mixin_bot 0.1.1 → 0.3.2

data/lib/mixin_bot/api/multisig.rb

@@ -0,0 +1,335 @@
+# frozen_string_literal: true
+
+module MixinBot
+  class API
+    module Multisig
+      # https://w3c.group/c/1574309272319630
+
+      # {"data":[
+      #   {
+      #     "type":"multisig_utxo",
+      #     "user_id":"514ae2ff-c24e-4379-a482-e2c0f798ebb1",
+      #     "utxo_id":"94711ac9-5981-4fe3-8c0e-19622219ea72",
+      #     "asset_id":"965e5c6e-434c-3fa9-b780-c50f43cd955c",
+      #     "transaction_hash":"2e67f3e36ee4b3c13effcc8a9aaafeb8122cad98f72d9ccc04d65a5ada2aa39d",
+      #     "output_index":0,
+      #     "amount":"0.123456",
+      #     "threshold":2,
+      #     "members":[
+      #       "514ae2ff-c24e-4379-a482-e2c0f798ebb1",
+      #       "13ce6c86-307a-5187-98b0-76424cbc0fbf",
+      #       "2b9df368-8e3e-46ce-ac57-e6111e8ff50e",
+      #       "3cb87491-4fa0-4c2f-b387-262b63cbc412"
+      #     ],
+      #     "memo":"难道你是女生",
+      #     "state":"unspent",
+      #     "created_at":"2019-11-03T13:30:43.922655Z",
+      #     "signed_by":"",
+      #     "signed_tx":""
+      #   }
+      # ]}
+      def multisigs(limit: 100, offset: nil, access_token: nil)
+        path = format('/multisigs?limit=%<limit>s&offset=%<offset>s', limit: limit, offset: offset)
+        access_token ||= access_token('GET', path, '')
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
+      end
+
+      def all_multisigs(utxos: [], offset: nil, access_token: nil)
+        res = multisigs(limit: 100, offset: offset, access_token: access_token)
+
+        return [] if res['data'].nil?
+
+        utxos += res['data']
+
+        if res['data'].length < 100
+          utxos
+        else
+          all_multisigs(utxos: utxos, offset: utxos[-1]['created_at'], access_token: access_token)
+        end
+      end
+
+      def create_output(receivers:, index:, access_token: nil)
+        path = '/outputs'
+        payload = {
+          receivers: receivers,
+          index: index
+        }
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      # transfer from the multisig address
+      # create a request for multi sign
+      # for now, raw(RAW-TRANSACTION-HEX) can only be generated by Mixin SDK of Golang or Javascript
+      def create_sign_multisig_request(raw, access_token: nil)
+        path = '/multisigs'
+        payload = {
+          action: 'sign',
+          raw: raw
+        }
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      # transfer from the multisig address
+      # create a request for unlock a multi-sign
+      def create_unlock_multisig_request(raw, access_token: nil)
+        path = '/multisigs'
+        payload = {
+          action: 'unlock',
+          raw: raw
+        }
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      def sign_multisig_request(request_id, pin)
+        path = format('/multisigs/%<request_id>s/sign', request_id: request_id)
+        payload = {
+          pin: encrypt_pin(pin)
+        }
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      def unlock_multisig_request(request_id, pin)
+        path = format('/multisigs/%<request_id>s/unlock', request_id: request_id)
+        payload = {
+          pin: encrypt_pin(pin)
+        }
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      def cancel_multisig_request(request_id, pin)
+        path = format('/multisigs/%<request_id>s/cancel', request_id: request_id)
+        payload = {
+          pin: encrypt_pin(pin)
+        }
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      # pay to the multisig address
+      # used for create multisig payment code_id
+      def create_multisig_payment(params)
+        path = '/payments'
+        payload = {
+          asset_id: params[:asset_id],
+          amount: params[:amount].to_s,
+          trace_id: params[:trace_id] || SecureRandom.uuid,
+          memo: params[:memo],
+          opponent_multisig: {
+            receivers: params[:receivers],
+            threshold: params[:threshold]
+          }
+        }
+        access_token = params[:access_token]
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      def verify_multisig(code_id, access_token: nil)
+        path = format('/codes/%<code_id>s', code_id: code_id)
+        access_token ||= access_token('GET', path, '')
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
+      end
+
+      # send a signed transaction to main net
+      def send_raw_transaction(raw, access_token: nil)
+        path = '/external/proxy'
+        payload = {
+          method: 'sendrawtransaction',
+          params: [raw]
+        }
+
+        access_token ||= access_token('POST', path, payload.to_json)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+      end
+
+      def build_threshold_script(threshold)
+        s = threshold.to_s(16)
+        s = s.length == 1 ? "0#{s}" : s
+        raise 'NVALID THRESHOLD' if s.length > 2
+
+        "fffe#{s}"
+      end
+
+      # filter utxo by members, asset_id and threshold
+      def filter_utxos(params)
+        utxos = all_multisigs(access_token: params[:access_token])
+
+        unless params[:members].nil?
+          utxos = utxos.filter(
+            &lambda { |utxo|
+              utxo['members'].sort == params[:members].sort
+            }
+          )
+        end
+
+        unless params[:asset_id].nil?
+          utxos = utxos.filter(
+            &lambda { |utxo|
+              utxo['asset_id'] == params[:asset_id]
+            }
+          )
+        end
+
+        unless params[:threshold].nil?
+          utxos = utxos.filter(
+            &lambda { |utxo|
+              utxo['threshold'] == params[:threshold]
+            }
+          )
+        end
+
+        unless params[:state].nil?
+          utxos = utxos.filter(
+            &lambda { |utxo|
+              utxo['state'] == params[:state]
+            }
+          )
+        end
+
+        utxos
+      end
+
+      # params:
+      # {
+      #   senders: [ uuid ],
+      #   receivers: [ uuid ],
+      #   threshold: integer,
+      #   asset_id: uuid,
+      #   asset_mixin_id: string,
+      #   amount: string / float,
+      #   memo: string,
+      # }
+      def build_raw_transaction(params)
+        senders        = params[:senders]
+        receivers      = params[:receivers]
+        asset_id       = params[:asset_id]
+        asset_mixin_id = params[:asset_mixin_id]
+        amount         = params[:amount]
+        memo           = params[:memo]
+        threshold      = params[:threshold]
+        access_token   = params[:access_token]
+        utxos          = params[:utxos]
+
+        raise 'access_token required!' if access_token.nil? && !senders.include?(client_id)
+
+        # default to use all unspent utxo
+        utxos ||= filter_utxos(
+          members: senders,
+          asset_id: asset_id,
+          threshold: threshold,
+          state: 'unspent',
+          access_token: access_token
+        )
+        amount = amount.to_f.round(8)
+        input_amount = utxos.map(
+          &lambda { |utxo|
+            utxo['amount'].to_f
+          }
+        ).sum.round(8)
+
+        if input_amount < amount
+          raise format(
+            'not enough amount! %<input_amount>s < %<amount>s',
+            input_amount: input_amount,
+            amount: amount
+          )
+        end
+
+        inputs = utxos.map(
+          &lambda { |utx|
+            {
+              'hash' => utx['transaction_hash'],
+              'index' => utx['output_index']
+            }
+          }
+        )
+
+        outputs = []
+        output0 = create_output(receivers: receivers, index: 0)['data']
+        output0['amount'] = format('%<amount>.8f', amount: amount)
+        output0['script'] = build_threshold_script(receivers.length)
+        outputs << output0
+
+        if input_amount > amount
+          output1 = create_output(receivers: senders, index: 1)['data']
+          output1['amount'] = format('%<amount>.8f', amount: input_amount - amount)
+          output1['script'] = build_threshold_script(utxos[0]['threshold'].to_i)
+          outputs << output1
+        end
+
+        extra = Digest.hexencode memo.to_s.slice(0, 140)
+        tx = {
+          version: 1,
+          asset: asset_mixin_id,
+          inputs: inputs,
+          outputs: outputs,
+          extra: extra
+        }
+
+        build_transaction tx.to_json
+      end
+
+      def str_to_bin(str)
+        return if str.nil?
+
+        str.scan(/../).map(&:hex).pack('c*')
+      end
+
+      def build_inputs(inputs)
+        res = []
+        prototype = {
+          'Hash' => nil,
+          'Index' => nil,
+          'Genesis' => nil,
+          'Deposit' => nil,
+          'Mint' => nil
+        }
+        inputs.each do |input|
+          struc = prototype.dup
+          struc['Hash'] = str_to_bin input['hash']
+          struc['Index'] = input['index']
+          res << struc
+        end
+
+        res
+      end
+
+      def build_outputs(outputs)
+        res = []
+        prototype = {
+          'Type' => 0,
+          'Amount' => nil,
+          'Keys' => nil,
+          'Script' => nil,
+          'Mask' => nil
+        }
+        outputs.each do |output|
+          struc = prototype.dup
+          struc['Type'] = str_to_bin output['type']
+          struc['Amount'] = str_to_bin output['amount']
+          struc['Keys'] = output['keys'].map(&->(key) { str_to_bin(key) })
+          struc['Script'] = str_to_bin output['script']
+          struc['Mask'] = str_to_bin output['mask']
+          res << struc
+        end
+
+        res
+      end
+    end
+  end
+end

data/lib/mixin_bot/api/pin.rb

@@ -15,14 +15,14 @@ module MixinBot
         client.post(path, headers: { 'Authorization': authorization }, json: payload)
       end
 
-      # not verified yet
       # https://developers.mixin.one/api/alpha-mixin-network/create-pin/
-      def update_pin(old_pin:, new_pin:)
+      def update_pin(old_pin:, pin:)
         path = '/pin/update'
-        timestamp = Time.now.utc.to_i
+        encrypted_old_pin = old_pin.nil? ? '' : encrypt_pin(old_pin, iterator: Time.now.utc.to_i)
+        encrypted_pin = encrypt_pin(pin, iterator: Time.now.utc.to_i + 1)
         payload = {
-          old_pin: old_pin.nil? ? '' : encrypt_pin(old_pin, timestamp: timestamp),
-          pin: encrypt_pin(new_pin, timestamp: timestamp)
+          old_pin: encrypted_old_pin,
+          pin: encrypted_pin
         }
 
         access_token = access_token('POST', path, payload.to_json)
@@ -35,26 +35,24 @@ module MixinBot
         msg = Base64.strict_decode64 msg
         iv = msg[0..15]
         cipher = msg[16..47]
-        aes_key = JOSE::JWA::PKCS1.rsaes_oaep_decrypt('SHA256', pin_token, private_key, session_id)
         alg = 'AES-256-CBC'
         decode_cipher = OpenSSL::Cipher.new(alg)
         decode_cipher.decrypt
         decode_cipher.iv = iv
-        decode_cipher.key = aes_key
+        decode_cipher.key = _generate_aes_key
         decoded = decode_cipher.update(cipher)
         decoded[0..5]
       end
 
       # https://developers.mixin.one/api/alpha-mixin-network/encrypted-pin/
       # use timestamp(timestamp) for iterator as default: must be bigger than the previous, the first time must be greater than 0. After a new session created, it will be reset to 0.
-      def encrypt_pin(pin_code, timestamp: nil)
-        aes_key = JOSE::JWA::PKCS1.rsaes_oaep_decrypt('SHA256', pin_token, private_key, session_id)
-        timestamp ||= Time.now.utc.to_i
-        tszero = timestamp % 0x100
-        tsone = (timestamp % 0x10000) >> 8
-        tstwo = (timestamp % 0x1000000) >> 16
-        tsthree = (timestamp % 0x100000000) >> 24
-        tsstring = tszero.chr + tsone.chr + tstwo.chr + tsthree.chr + "\0\0\0\0"
+      def encrypt_pin(pin_code, iterator: nil)
+        iterator ||= Time.now.utc.to_i
+        tszero = iterator % 0x100
+        tsone = (iterator % 0x10000) >> 8
+        tstwo = (iterator % 0x1000000) >> 16
+        tsthree = (iterator % 0x100000000) >> 24
+        tsstring = "#{tszero.chr}#{tsone.chr}#{tstwo.chr}#{tsthree.chr}\u0000\u0000\u0000\u0000"
         encrypt_content = pin_code + tsstring + tsstring
         pad_count = 16 - encrypt_content.length % 16
         padded_content =
@@ -68,12 +66,28 @@ module MixinBot
         aes = OpenSSL::Cipher.new(alg)
         iv = OpenSSL::Cipher.new(alg).random_iv
         aes.encrypt
-        aes.key = aes_key
+        aes.key = _generate_aes_key
         aes.iv = iv
         cipher = aes.update(padded_content)
         msg = iv + cipher
         Base64.strict_encode64 msg
       end
     end
+
+    def _generate_aes_key
+      if pin_token.size == 32
+        JOSE::JWA::X25519.x25519(
+          JOSE::JWA::Ed25519.secret_to_curve25519(private_key[0..31]),
+          pin_token
+        )
+      else
+        JOSE::JWA::PKCS1.rsaes_oaep_decrypt(
+          'SHA256',
+          pin_token,
+          OpenSSL::PKey::RSA.new(private_key),
+          session_id
+        )
+      end
+    end
   end
 end

data/lib/mixin_bot/api/snapshot.rb

@@ -3,7 +3,7 @@
 module MixinBot
   class API
     module Snapshot
-      def read_snapshots(options = {})
+      def read_network_snapshots(options = {})
         path = format(
           '/network/snapshots?limit=%<limit>s&offset=%<offset>s&asset=%<asset>s&order=%<order>s',
           limit: options[:limit],
@@ -12,21 +12,30 @@ module MixinBot
           order: options[:order]
         )
 
-        if options[:private]
-          # TODO:
-          # read private snapshots
-          access_token = access_token('GET', path)
-          authorization = format('Bearer %<access_token>s', access_token: access_token)
-          client.get(path, headers: { 'Authorization': authorization, 'Content-length': 0 })
-        else
-          # read public snapshots as default
-          client.get(path)
-        end
+        access_token = options[:access_token] || access_token('GET', path)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
+      end
+
+      def read_snapshots(options = {})
+        path = format(
+          '/snapshots?limit=%<limit>s&offset=%<offset>s&asset=%<asset>s',
+          limit: options[:limit],
+          offset: options[:offset],
+          asset: options[:asset]
+        )
+
+        access_token = options[:access_token] || access_token('GET', path)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
       end
 
-      def read_snapshot(snapshot_id)
-        path = format('network/snapshots/%<snapshot_id>s', snapshot_id: snapshot_id)
-        client.get(path)
+      def read_network_snapshot(snapshot_id, options = {})
+        path = format('/network/snapshots/%<snapshot_id>s', snapshot_id: snapshot_id)
+
+        access_token = options[:access_token] || access_token('GET', path)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
       end
     end
   end