From 4bcafe0bbab956039fcf249d635e869a40991254 Mon Sep 17 00:00:00 2001 From: harsh4723 Date: Fri, 1 Nov 2024 11:37:40 +0530 Subject: [PATCH 1/5] feat: kms logic related to usgae of roles --- wasmsdk/auth_txn.go | 11 +++---- wasmsdk/proxy.go | 12 ++------ zcncore/zauth.go | 73 +++++++++++++++++---------------------------- 3 files changed, 35 insertions(+), 61 deletions(-) diff --git a/wasmsdk/auth_txn.go b/wasmsdk/auth_txn.go index 5e2357787..e9c8d71c0 100644 --- a/wasmsdk/auth_txn.go +++ b/wasmsdk/auth_txn.go @@ -43,13 +43,13 @@ func registerZauthServer(serverAddr string) { } // zvaultNewWallet generates new split wallet -func zvaultNewWallet(serverAddr, token string) (string, error) { - return zcncore.CallZvaultNewWalletString(serverAddr, token, "") +func zvaultNewWallet(serverAddr, token string, roles []string) (string, error) { + return zcncore.CallZvaultNewWalletString(serverAddr, token, "", nil) } // zvaultNewSplit generates new split wallet from existing clientID -func zvaultNewSplit(clientID, serverAddr, token string) (string, error) { - return zcncore.CallZvaultNewWalletString(serverAddr, token, clientID) +func zvaultNewSplit(clientID, serverAddr, token string, roles []string) (string, error) { + return zcncore.CallZvaultNewWalletString(serverAddr, token, clientID, roles) } func zvaultStoreKey(serverAddr, token, privateKey string) (string, error) { @@ -92,7 +92,8 @@ func registerAuthCommon(this js.Value, args []js.Value) interface{} { } // authResponse Publishes the response to the authorization request. -// `response` is the response to the authorization request. +// +// `response` is the response to the authorization request. func authResponse(response string) { authResponseC <- response } diff --git a/wasmsdk/proxy.go b/wasmsdk/proxy.go index 555e7125f..1927d8d04 100644 --- a/wasmsdk/proxy.go +++ b/wasmsdk/proxy.go @@ -82,11 +82,7 @@ func main() { return "", fmt.Errorf("failed to sign with split key: %v", err) } - data, err := json.Marshal(struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` - }{ + data, err := json.Marshal(zcncore.AuthMessage{ Hash: hash, Signature: sig, ClientID: client.GetClient().ClientID, @@ -383,11 +379,7 @@ func main() { return "", fmt.Errorf("failed to sign with split key: %v", err) } - data, err := json.Marshal(struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` - }{ + data, err := json.Marshal(zcncore.AuthMessage{ Hash: hash, Signature: sig, ClientID: client.GetClient().ClientID, diff --git a/zcncore/zauth.go b/zcncore/zauth.go index 0ab96d5c0..fdb240a80 100644 --- a/zcncore/zauth.go +++ b/zcncore/zauth.go @@ -15,13 +15,14 @@ import ( // SplitWallet represents wallet info for split wallet // The client id and client key are the same as the primary wallet client id and client key type SplitWallet struct { - ClientID string `json:"client_id"` - ClientKey string `json:"client_key"` - PublicKey string `json:"public_key"` - PrivateKey string `json:"private_key"` - PeerPublicKey string `json:"peer_public_key"` - IsRevoked bool `json:"is_revoked"` - ExpiredAt int64 `json:"expired_at"` + ClientID string `json:"client_id"` + ClientKey string `json:"client_key"` + PublicKey string `json:"public_key"` + PrivateKey string `json:"private_key"` + PeerPublicKey string `json:"peer_public_key"` + Roles []string `json:"roles"` + IsRevoked bool `json:"is_revoked"` + ExpiredAt int64 `json:"expired_at"` } // CallZauthSetup calls the zauth setup endpoint @@ -152,14 +153,31 @@ func CallZauthDelete(serverAddr, token, clientID string) error { return nil } -func CallZvaultNewWalletString(serverAddr, token, clientID string) (string, error) { +type newWalletRequest struct { + Roles []string `json:"roles"` +} + +func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []string) (string, error) { // Add your code here endpoint := serverAddr + "/generate" if clientID != "" { endpoint = endpoint + "/" + clientID } - req, err := http.NewRequest("POST", endpoint, nil) + var body io.Reader + + if roles != nil { + data, err := json.Marshal(newWalletRequest{ + Roles: roles, + }) + if err != nil { + return "", errors.Wrap(err, "failed to serialize request") + } + + body = bytes.NewReader(data) + } + + req, err := http.NewRequest("POST", endpoint, body) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } @@ -452,7 +470,6 @@ func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc { func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc { return func(msg string) (string, error) { - // return func(msg string) (string, error) { req, err := http.NewRequest("POST", serverAddr+"/sign/msg", bytes.NewBuffer([]byte(msg))) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") @@ -496,39 +513,3 @@ type AuthMessage struct { type AuthResponse struct { Sig string `json:"sig"` } - -func ZauthSignMsg(serverAddr string) sys.SignFunc { - return func(hash string, signatureScheme string, keys []sys.KeyPair) (string, error) { - sig, err := SignWithKey(keys[0].PrivateKey, hash) - if err != nil { - return "", err - } - - data, err := json.Marshal(AuthMessage{ - Hash: hash, - Signature: sig, - ClientID: client.GetClient().ClientID, - }) - if err != nil { - return "", err - } - - // fmt.Println("auth - sys.AuthCommon:", sys.AuthCommon) - if sys.AuthCommon == nil { - return "", errors.New("authCommon is not set") - } - - rsp, err := sys.AuthCommon(string(data)) - if err != nil { - return "", err - } - - var ar AuthResponse - err = json.Unmarshal([]byte(rsp), &ar) - if err != nil { - return "", err - } - - return AddSignature(client.GetClientPrivateKey(), ar.Sig, hash) - } -} From 1d99a2d507f8069c90f13e679fbc5a4c456b9d4e Mon Sep 17 00:00:00 2001 From: harsh4723 Date: Fri, 1 Nov 2024 12:29:06 +0530 Subject: [PATCH 2/5] fix: roles management --- wasmsdk/auth_txn.go | 26 +++- wasmsdk/proxy.go | 3 + zboxapi/sdk.go | 2 +- zcncore/zauth.go | 318 ++++++++++++++++++++++++++++---------------- 4 files changed, 224 insertions(+), 125 deletions(-) diff --git a/wasmsdk/auth_txn.go b/wasmsdk/auth_txn.go index e9c8d71c0..cd34f925c 100644 --- a/wasmsdk/auth_txn.go +++ b/wasmsdk/auth_txn.go @@ -42,17 +42,29 @@ func registerZauthServer(serverAddr string) { sys.SetAuthCommon(zcncore.ZauthAuthCommon(serverAddr)) } -// zvaultNewWallet generates new split wallet -func zvaultNewWallet(serverAddr, token string, roles []string) (string, error) { - return zcncore.CallZvaultNewWalletString(serverAddr, token, "", nil) +func zauthRetrieveKey(clientID, peerPublicKey, serverAddr, token string) (string, error) { + return zcncore.CallZauthRetreiveKey(serverAddr, token, clientID, peerPublicKey) } -// zvaultNewSplit generates new split wallet from existing clientID -func zvaultNewSplit(clientID, serverAddr, token string, roles []string) (string, error) { - return zcncore.CallZvaultNewWalletString(serverAddr, token, clientID, roles) +// zvaultNewWallet generates new wallet +func zvaultNewWallet(serverAddr, token string) error { + return zcncore.CallZvaultNewWallet(serverAddr, token) } -func zvaultStoreKey(serverAddr, token, privateKey string) (string, error) { +// zvaultNewSplit generates new split key for saved wallet +func zvaultNewSplit(clientID, serverAddr, token string) error { + return zcncore.CallZvaultNewSplit(serverAddr, token, clientID) +} + +func zvaultRetrieveRestrictions(peerPublicKey, serverAddr, token string) (string, error) { + return zcncore.CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey) +} + +func zvaultUpdateRestrictions(clientID, peerPublicKey, serverAddr, token string, restrictions []string) error { + return zcncore.CallZvaultUpdateRestrictions(serverAddr, token, clientID, peerPublicKey, restrictions) +} + +func zvaultStoreKey(serverAddr, token, privateKey string) error { return zcncore.CallZvaultStoreKeyString(serverAddr, token, privateKey) } diff --git a/wasmsdk/proxy.go b/wasmsdk/proxy.go index 1927d8d04..226872214 100644 --- a/wasmsdk/proxy.go +++ b/wasmsdk/proxy.go @@ -323,9 +323,12 @@ func main() { // zauth "registerZauthServer": registerZauthServer, + "zauthRetrieveKey": zauthRetrieveKey, // zvault "zvaultNewWallet": zvaultNewWallet, "zvaultNewSplit": zvaultNewSplit, + "zvaultRetrieveRestrictions": zvaultRetrieveRestrictions, + "zvaultUpdateRestrictions": zvaultUpdateRestrictions, "zvaultStoreKey": zvaultStoreKey, "zvaultRetrieveKeys": zvaultRetrieveKeys, "zvaultRevokeKey": zvaultRevokeKey, diff --git a/zboxapi/sdk.go b/zboxapi/sdk.go index 6fabacf3e..af733d88a 100644 --- a/zboxapi/sdk.go +++ b/zboxapi/sdk.go @@ -113,7 +113,7 @@ func (c *Client) createResty(ctx context.Context, csrfToken, userID string, head h["X-App-Timestamp"] = strconv.FormatInt(time.Now().Unix(), 10) if _, ok := h["X-App-ID-Token"]; !ok { - h["X-App-ID-Token"] = "*" //ignore firebase token in jwt requests + h["X-App-ID-Token"] = "*" } h["X-App-Type"] = c.appType diff --git a/zcncore/zauth.go b/zcncore/zauth.go index fdb240a80..7e5b97908 100644 --- a/zcncore/zauth.go +++ b/zcncore/zauth.go @@ -12,69 +12,132 @@ import ( "github.com/pkg/errors" ) -// SplitWallet represents wallet info for split wallet -// The client id and client key are the same as the primary wallet client id and client key -type SplitWallet struct { - ClientID string `json:"client_id"` - ClientKey string `json:"client_key"` - PublicKey string `json:"public_key"` - PrivateKey string `json:"private_key"` - PeerPublicKey string `json:"peer_public_key"` - Roles []string `json:"roles"` - IsRevoked bool `json:"is_revoked"` - ExpiredAt int64 `json:"expired_at"` +// AvailableRestrictions represents supported restrictions mapping. +var AvailableRestrictions = map[string][]string{ + "token_transfers": {"transfer"}, + "allocation_file_operations": { + "read_redeem", + "commit_connection", + }, + "allocation_storage_operations": { + "new_allocation_request", + "update_allocation_request", + "finalize_allocation", + "cancel_allocation", + "add_free_storage_assigner", + "free_allocation_request", + }, + "allocation_token_operations": { + "read_pool_lock", + "read_pool_unlock", + "write_pool_lock", + }, + "storage_rewards": { + "collect_reward", + "stake_pool_lock", + "stake_pool_unlock", + }, + "storage_operations": { + "challenge_response", + "add_validator", + "add_blobber", + "blobber_health_check", + "validator_health_check", + }, + "storage_management": { + "kill_blobber", + "kill_validator", + "shutdown_blobber", + "shutdown_validator", + "update_blobber_settings", + "update_validator_settings", + }, + "miner_operations": { + "add_miner", + "add_sharder", + "miner_health_check", + "sharder_health_check", + "contributeMpk", + "shareSignsOrShares", + "wait", + "sharder_keep", + }, + "miner_management_operations": { + "delete_miner", + "delete_sharder", + "update_miner_settings", + "kill_miner", + "kill_sharder", + }, + "miner_financial_operations": { + "addToDelegatePool", + "deleteFromDelegatePool", + "collect_reward", + }, + "token_bridging": { + "mint", + "burn", + }, + "authorizer_management_operations": { + "delete-authorizer", + }, + "authorizer_operations": { + "add-authorizer", + "authorizer-health-check", + "add-to-delegate-pool", + "delete-from-delegate-pool", + }, } -// CallZauthSetup calls the zauth setup endpoint -func CallZauthSetup(serverAddr string, token string, splitWallet SplitWallet) error { - // Add your code here - endpoint := serverAddr + "/setup" - wData, err := json.Marshal(splitWallet) - if err != nil { - return errors.Wrap(err, "failed to marshal split wallet") - } +type updateRestrictionsRequest struct { + Restrictions []string `json:"restrictions"` +} + +type AuthMessage struct { + Hash string `json:"hash"` + Signature string `json:"signature"` + ClientID string `json:"client_id"` +} - req, err := http.NewRequest("POST", endpoint, bytes.NewBuffer(wData)) +type AuthResponse struct { + Sig string `json:"sig"` +} + +func CallZauthRetreiveKey(serverAddr, token, clientID, peerPublicKey string) (string, error) { + endpoint := fmt.Sprintf("%s/key/%s", serverAddr, clientID) + + req, err := http.NewRequest("GET", endpoint, nil) if err != nil { - return errors.Wrap(err, "failed to create HTTP request") + return "", errors.Wrap(err, "failed to create HTTP request") } req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} resp, err := client.Do(req) if err != nil { - return errors.Wrap(err, "failed to send HTTP request") + return "", errors.Wrap(err, "failed to send HTTP request") } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) - if len(errMsg) > 0 { - return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) - } - - return errors.Errorf("code: %d", resp.StatusCode) - } - - var rsp struct { - Result string `json:"result"` - } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") + return "", fmt.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") + d, err := io.ReadAll(resp.Body) + if err != nil { + return "", errors.Wrap(err, "failed to read response body") } - return nil + return string(d), nil } -func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { - endpoint := serverAddr + "/revoke/" + clientID - endpoint += "?peer_public_key=" + publicKey +func CallZauthRevoke(serverAddr, token, clientID, peerPublicKey string) error { + endpoint := serverAddr + "/revoke/" + clientID + "?peer_public_key=" + peerPublicKey + req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") @@ -99,17 +162,6 @@ func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { return errors.Errorf("code: %d", resp.StatusCode) } - var rsp struct { - Result string `json:"result"` - } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") - } - - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") - } - return nil } @@ -138,55 +190,79 @@ func CallZauthDelete(serverAddr, token, clientID string) error { return errors.Errorf("code: %d", resp.StatusCode) } + return nil +} - var rsp struct { - Result string `json:"result"` +func CallZvaultNewWallet(serverAddr, token string) error { + endpoint := serverAddr + "/wallet" + + req, err := http.NewRequest("POST", endpoint, nil) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") } + defer resp.Body.Close() - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + return errors.Errorf("code: %d", resp.StatusCode) } return nil } -type newWalletRequest struct { - Roles []string `json:"roles"` -} +func CallZvaultNewSplit(serverAddr, token, clientID string) error { + endpoint := serverAddr + "/key/" + clientID -func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []string) (string, error) { - // Add your code here - endpoint := serverAddr + "/generate" - if clientID != "" { - endpoint = endpoint + "/" + clientID + req, err := http.NewRequest("POST", endpoint, nil) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") } - var body io.Reader + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Jwt-Token", token) - if roles != nil { - data, err := json.Marshal(newWalletRequest{ - Roles: roles, - }) - if err != nil { - return "", errors.Wrap(err, "failed to serialize request") + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - body = bytes.NewReader(data) + return errors.Errorf("code: %d", resp.StatusCode) } - req, err := http.NewRequest("POST", endpoint, body) + return nil +} + +func CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey string) (string, error) { + endpoint := serverAddr + "/restrictions" + + req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("new wallet endpoint:", endpoint) - fmt.Println("new wallet: serverAddr:", serverAddr) - fmt.Println("new wallet: clientID:", clientID) - req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} @@ -213,8 +289,45 @@ func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []strin return string(d), nil } -func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, error) { - // Add your code here +func CallZvaultUpdateRestrictions(serverAddr, token, clientID, peerPublicKey string, restrictions []string) error { + endpoint := serverAddr + "/restrictions/" + clientID + + data, err := json.Marshal(updateRestrictionsRequest{ + Restrictions: restrictions, + }) + if err != nil { + return errors.Wrap(err, "failed to serialize request") + } + + req, err := http.NewRequest("PUT", endpoint, bytes.NewReader(data)) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + return errors.Errorf("code: %d", resp.StatusCode) + } + + return nil +} + +func CallZvaultStoreKeyString(serverAddr, token, privateKey string) error { endpoint := serverAddr + "/store" reqData := struct { @@ -229,57 +342,43 @@ func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, err err := encoder.Encode(reqData) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } var req *http.Request req, err = http.NewRequest("POST", endpoint, &buff) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /store:", endpoint) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Jwt-Token", token) - - fmt.Println(req) - client := &http.Client{} resp, err := client.Do(req) if err != nil { - fmt.Println(err.Error()) - - return "", errors.Wrap(err, "failed to send HTTP request") + return errors.Wrap(err, "failed to send HTTP request") } + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) if len(errMsg) > 0 { - return "", errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - return "", errors.Errorf("code: %d", resp.StatusCode) - } - - d, err := io.ReadAll(resp.Body) - if err != nil { - return "", errors.Wrap(err, "failed to read response body") + return errors.Errorf("code: %d", resp.StatusCode) } - return string(d), nil + return nil } func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) { - // Add your code here endpoint := fmt.Sprintf("%s/keys/%s", serverAddr, clientID) req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -304,14 +403,13 @@ func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) } func CallZvaultDeletePrimaryKey(serverAddr, token, clientID string) error { - // Add your code here endpoint := serverAddr + "/delete/" + clientID + req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /delete:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -343,7 +441,6 @@ func CallZvaultRevokeKey(serverAddr, token, clientID, publicKey string) error { return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /revoke:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -375,7 +472,6 @@ func CallZvaultRetrieveWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -407,7 +503,6 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -434,7 +529,6 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { // ZauthSignTxn returns a function that sends a txn signing request to the zauth server func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc { return func(msg string) (string, error) { - fmt.Println("zvault sign txn - in sign txn...") req, err := http.NewRequest("POST", serverAddr+"/sign/txn", bytes.NewBuffer([]byte(msg))) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") @@ -503,13 +597,3 @@ func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc { return string(d), nil } } - -type AuthMessage struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` -} - -type AuthResponse struct { - Sig string `json:"sig"` -} From 2d328b511617f03b55b5cf34df1c3b9a03abc621 Mon Sep 17 00:00:00 2001 From: harsh4723 Date: Fri, 1 Nov 2024 12:33:20 +0530 Subject: [PATCH 3/5] revert: zauth changes --- zcncore/zauth.go | 318 +++++++++++++++++------------------------------ 1 file changed, 117 insertions(+), 201 deletions(-) diff --git a/zcncore/zauth.go b/zcncore/zauth.go index 7e5b97908..fdb240a80 100644 --- a/zcncore/zauth.go +++ b/zcncore/zauth.go @@ -12,132 +12,69 @@ import ( "github.com/pkg/errors" ) -// AvailableRestrictions represents supported restrictions mapping. -var AvailableRestrictions = map[string][]string{ - "token_transfers": {"transfer"}, - "allocation_file_operations": { - "read_redeem", - "commit_connection", - }, - "allocation_storage_operations": { - "new_allocation_request", - "update_allocation_request", - "finalize_allocation", - "cancel_allocation", - "add_free_storage_assigner", - "free_allocation_request", - }, - "allocation_token_operations": { - "read_pool_lock", - "read_pool_unlock", - "write_pool_lock", - }, - "storage_rewards": { - "collect_reward", - "stake_pool_lock", - "stake_pool_unlock", - }, - "storage_operations": { - "challenge_response", - "add_validator", - "add_blobber", - "blobber_health_check", - "validator_health_check", - }, - "storage_management": { - "kill_blobber", - "kill_validator", - "shutdown_blobber", - "shutdown_validator", - "update_blobber_settings", - "update_validator_settings", - }, - "miner_operations": { - "add_miner", - "add_sharder", - "miner_health_check", - "sharder_health_check", - "contributeMpk", - "shareSignsOrShares", - "wait", - "sharder_keep", - }, - "miner_management_operations": { - "delete_miner", - "delete_sharder", - "update_miner_settings", - "kill_miner", - "kill_sharder", - }, - "miner_financial_operations": { - "addToDelegatePool", - "deleteFromDelegatePool", - "collect_reward", - }, - "token_bridging": { - "mint", - "burn", - }, - "authorizer_management_operations": { - "delete-authorizer", - }, - "authorizer_operations": { - "add-authorizer", - "authorizer-health-check", - "add-to-delegate-pool", - "delete-from-delegate-pool", - }, +// SplitWallet represents wallet info for split wallet +// The client id and client key are the same as the primary wallet client id and client key +type SplitWallet struct { + ClientID string `json:"client_id"` + ClientKey string `json:"client_key"` + PublicKey string `json:"public_key"` + PrivateKey string `json:"private_key"` + PeerPublicKey string `json:"peer_public_key"` + Roles []string `json:"roles"` + IsRevoked bool `json:"is_revoked"` + ExpiredAt int64 `json:"expired_at"` } -type updateRestrictionsRequest struct { - Restrictions []string `json:"restrictions"` -} - -type AuthMessage struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` -} - -type AuthResponse struct { - Sig string `json:"sig"` -} - -func CallZauthRetreiveKey(serverAddr, token, clientID, peerPublicKey string) (string, error) { - endpoint := fmt.Sprintf("%s/key/%s", serverAddr, clientID) +// CallZauthSetup calls the zauth setup endpoint +func CallZauthSetup(serverAddr string, token string, splitWallet SplitWallet) error { + // Add your code here + endpoint := serverAddr + "/setup" + wData, err := json.Marshal(splitWallet) + if err != nil { + return errors.Wrap(err, "failed to marshal split wallet") + } - req, err := http.NewRequest("GET", endpoint, nil) + req, err := http.NewRequest("POST", endpoint, bytes.NewBuffer(wData)) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} resp, err := client.Do(req) if err != nil { - return "", errors.Wrap(err, "failed to send HTTP request") + return errors.Wrap(err, "failed to send HTTP request") } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) - return "", fmt.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + return errors.Errorf("code: %d", resp.StatusCode) } - d, err := io.ReadAll(resp.Body) - if err != nil { - return "", errors.Wrap(err, "failed to read response body") + var rsp struct { + Result string `json:"result"` + } + if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { + return errors.Wrap(err, "failed to decode response body") } - return string(d), nil -} + if rsp.Result != "success" { + return errors.New("failed to setup zauth server") + } -func CallZauthRevoke(serverAddr, token, clientID, peerPublicKey string) error { - endpoint := serverAddr + "/revoke/" + clientID + "?peer_public_key=" + peerPublicKey + return nil +} +func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { + endpoint := serverAddr + "/revoke/" + clientID + endpoint += "?peer_public_key=" + publicKey req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") @@ -162,6 +99,17 @@ func CallZauthRevoke(serverAddr, token, clientID, peerPublicKey string) error { return errors.Errorf("code: %d", resp.StatusCode) } + var rsp struct { + Result string `json:"result"` + } + if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { + return errors.Wrap(err, "failed to decode response body") + } + + if rsp.Result != "success" { + return errors.New("failed to setup zauth server") + } + return nil } @@ -190,79 +138,55 @@ func CallZauthDelete(serverAddr, token, clientID string) error { return errors.Errorf("code: %d", resp.StatusCode) } - return nil -} -func CallZvaultNewWallet(serverAddr, token string) error { - endpoint := serverAddr + "/wallet" - - req, err := http.NewRequest("POST", endpoint, nil) - if err != nil { - return errors.Wrap(err, "failed to create HTTP request") + var rsp struct { + Result string `json:"result"` } - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Jwt-Token", token) - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - return errors.Wrap(err, "failed to send HTTP request") + if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { + return errors.Wrap(err, "failed to decode response body") } - defer resp.Body.Close() - if resp.StatusCode != http.StatusOK { - errMsg, _ := io.ReadAll(resp.Body) - if len(errMsg) > 0 { - return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) - } - - return errors.Errorf("code: %d", resp.StatusCode) + if rsp.Result != "success" { + return errors.New("failed to setup zauth server") } return nil } -func CallZvaultNewSplit(serverAddr, token, clientID string) error { - endpoint := serverAddr + "/key/" + clientID +type newWalletRequest struct { + Roles []string `json:"roles"` +} - req, err := http.NewRequest("POST", endpoint, nil) - if err != nil { - return errors.Wrap(err, "failed to create HTTP request") +func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []string) (string, error) { + // Add your code here + endpoint := serverAddr + "/generate" + if clientID != "" { + endpoint = endpoint + "/" + clientID } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Jwt-Token", token) + var body io.Reader - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - return errors.Wrap(err, "failed to send HTTP request") - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - errMsg, _ := io.ReadAll(resp.Body) - if len(errMsg) > 0 { - return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + if roles != nil { + data, err := json.Marshal(newWalletRequest{ + Roles: roles, + }) + if err != nil { + return "", errors.Wrap(err, "failed to serialize request") } - return errors.Errorf("code: %d", resp.StatusCode) + body = bytes.NewReader(data) } - return nil -} - -func CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey string) (string, error) { - endpoint := serverAddr + "/restrictions" - - req, err := http.NewRequest("GET", endpoint, nil) + req, err := http.NewRequest("POST", endpoint, body) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("new wallet endpoint:", endpoint) + fmt.Println("new wallet: serverAddr:", serverAddr) + fmt.Println("new wallet: clientID:", clientID) + req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} @@ -289,45 +213,8 @@ func CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey string) (st return string(d), nil } -func CallZvaultUpdateRestrictions(serverAddr, token, clientID, peerPublicKey string, restrictions []string) error { - endpoint := serverAddr + "/restrictions/" + clientID - - data, err := json.Marshal(updateRestrictionsRequest{ - Restrictions: restrictions, - }) - if err != nil { - return errors.Wrap(err, "failed to serialize request") - } - - req, err := http.NewRequest("PUT", endpoint, bytes.NewReader(data)) - if err != nil { - return errors.Wrap(err, "failed to create HTTP request") - } - - req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Peer-Public-Key", peerPublicKey) - req.Header.Set("X-Jwt-Token", token) - - client := &http.Client{} - resp, err := client.Do(req) - if err != nil { - return errors.Wrap(err, "failed to send HTTP request") - } - defer resp.Body.Close() - - if resp.StatusCode != http.StatusOK { - errMsg, _ := io.ReadAll(resp.Body) - if len(errMsg) > 0 { - return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) - } - - return errors.Errorf("code: %d", resp.StatusCode) - } - - return nil -} - -func CallZvaultStoreKeyString(serverAddr, token, privateKey string) error { +func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, error) { + // Add your code here endpoint := serverAddr + "/store" reqData := struct { @@ -342,43 +229,57 @@ func CallZvaultStoreKeyString(serverAddr, token, privateKey string) error { err := encoder.Encode(reqData) if err != nil { - return errors.Wrap(err, "failed to create HTTP request") + return "", errors.Wrap(err, "failed to create HTTP request") } var req *http.Request req, err = http.NewRequest("POST", endpoint, &buff) if err != nil { - return errors.Wrap(err, "failed to create HTTP request") + return "", errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("call zvault /store:", endpoint) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Jwt-Token", token) + + fmt.Println(req) + client := &http.Client{} resp, err := client.Do(req) if err != nil { - return errors.Wrap(err, "failed to send HTTP request") - } + fmt.Println(err.Error()) + return "", errors.Wrap(err, "failed to send HTTP request") + } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) if len(errMsg) > 0 { - return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + return "", errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - return errors.Errorf("code: %d", resp.StatusCode) + return "", errors.Errorf("code: %d", resp.StatusCode) } - return nil + d, err := io.ReadAll(resp.Body) + if err != nil { + return "", errors.Wrap(err, "failed to read response body") + } + + return string(d), nil } func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) { + // Add your code here endpoint := fmt.Sprintf("%s/keys/%s", serverAddr, clientID) req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -403,13 +304,14 @@ func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) } func CallZvaultDeletePrimaryKey(serverAddr, token, clientID string) error { + // Add your code here endpoint := serverAddr + "/delete/" + clientID - req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("call zvault /delete:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -441,6 +343,7 @@ func CallZvaultRevokeKey(serverAddr, token, clientID, publicKey string) error { return errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("call zvault /revoke:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -472,6 +375,7 @@ func CallZvaultRetrieveWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -503,6 +407,7 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } + fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -529,6 +434,7 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { // ZauthSignTxn returns a function that sends a txn signing request to the zauth server func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc { return func(msg string) (string, error) { + fmt.Println("zvault sign txn - in sign txn...") req, err := http.NewRequest("POST", serverAddr+"/sign/txn", bytes.NewBuffer([]byte(msg))) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") @@ -597,3 +503,13 @@ func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc { return string(d), nil } } + +type AuthMessage struct { + Hash string `json:"hash"` + Signature string `json:"signature"` + ClientID string `json:"client_id"` +} + +type AuthResponse struct { + Sig string `json:"sig"` +} From 9d17c71dfbd95138b9d2067bfc91cd34dec4949b Mon Sep 17 00:00:00 2001 From: harsh4723 Date: Fri, 1 Nov 2024 12:53:47 +0530 Subject: [PATCH 4/5] fix: zauth file --- zcncore/zauth.go | 317 ++++++++++++++++++++++++++++++----------------- 1 file changed, 200 insertions(+), 117 deletions(-) diff --git a/zcncore/zauth.go b/zcncore/zauth.go index fdb240a80..82e790055 100644 --- a/zcncore/zauth.go +++ b/zcncore/zauth.go @@ -12,69 +12,131 @@ import ( "github.com/pkg/errors" ) -// SplitWallet represents wallet info for split wallet -// The client id and client key are the same as the primary wallet client id and client key -type SplitWallet struct { - ClientID string `json:"client_id"` - ClientKey string `json:"client_key"` - PublicKey string `json:"public_key"` - PrivateKey string `json:"private_key"` - PeerPublicKey string `json:"peer_public_key"` - Roles []string `json:"roles"` - IsRevoked bool `json:"is_revoked"` - ExpiredAt int64 `json:"expired_at"` +// AvailableRestrictions represents supported restrictions mapping. +var AvailableRestrictions = map[string][]string{ + "token_transfers": {"transfer"}, + "allocation_file_operations": { + "read_redeem", + "commit_connection", + }, + "allocation_storage_operations": { + "new_allocation_request", + "update_allocation_request", + "finalize_allocation", + "cancel_allocation", + "add_free_storage_assigner", + "free_allocation_request", + }, + "allocation_token_operations": { + "read_pool_lock", + "read_pool_unlock", + "write_pool_lock", + }, + "storage_rewards": { + "collect_reward", + "stake_pool_lock", + "stake_pool_unlock", + }, + "storage_operations": { + "challenge_response", + "add_validator", + "add_blobber", + "blobber_health_check", + "validator_health_check", + }, + "storage_management": { + "kill_blobber", + "kill_validator", + "shutdown_blobber", + "shutdown_validator", + "update_blobber_settings", + "update_validator_settings", + }, + "miner_operations": { + "add_miner", + "add_sharder", + "miner_health_check", + "sharder_health_check", + "contributeMpk", + "shareSignsOrShares", + "wait", + "sharder_keep", + }, + "miner_management_operations": { + "delete_miner", + "delete_sharder", + "update_miner_settings", + "kill_miner", + "kill_sharder", + }, + "miner_financial_operations": { + "addToDelegatePool", + "deleteFromDelegatePool", + "collect_reward", + }, + "token_bridging": { + "mint", + "burn", + }, + "authorizer_management_operations": { + "delete-authorizer", + }, + "authorizer_operations": { + "add-authorizer", + "authorizer-health-check", + "add-to-delegate-pool", + "delete-from-delegate-pool", + }, } -// CallZauthSetup calls the zauth setup endpoint -func CallZauthSetup(serverAddr string, token string, splitWallet SplitWallet) error { - // Add your code here - endpoint := serverAddr + "/setup" - wData, err := json.Marshal(splitWallet) - if err != nil { - return errors.Wrap(err, "failed to marshal split wallet") - } +type updateRestrictionsRequest struct { + Restrictions []string `json:"restrictions"` +} + +type AuthMessage struct { + Hash string `json:"hash"` + Signature string `json:"signature"` + ClientID string `json:"client_id"` +} - req, err := http.NewRequest("POST", endpoint, bytes.NewBuffer(wData)) +type AuthResponse struct { + Sig string `json:"sig"` +} + +func CallZauthRetreiveKey(serverAddr, token, clientID, peerPublicKey string) (string, error) { + endpoint := fmt.Sprintf("%s/key/%s", serverAddr, clientID) + + req, err := http.NewRequest("GET", endpoint, nil) if err != nil { - return errors.Wrap(err, "failed to create HTTP request") + return "", errors.Wrap(err, "failed to create HTTP request") } req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} resp, err := client.Do(req) if err != nil { - return errors.Wrap(err, "failed to send HTTP request") + return "", errors.Wrap(err, "failed to send HTTP request") } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) - if len(errMsg) > 0 { - return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) - } - - return errors.Errorf("code: %d", resp.StatusCode) - } - - var rsp struct { - Result string `json:"result"` - } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") + return "", fmt.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") + d, err := io.ReadAll(resp.Body) + if err != nil { + return "", errors.Wrap(err, "failed to read response body") } - return nil + return string(d), nil } -func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { - endpoint := serverAddr + "/revoke/" + clientID - endpoint += "?peer_public_key=" + publicKey +func CallZauthRevoke(serverAddr, token, clientID, peerPublicKey string) error { + endpoint := serverAddr + "/revoke/" + clientID + "?peer_public_key=" + peerPublicKey req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") @@ -99,17 +161,6 @@ func CallZauthRevoke(serverAddr, token, clientID, publicKey string) error { return errors.Errorf("code: %d", resp.StatusCode) } - var rsp struct { - Result string `json:"result"` - } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") - } - - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") - } - return nil } @@ -138,55 +189,79 @@ func CallZauthDelete(serverAddr, token, clientID string) error { return errors.Errorf("code: %d", resp.StatusCode) } + return nil +} + +func CallZvaultNewWallet(serverAddr, token string) error { + endpoint := serverAddr + "/wallet" - var rsp struct { - Result string `json:"result"` + req, err := http.NewRequest("POST", endpoint, nil) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") } - if err := json.NewDecoder(resp.Body).Decode(&rsp); err != nil { - return errors.Wrap(err, "failed to decode response body") + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } - if rsp.Result != "success" { - return errors.New("failed to setup zauth server") + return errors.Errorf("code: %d", resp.StatusCode) } return nil } -type newWalletRequest struct { - Roles []string `json:"roles"` -} +func CallZvaultNewSplit(serverAddr, token, clientID string) error { + endpoint := serverAddr + "/key/" + clientID -func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []string) (string, error) { - // Add your code here - endpoint := serverAddr + "/generate" - if clientID != "" { - endpoint = endpoint + "/" + clientID + req, err := http.NewRequest("POST", endpoint, nil) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") } - var body io.Reader + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Jwt-Token", token) - if roles != nil { - data, err := json.Marshal(newWalletRequest{ - Roles: roles, - }) - if err != nil { - return "", errors.Wrap(err, "failed to serialize request") + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - body = bytes.NewReader(data) + return errors.Errorf("code: %d", resp.StatusCode) } - req, err := http.NewRequest("POST", endpoint, body) + return nil +} + +func CallZvaultRetrieveRestrictions(serverAddr, token, peerPublicKey string) (string, error) { + endpoint := serverAddr + "/restrictions" + + req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("new wallet endpoint:", endpoint) - fmt.Println("new wallet: serverAddr:", serverAddr) - fmt.Println("new wallet: clientID:", clientID) - req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) req.Header.Set("X-Jwt-Token", token) client := &http.Client{} @@ -213,8 +288,45 @@ func CallZvaultNewWalletString(serverAddr, token, clientID string, roles []strin return string(d), nil } -func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, error) { - // Add your code here +func CallZvaultUpdateRestrictions(serverAddr, token, clientID, peerPublicKey string, restrictions []string) error { + endpoint := serverAddr + "/restrictions/" + clientID + + data, err := json.Marshal(updateRestrictionsRequest{ + Restrictions: restrictions, + }) + if err != nil { + return errors.Wrap(err, "failed to serialize request") + } + + req, err := http.NewRequest("PUT", endpoint, bytes.NewReader(data)) + if err != nil { + return errors.Wrap(err, "failed to create HTTP request") + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-Peer-Public-Key", peerPublicKey) + req.Header.Set("X-Jwt-Token", token) + + client := &http.Client{} + resp, err := client.Do(req) + if err != nil { + return errors.Wrap(err, "failed to send HTTP request") + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + errMsg, _ := io.ReadAll(resp.Body) + if len(errMsg) > 0 { + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + } + + return errors.Errorf("code: %d", resp.StatusCode) + } + + return nil +} + +func CallZvaultStoreKeyString(serverAddr, token, privateKey string) error { endpoint := serverAddr + "/store" reqData := struct { @@ -229,57 +341,43 @@ func CallZvaultStoreKeyString(serverAddr, token, privateKey string) (string, err err := encoder.Encode(reqData) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } var req *http.Request req, err = http.NewRequest("POST", endpoint, &buff) if err != nil { - return "", errors.Wrap(err, "failed to create HTTP request") + return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /store:", endpoint) - req.Header.Set("Content-Type", "application/json") - req.Header.Set("X-Jwt-Token", token) - - fmt.Println(req) - client := &http.Client{} resp, err := client.Do(req) if err != nil { - fmt.Println(err.Error()) - - return "", errors.Wrap(err, "failed to send HTTP request") + return errors.Wrap(err, "failed to send HTTP request") } + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { errMsg, _ := io.ReadAll(resp.Body) if len(errMsg) > 0 { - return "", errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) + return errors.Errorf("code: %d, err: %s", resp.StatusCode, string(errMsg)) } - return "", errors.Errorf("code: %d", resp.StatusCode) - } - - d, err := io.ReadAll(resp.Body) - if err != nil { - return "", errors.Wrap(err, "failed to read response body") + return errors.Errorf("code: %d", resp.StatusCode) } - return string(d), nil + return nil } func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) { - // Add your code here endpoint := fmt.Sprintf("%s/keys/%s", serverAddr, clientID) req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -304,14 +402,13 @@ func CallZvaultRetrieveKeys(serverAddr, token, clientID string) (string, error) } func CallZvaultDeletePrimaryKey(serverAddr, token, clientID string) error { - // Add your code here endpoint := serverAddr + "/delete/" + clientID + req, err := http.NewRequest("POST", endpoint, nil) if err != nil { return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /delete:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -343,7 +440,6 @@ func CallZvaultRevokeKey(serverAddr, token, clientID, publicKey string) error { return errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /revoke:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -375,7 +471,6 @@ func CallZvaultRetrieveWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -407,7 +502,6 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { return "", errors.Wrap(err, "failed to create HTTP request") } - fmt.Println("call zvault /keys:", endpoint) req.Header.Set("Content-Type", "application/json") req.Header.Set("X-Jwt-Token", token) @@ -434,7 +528,6 @@ func CallZvaultRetrieveSharedWallets(serverAddr, token string) (string, error) { // ZauthSignTxn returns a function that sends a txn signing request to the zauth server func ZauthSignTxn(serverAddr string) sys.AuthorizeFunc { return func(msg string) (string, error) { - fmt.Println("zvault sign txn - in sign txn...") req, err := http.NewRequest("POST", serverAddr+"/sign/txn", bytes.NewBuffer([]byte(msg))) if err != nil { return "", errors.Wrap(err, "failed to create HTTP request") @@ -503,13 +596,3 @@ func ZauthAuthCommon(serverAddr string) sys.AuthorizeFunc { return string(d), nil } } - -type AuthMessage struct { - Hash string `json:"hash"` - Signature string `json:"signature"` - ClientID string `json:"client_id"` -} - -type AuthResponse struct { - Sig string `json:"sig"` -} From 0a39195eccc5339aff3ebee5d09d2d84bed4a8f3 Mon Sep 17 00:00:00 2001 From: Jayash Satolia Date: Tue, 7 Jan 2025 03:38:27 +0530 Subject: [PATCH 5/5] Sign update alloc auth ticket --- wasmsdk/allocation.go | 8 ++++++++ wasmsdk/proxy.go | 1 + zboxcore/sdk/blobber_operations.go | 13 +++++++++++++ znft/example/go.mod | 4 ++-- 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/wasmsdk/allocation.go b/wasmsdk/allocation.go index 2dfa67c36..5ddaf6916 100644 --- a/wasmsdk/allocation.go +++ b/wasmsdk/allocation.go @@ -304,6 +304,14 @@ func updateAllocation(allocationID string, return hash, err } +func getUpdateAllocTicket(allocationID, userID, operationType string, roundExpiry int64) (string, error) { + sign, err := sdk.GetUpdateAllocTicket(allocationID, userID, operationType, roundExpiry) + if err != nil { + return "", err + } + return sign, err +} + // getAllocationMinLock retrieves the minimum lock value for the allocation creation, as calculated by the network. // Lock value is the amount of tokens that the client needs to lock in the allocation's write pool // to be able to pay for the write operations. diff --git a/wasmsdk/proxy.go b/wasmsdk/proxy.go index c3e22a730..fcfd25fb7 100644 --- a/wasmsdk/proxy.go +++ b/wasmsdk/proxy.go @@ -267,6 +267,7 @@ func main() { "getUpdateAllocationMinLock": getUpdateAllocationMinLock, "getAllocationWith": getAllocationWith, "createfreeallocation": createfreeallocation, + "getUpdateAllocTicket": getUpdateAllocTicket, // readpool "getReadPoolInfo": getReadPoolInfo, diff --git a/zboxcore/sdk/blobber_operations.go b/zboxcore/sdk/blobber_operations.go index 5985aa99b..15af35bf8 100644 --- a/zboxcore/sdk/blobber_operations.go +++ b/zboxcore/sdk/blobber_operations.go @@ -4,7 +4,9 @@ package sdk import ( + "encoding/hex" "encoding/json" + "fmt" "math" "strings" @@ -154,6 +156,17 @@ func UpdateAllocation( return } +func GetUpdateAllocTicket(allocationID, userID, operationType string, roundExpiry int64) (string, error) { + payload := fmt.Sprintf("%s:%d:%s:%s", allocationID, roundExpiry, userID, operationType) + + signature, err := client.Sign(hex.EncodeToString([]byte(payload))) + if err != nil { + return "", err + } + + return signature, nil +} + // StakePoolLock locks tokens in a stake pool. // This function is the entry point for the staking operation. // Provided the provider type and provider ID, the value is locked in the stake pool between the SDK client and the provider. diff --git a/znft/example/go.mod b/znft/example/go.mod index da7233de2..7d7b3f3b6 100644 --- a/znft/example/go.mod +++ b/znft/example/go.mod @@ -1,8 +1,8 @@ module example -go 1.21 +go 1.22.5 -toolchain go1.21.0 +toolchain go1.23.3 require github.com/0chain/gosdk v1.8.9