccount.InfoURI == nil { + ErrInvalidTxFormat.With("missing fields").Write(w) + return + } + if !bytes.Equal(txSetAccount.GetAccount(), organizationSigner.Address().Bytes()) { + ErrUnauthorized.With("invalid account").Write(w) + return + } + log.Infow("signing SetAccount transaction", "user", userID, "type", txSetAccount.Txtype.String()) - // check the tx subtype - switch txSetAccount.Txtype { - case models.TxType_CREATE_ACCOUNT: - // generate a new faucet package if it's not present and include it in the tx - if txSetAccount.FaucetPackage == nil { - faucetPkg, err := a.acc.FaucetPackage(organizationSigner.AddressString(), bootStrapFaucetAmount) - if err != nil { - ErrCouldNotCreateFaucetPackage.WithErr(err).Write(w) - return - } - txSetAccount.FaucetPackage = faucetPkg - tx = &models.Tx{ - Payload: &models.Tx_SetAccount{ - SetAccount: txSetAccount, - }, + // check the tx subtype + switch txSetAccount.Txtype { + case models.TxType_CREATE_ACCOUNT: + // generate a new faucet package if it's not present and include it in the tx + if txSetAccount.FaucetPackage == nil { + faucetPkg, err := a.acc.FaucetPackage(organizationSigner.AddressString(), bootStrapFaucetAmount) + if err != nil { + ErrCouldNotCreateFaucetPackage.WithErr(err).Write(w) + return + } + txSetAccount.FaucetPackage = faucetPkg + tx = &models.Tx{ + Payload: &models.Tx_SetAccount{ + SetAccount: txSetAccount, + }, + } } } + case *models.Tx_SetProcess: + log.Infow("signing SetProcess transaction", "user", userID) + case *models.Tx_CollectFaucet: + log.Infow("signing CollectFaucet transaction", "user", userID) + case *models.Tx_NewProcess: + log.Infow("signing NewProcess transaction", "user", userID) + default: + log.Warnw("transaction type not allowed", "user", userID, "type", fmt.Sprintf("%T", tx.Payload)) + ErrTxTypeNotAllowed.Write(w) + return } - - case *models.Tx_SetProcess: - log.Infow("signing SetProcess transaction", "user", userID) - case *models.Tx_CollectFaucet: - log.Infow("signing CollectFaucet transaction", "user", userID) - case *models.Tx_NewProcess: - log.Infow("signing NewProcess transaction", "user", userID) - default: - log.Warnw("transaction type not allowed", "user", userID, "type", fmt.Sprintf("%T", tx.Payload)) - ErrTxTypeNotAllowed.Write(w) - return + } else { + log.Infow("signing transaction in full transparent mode", "user", userID, "type", fmt.Sprintf("%T", tx.Payload)) } // sign the tx diff --git a/go.mod b/go.mod index 5b7f3ea..fe46820 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/vocdoni/saas-backend go 1.22.5 require ( + github.com/ethereum/go-ethereum v1.14.0 github.com/go-chi/chi/v5 v5.1.0 github.com/go-chi/cors v1.2.1 github.com/go-chi/jwtauth/v5 v5.3.1 @@ -67,7 +68,6 @@ require ( github.com/elastic/gosigar v0.14.2 // indirect github.com/elgris/jsondiff v0.0.0-20160530203242-765b5c24c302 // indirect github.com/ethereum/c-kzg-4844 v1.0.0 // indirect - github.com/ethereum/go-ethereum v1.14.0 // indirect github.com/facebookgo/atomicfile v0.0.0-20151019160806-2de1f203e7d5 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/flynn/noise v1.1.0 // indirect diff --git a/main.go b/main.go index b4aa17b..5b64b7b 100644 --- a/main.go +++ b/main.go @@ -21,6 +21,7 @@ func main() { flag.IntP("port", "p", 8080, "listen port") flag.StringP("secret", "s", "", "API secret") flag.StringP("privateKey", "k", "", "private key for the Vocdoni account") + flag.BoolP("fullTransparentMode", "a", false, "allow all transactions and do not modify any of them") // parse flags flag.Parse() @@ -36,6 +37,7 @@ func main() { apiEndpoint := viper.GetString("vocdoniApi") secret := viper.GetString("secret") privKey := viper.GetString("privateKey") + api.FullTransparentMode = viper.GetBool("fullTransparentMode") if secret == "" || privKey == "" { log.Fatal("secret and privateKey are required")