cryptsy 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 86fbb550ff9903ff92f1ed6bd6f72addb0f7c262
+  data.tar.gz: 21735c159cd27ce56adcbf629264b5da170692bd
+SHA512:
+  metadata.gz: f541a58e0610ba764d25de2cc0d2c4173b33f77aa58d96074e16a70113393c32c6d0a9b43ca58b5c0ad251f1b6c159d27031c1e2187166c8c362ff3d51ebe534
+  data.tar.gz: 7dbafded98719d639791e1997bd4199e9af63382967ff02ce939a3c513423085cd5a954d0a096b53b0668b20234750572f4b5d699647edd4bb42526423fa740c

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2014 Ian Unruh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,166 @@
+# Cryptsy
+
+Provides an idiomatic Ruby client for the authenticated Cryptsy API
+
+## JSON client
+
+Grab your API keys from the Crypsty website
+
+```ruby
+client = Cryptsy::Client.new('YOUR PUBLIC KEY', 'YOUR PRIVATE KEY')
+```
+
+### Check your account details
+
+```ruby
+# Get account blances
+client.info.balances_available
+
+# Get transfers, transactions, open orders
+client.transfers
+client.transactions
+client.orders
+```
+
+### Query markets
+
+```ruby
+client.markets
+client.market_by_pair('DOGE', 'BTC')
+```
+
+### Generate new receive addresses
+
+```ruby
+client.generate_deposit_address('DOGE') # => 'DTP2Na7P4JpwhUuPTdJWjGzAK9P5VXF5Zd'
+client.generate_deposit_address('BTC')  # => '156q4WMvWmCSmTdZSVVn8zdnDFJWZsb6XW'
+```
+
+### Make withdrawals
+
+```ruby
+client.make_withdrawal('DKkNNCF2DRcHtSgbKeDTVd2T8qjng1Z8hV', 1250.0)
+```
+
+Note that this method only works for addresses that have been pre-approved. Use the web client
+if you wish to automate the pre-approval process.
+
+## Web client
+
+This package provides a web client for doing unsafe operations on Cryptsy. The official JSON
+API does not allow you to withdraw funds to addresses that have not been pre-approved. Nor does
+it let you pre-approval addresses. Therefore, you would be forced to login to the HTML web interface,
+and input your password and TFA token to do withdrawals and add trusted addresses.
+
+This client is rough around the edges, but the basic functionality is there. It has many extra dependencies,
+so you have to explicitly require it and install the dependencies.
+
+```sh
+gem install faraday-cookie_jar nokogiri rotp
+```
+
+```ruby
+require 'cryptsy/web_client'
+
+web_client = Cryptsy::WebClient.new('YOUR CRYPTSY USERNAME', 'YOUR CRYPTSY PASSWORD', 'YOUR TFA SECRET')
+web_client.login
+web_client.pincode
+```
+
+Now that you have a session on Cryptsy, you can perform privileged operations.
+
+### Withdrawals
+
+If you wish to make a withdrawal to an address that has not been pre-approved, use the following:
+
+```ruby
+web_client.make_withdrawal(94, 'DKkNNCF2DRcHtSgbKeDTVd2T8qjng1Z8hV', 1250.0)
+```
+
+You will receive a confirmation email after a short period. The link in this email must be visited
+for the withdrawal to continue.
+
+Note that you **will not** be able to use this for trusted addresses. Instead, use the respective method
+on the regular JSON client.
+
+### Trusted addresses
+
+If you wish to make an address trusted, use the following:
+
+```ruby
+web_client.add_trusted_address('DQRhettwhyR6xeK6xFQ2nbhjhSTgZzdgMR')
+```
+
+You will receive a confirmatin email after a short period. The link in this email must be visited
+for the address to become trusted.
+
+Note that you **will not** be able to use the web client to make withdrawals to this address now. Instead,
+use the respective method on the regular JSON client.
+
+### Caching sessions
+
+The web client uses Faraday with middleware for [HTTP::CookieJar](https://github.com/sparklemotion/http-cookie).
+
+The cookie jar is accessible, so you can save and load cookies to a file between uses.
+
+```ruby
+jar = web_client.cookie_jar
+
+jar.load('path/to/cookies.txt')
+jar.cleanup
+
+jar.save('path/to/cookies.txt', session: true)
+```
+
+## Confirmation email polling
+
+Take automation to the next level! Using `ConfirmationPoller`, you can scan the email account associated with your
+Cryptsy account. Combining this with the web client allows you to automatically confirm:
+
+- Trusted addresses
+- Withdrawals to untrusted addresses
+
+Refer to `examples/gmail_poller.rb` to see basic integration with Gmail. Combine it with the web client like so:
+
+```ruby
+adapter = GmailAdapter.new('GMAIL USERNAME', 'GMAIL PASSWORD')
+web_client = Cryptsy::WebClient.new('CRYPTSY USERNAME', 'CRYPTSY PASSWORD', 'TFA SECRET')
+poller = Cryptsy::ConfirmationPoller.new(adapter, CONFIRM_TRUSTED_ADDRESS_PATTERN)
+
+poller.run_until_found.each do |link|
+  web_client.get(link)
+end
+
+adapter.logout
+```
+
+It's recommended to setup an application-specific password instead of using your primary Gmail password.
+
+## Security concerns
+
+### SSL verification
+
+The certificate for `https://api.cryptsy.com` is invalid. Therefore, any clients that connect to it
+must disable SSL verification. **This opens up the possibility for a MITM attack.**
+
+Until this is fixed, avoid experimenting with the JSON client on untrusted networks until this
+is corrected. The web client does not have this vulnerability, the `https://www.cryptsy.com` certificate
+is correct.
+
+### Plaintext credentials
+
+Using both clients will result in a large number of credentials needing to be stored in plaintext.
+
+This includes the following:
+
+- Cryptsy username & password
+- Cryptsy API key pair
+- Cryptsy two-factor authentication (TFA) secret
+
+Therefore, you should isolate the use of this client away from a public-facing service. On a separate VM,
+you can use a background worker process, like Sidekiq or Resque.
+
+## To-do
+
+- [FIX] Add error handling to web client
+- [FEAT] Add auto-confirm for emailed confirmation links

data/lib/cryptsy.rb

@@ -0,0 +1,7 @@
+require 'faraday'
+
+require 'cryptsy/version'
+
+require 'cryptsy/client'
+require 'cryptsy/confirmation_poller'
+require 'cryptsy/errors'

data/lib/cryptsy/client.rb

@@ -0,0 +1,171 @@
+require 'hashie'
+require 'json'
+require 'openssl'
+require 'uri'
+
+module Cryptsy
+  class Client
+    DEFAULT_OPTIONS = {
+      url: 'https://api.cryptsy.com',
+      ssl: {
+        verify: false
+      }
+    }
+
+    ORDER_TYPE_BUY = 'Buy'
+    ORDER_TYPE_SELL = 'Sell'
+
+    # @param [String] public_key
+    # @param [String] private_key
+    # @param [Hash] options
+    def initialize(public_key, private_key, options = {})
+      @public_key = public_key
+      @private_key = private_key
+      @digest = OpenSSL::Digest::SHA512.new
+      @connection = Faraday.new(DEFAULT_OPTIONS.merge(options))
+    end
+
+    def info
+      call(:getinfo)
+    end
+
+    def markets
+      call(:getmarkets)
+    end
+
+    def market_by_pair(primary_code, secondary_code)
+      markets.find do |market|
+        market.primary_currency_code == normalize_currency_code(primary_code) &&
+          market.secondary_currency_code == normalize_currency_code(secondary_code)
+      end
+    end
+
+    def orders(market_id)
+      call(:myorders, marketid: market_id)
+    end
+
+    def all_orders
+      call(:allmyorders)
+    end
+
+    def trades(market_id, limit = 200)
+      call(:mytrades, marketid: market_id, limit: limit)
+    end
+
+    def all_trades
+      call(:allmytrades)
+    end
+
+    def transactions
+      call(:mytransactions)
+    end
+
+    def transfers
+      call(:mytransfers)
+    end
+
+    def market_depth(market_id)
+      call(:depth, marketid: market_id)
+    end
+
+    def market_orders(market_id)
+      call(:marketorders, marketid: market_id)
+    end
+
+    def market_trades(market_id)
+      call(:markettrades, marketid: market_id)
+    end
+
+    def create_buy_order(market_id, quantity, price)
+      create_order(market_id, ORDER_TYPE_BUY, quantity, price)
+    end
+
+    def create_sell_order(market_id, quantity, price)
+      create_order(market_id, ORDER_TYPE_SELL, quantity, price)
+    end
+
+    def create_order(market_id, order_type, quantity, price)
+      call(:createorder, marketid: market_id, ordertype: order_type, quantity: quantity, price: price)
+    end
+
+    def cancel_order(order_id)
+      call(:cancelorder, orderid: order_id)
+    end
+
+    def cancel_orders(market_id)
+      call(:cancelmarketorders, marketid: market_id)
+    end
+
+    def cancel_all_orders
+      call(:cancelallorders)
+    end
+
+    def calculate_buy_fees(quantity, price)
+      calculate_fees(ORDER_TYPE_BUY, quantity, price)
+    end
+
+    def calculate_sell_fees(quantity, price)
+      calculate_fees(ORDER_TYPE_SELL, quantity, price)
+    end
+
+    def calculate_fees(order_type, quantity, price)
+      call(:calculatefees, ordertype: order_type, quantity: quantity, price: price)
+    end
+
+    def generate_new_address(currency)
+      if currency.is_a?(Integer)
+        call(:generatenewaddress, currencyid: currency).address
+      else
+        call(:generatenewaddress, currencycode: normalize_currency_code(currency)).address
+      end
+    end
+
+    def make_withdrawal(address, amount)
+      call(:makewithdrawal, address: address, amount: amount)
+    end
+
+    # @raise [CryptsyError]
+    # @param [Symbol] method_name
+    # @param [Hash] params
+    # @return [Object]
+    def call(method_name, params = {})
+      request = {
+        method: method_name,
+        nonce: Time.now.to_i
+      }.merge(params)
+
+      body = URI.encode_www_form(request)
+      signature = OpenSSL::HMAC.hexdigest(@digest, @private_key, body)
+
+      response = @connection.post do |req|
+        req.url 'api'
+        req.body = body
+
+        req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
+        req.headers['Key'] = @public_key
+        req.headers['Sign'] = signature
+      end
+
+      process_response(response)
+    end
+
+    # @raise [CryptsyError]
+    # @param [Faraday::Response] response
+    # @return [Object]
+    def process_response(response)
+      body = Hashie::Mash.new(JSON.parse(response.body))
+
+      unless body.success.to_i == 1
+        raise ClientError, body.error
+      end
+
+      body.return
+    end
+
+    # @param [Object] code
+    # @return [String]
+    def normalize_currency_code(code)
+      code.to_s.upcase
+    end
+  end
+end

data/lib/cryptsy/confirmation_poller.rb

@@ -0,0 +1,47 @@
+require 'nokogiri'
+
+module Cryptsy
+  class ConfirmationPoller
+    # @param [Object] adapter
+    # @param [Regexp] pattern
+    def initialize(adapter, pattern)
+      @adapter = adapter
+      @pattern = pattern
+    end
+
+    # @return [Enumerable]
+    def run_once
+      links = []
+
+      @adapter.call do |email|
+        scan_links(links, email)
+      end
+
+      links
+    end
+
+    # @param [Integer] sleep_interval
+    # @return [void]
+    def run_until_found(sleep_interval = 3)
+      loop do
+        links = run_once
+        return links unless links.empty?
+        sleep sleep_interval
+      end
+    end
+
+    private
+
+    # @param [Array] links
+    # @param [String] email
+    # @return [void]
+    def scan_links(links, email)
+      doc = Nokogiri::HTML(email.to_s)
+      doc.xpath('//a').each do |link|
+        if link[:href] =~ @pattern
+          links.push($1)
+        end
+      end
+    end
+  end # ConfirmationPoller
+end

data/lib/cryptsy/errors.rb

@@ -0,0 +1,3 @@
+module Cryptsy
+  ClientError = Class.new(RuntimeError)
+end

data/lib/cryptsy/version.rb

@@ -0,0 +1,3 @@
+module Cryptsy
+  VERSION = '0.1'
+end

data/lib/cryptsy/web_client.rb

@@ -0,0 +1,134 @@
+require 'faraday-cookie_jar'
+require 'nokogiri'
+require 'rotp'
+
+module Cryptsy
+  # Unsafe client that allows you to do things that the Cryptsy API does not permit,
+  # including withdrawals to untrusted addresses, as well as pre-approving addresses
+  # for withdrawals
+  class WebClient
+    DEFAULT_OPTIONS = {
+      url: 'https://www.cryptsy.com'
+    }
+
+    # @param [HTTP::CookieJar]
+    attr_reader :cookie_jar
+
+    # @param [String] username
+    # @param [String] password
+    # @param [String] tfa_secret
+    # @param [Hash] options
+    def initialize(username, password, tfa_secret, options = {})
+      @username = username
+      @password = password
+      @tfa = ROTP::TOTP.new(tfa_secret)
+
+      @cookie_jar = HTTP::CookieJar.new
+
+      @connection = Faraday.new(DEFAULT_OPTIONS.merge(options)) do |builder|
+        builder.use :cookie_jar, jar: @cookie_jar
+        builder.request :url_encoded
+        builder.adapter Faraday.default_adapter
+      end
+    end
+
+    # Performs login operation using the configured username and password
+    # @return [Faraday::Response]
+    def login
+      request = {
+        'data[User][username]' => @username,
+        'data[User][password]' => @password,
+      }
+
+      post_with_csrf('/users/login', request)
+    end
+
+    # Finishes login operation using TOTP and TFA secret
+    # @return [Faraday::Response]
+    def pincode
+      request = {
+        'data[User][pincode]' => @tfa.now
+      }
+
+      post_with_csrf('/users/pincode', request)
+    end
+
+    # Submits a trusted address for pre-approved withdrawals
+    #
+    # @param [Integer] currency_id
+    # @param [String] address
+    # @return [Faraday::Response]
+    def add_trusted_address(currency_id, address)
+      request = {
+        'data[Withdrawal][currency_id]' => currency_id,
+        'data[Withdrawal][address]' => address,
+        'data[Withdrawal][existing_password]' => @password,
+        'data[Withdrawal][pincode]' => @tfa.now,
+      }
+
+      post_with_csrf('/users/addtrustedaddress', request)
+    end
+
+    # Submits a request for withdrawal to an untrusted address
+    #
+    # @param [Integer] currency_id
+    # @param [String] address
+    # @param [Float] amount
+    # @return [Faraday::Response]
+    def make_withdrawal(currency_id, address, amount)
+      request = {
+        'data[Withdrawal][fee]' => '1.00000000',
+        'data[Withdrawal][wdamount]' => amount,
+        'data[Withdrawal][address]' => address,
+        'data[Withdrawal][approvedaddress]' => '',
+        'data[Withdrawal][existing_password]' => @password,
+        'data[Withdrawal][pincode]' => @tfa.now,
+      }
+
+      post_with_csrf("/users/makewithdrawal/#{currency_id}", request)
+    end
+
+    # @param [String] url
+    # @return [Faraday::Response]
+    def get(url)
+      @connection.get(url)
+    end
+
+    # @param [String] url
+    # @param [Hash] body
+    # @return [Faraday::Response]
+    def post(url, body)
+      @connection.post(url, body)
+    end
+
+    # Performs an initial GET request to the given URL to obtain any CSRF tokens,
+    # injects them into the given request, then performs a POST request to the given URL
+    #
+    # @param [String] url
+    # @param [Hash] request
+    # @return [Faraday::Request]
+    def post_with_csrf(url, request)
+      prepare_request(get(url), request)
+      post(url, request)
+    end
+
+    private
+
+    # @param [Faraday::Response] initial_response
+    # @param [Hash] new_request
+    # @return [void]
+    def prepare_request(initial_response, new_request)
+      doc = Nokogiri::HTML(initial_response.body)
+
+      # Inject CSRF token into new request
+      doc.xpath('//input').each do |input|
+        if input[:name] =~ /_Token/
+          new_request[input[:name]] = input[:value]
+        end
+      end
+
+      # Set the request method
+      new_request['_method'] = 'POST'
+    end
+  end
+end

data/spec/client_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe Cryptsy::Client do
+  before(:all) do
+    @public_key = ENV['CRYPTSY_PUBKEY']
+    @private_key = ENV['CRYPTSY_PRIVKEY']
+
+    unless @public_key && @private_key
+      fail 'API keys are required to run this spec'
+    end
+  end
+
+  subject { Cryptsy::Client.new(@public_key, @private_key) }
+
+  describe '#info' do
+    it 'displays current user info' do
+      result = subject.info
+      expect(result.balances_available).to be_a(Hash)
+      expect(result.servertimestamp).to be_an(Integer)
+    end
+  end
+
+  describe '#calculate_fees' do
+    it 'calculates the fee for a buy order' do
+      quantity = 1000
+      price = 10
+
+      result = subject.calculate_buy_fees(quantity, price)
+
+      expect(result.net.to_f).to eql((quantity * price) + result.fee.to_f)
+    end
+
+    it 'calculates the fee for a sell order' do
+      quantity = 1000
+      price = 10
+
+      result = subject.calculate_sell_fees(quantity, price)
+
+      expect(result.net.to_f).to eql((quantity * price) - result.fee.to_f)
+    end
+  end
+
+  describe '#generate_new_address' do
+    it 'raises an error when using an invalid currency' do
+      expect {
+        subject.generate_new_address('HERP')
+      }.to raise_error(Cryptsy::ClientError)
+    end
+
+    it 'returns a newly generated receive address' do
+      result = subject.generate_new_address('DOGE')
+      expect(result.size).to eql(34)
+    end
+  end
+
+  describe '#transactions' do
+    it 'returns all deposits and withdrawals' do
+      expect(subject.transactions).to be_an(Enumerable)
+    end
+  end
+
+  describe '#market_by_pair' do
+    it 'returns market by its currency code pair' do
+      expect(subject.market_by_pair('DOGE', 'BTC')).to be_a(Hash)
+    end
+
+    it 'returns nil for non-existant markets' do
+      expect(subject.market_by_pair('DOGE', 'HERP')).to be_nil
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'cryptsy'

data/spec/web_client_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+require 'cryptsy/web_client'
+
+describe Cryptsy::WebClient do
+  before(:all) do
+    @username = ENV['CRYPTSY_USERNAME']
+    @password = ENV['CRYPTSY_PASSWORD']
+    @tfa_secret = ENV['CRYPTSY_TFA_SECRET']
+
+    unless @username && @password && @tfa_secret
+      fail 'Cryptsy login details are required to run this spec'
+    end
+  end
+
+  subject { Cryptsy::WebClient.new(@username, @password, @tfa_secret) }
+
+  describe '#login' do
+    it 'logs into Cryptsy' do
+      response = subject.login
+      # Should respond with 302
+      # Location header should be /users/dashboard or /users/pincode
+    end
+
+    context 'with bad credentials' do
+      subject { Cryptsy::WebClient.new('herp', 'derp', 'lolz') }
+      it 'fails to login' do
+        response = subject.login
+        # Should respond with 200
+        # Look for div#flashMessages
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: cryptsy
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Ian Unruh
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: API client for interacting with Cryptsy
+email: ianunruh@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/cryptsy.rb
+- lib/cryptsy/client.rb
+- lib/cryptsy/confirmation_poller.rb
+- lib/cryptsy/errors.rb
+- lib/cryptsy/version.rb
+- lib/cryptsy/web_client.rb
+- spec/client_spec.rb
+- spec/spec_helper.rb
+- spec/web_client_spec.rb
+homepage: https://github.com/ianunruh/cryptsy
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: API client for interacting with Cryptsy
+test_files:
+- spec/client_spec.rb
+- spec/spec_helper.rb
+- spec/web_client_spec.rb
+has_rdoc: