mixin_bot 0.1.4 → 0.3.4

data/lib/mixin_bot/api/pin.rb

@@ -15,13 +15,14 @@ module MixinBot
         client.post(path, headers: { 'Authorization': authorization }, json: payload)
       end
 
-      # TODO:
       # https://developers.mixin.one/api/alpha-mixin-network/create-pin/
-      def update_pin(old_pin:, new_pin:)
+      def update_pin(old_pin:, pin:)
         path = '/pin/update'
+        encrypted_old_pin = old_pin.nil? ? '' : encrypt_pin(old_pin, iterator: Time.now.utc.to_i)
+        encrypted_pin = encrypt_pin(pin, iterator: Time.now.utc.to_i + 1)
         payload = {
-          old_pin: old_pin.nil? ? '' : encrypt_pin(old_pin),
-          pin: encrypt_pin(new_pin)
+          old_pin: encrypted_old_pin,
+          pin: encrypted_pin
         }
 
         access_token = access_token('POST', path, payload.to_json)
@@ -34,12 +35,11 @@ module MixinBot
         msg = Base64.strict_decode64 msg
         iv = msg[0..15]
         cipher = msg[16..47]
-        aes_key = JOSE::JWA::PKCS1.rsaes_oaep_decrypt('SHA256', pin_token, private_key, session_id)
         alg = 'AES-256-CBC'
         decode_cipher = OpenSSL::Cipher.new(alg)
         decode_cipher.decrypt
         decode_cipher.iv = iv
-        decode_cipher.key = aes_key
+        decode_cipher.key = _generate_aes_key
         decoded = decode_cipher.update(cipher)
         decoded[0..5]
       end
@@ -47,13 +47,12 @@ module MixinBot
       # https://developers.mixin.one/api/alpha-mixin-network/encrypted-pin/
       # use timestamp(timestamp) for iterator as default: must be bigger than the previous, the first time must be greater than 0. After a new session created, it will be reset to 0.
       def encrypt_pin(pin_code, iterator: nil)
-        aes_key = JOSE::JWA::PKCS1.rsaes_oaep_decrypt('SHA256', pin_token, private_key, session_id)
         iterator ||= Time.now.utc.to_i
         tszero = iterator % 0x100
         tsone = (iterator % 0x10000) >> 8
         tstwo = (iterator % 0x1000000) >> 16
         tsthree = (iterator % 0x100000000) >> 24
-        tsstring = tszero.chr + tsone.chr + tstwo.chr + tsthree.chr + "\0\0\0\0"
+        tsstring = "#{tszero.chr}#{tsone.chr}#{tstwo.chr}#{tsthree.chr}\u0000\u0000\u0000\u0000"
         encrypt_content = pin_code + tsstring + tsstring
         pad_count = 16 - encrypt_content.length % 16
         padded_content =
@@ -67,12 +66,28 @@ module MixinBot
         aes = OpenSSL::Cipher.new(alg)
         iv = OpenSSL::Cipher.new(alg).random_iv
         aes.encrypt
-        aes.key = aes_key
+        aes.key = _generate_aes_key
         aes.iv = iv
         cipher = aes.update(padded_content)
         msg = iv + cipher
         Base64.strict_encode64 msg
       end
     end
+
+    def _generate_aes_key
+      if pin_token.size == 32
+        JOSE::JWA::X25519.x25519(
+          JOSE::JWA::Ed25519.secret_to_curve25519(private_key[0..31]),
+          pin_token
+        )
+      else
+        JOSE::JWA::PKCS1.rsaes_oaep_decrypt(
+          'SHA256',
+          pin_token,
+          OpenSSL::PKey::RSA.new(private_key),
+          session_id
+        )
+      end
+    end
   end
 end

data/lib/mixin_bot/api/snapshot.rb

@@ -11,7 +11,10 @@ module MixinBot
           asset: options[:asset],
           order: options[:order]
         )
-        client.get(path)
+
+        access_token = options[:access_token] || access_token('GET', path)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
       end
 
       def read_snapshots(options = {})
@@ -22,14 +25,17 @@ module MixinBot
           asset: options[:asset]
         )
 
-        access_token = access_token('GET', path)
+        access_token = options[:access_token] || access_token('GET', path)
         authorization = format('Bearer %<access_token>s', access_token: access_token)
         client.get(path, headers: { 'Authorization': authorization })
       end
 
-      def read_network_snapshot(snapshot_id)
+      def read_network_snapshot(snapshot_id, options = {})
         path = format('/network/snapshots/%<snapshot_id>s', snapshot_id: snapshot_id)
-        client.get(path)
+
+        access_token = options[:access_token] || access_token('GET', path)
+        authorization = format('Bearer %<access_token>s', access_token: access_token)
+        client.get(path, headers: { 'Authorization': authorization })
       end
     end
   end

data/lib/mixin_bot/api/transfer.rb

@@ -3,18 +3,19 @@
 module MixinBot
   class API
     module Transfer
-      def create_transfer(pin, options)
+      def create_transfer(pin, options, access_token: nil)
         asset_id = options[:asset_id]
         opponent_id = options[:opponent_id]
         amount = options[:amount]
         memo = options[:memo]
         trace_id = options[:trace_id] || SecureRandom.uuid
+        encrypted_pin = options[:encrypted_pin] || encrypt_pin(pin)
 
         path = '/transfers'
         payload = {
           asset_id: asset_id,
           opponent_id: opponent_id,
-          pin: encrypt_pin(pin),
+          pin: encrypted_pin,
           amount: amount.to_s,
           trace_id: trace_id,
           memo: memo
@@ -25,7 +26,7 @@ module MixinBot
         client.post(path, headers: { 'Authorization': authorization }, json: payload)
       end
 
-      def read_transfer(trace_id)
+      def read_transfer(trace_id, access_token: nil)
         path = format('/transfers/trace/%<trace_id>s', trace_id: trace_id)
         access_token ||= access_token('GET', path, '')
         authorization = format('Bearer %<access_token>s', access_token: access_token)

data/lib/mixin_bot/api/user.rb

@@ -14,21 +14,27 @@ module MixinBot
 
       # https://developers.mixin.one/api/alpha-mixin-network/app-user/
       # Create a new Mixin Network user (like a normal Mixin Messenger user). You should keep PrivateKey which is used to sign an AuthenticationToken and encrypted PIN for the user.
-      def create_user(full_name, rsa_key = nil)
-        rsa_key ||= generate_rsa_key
-        session_secret = rsa_key[:public_key]
-        session_secret.gsub!(/^-----.*PUBLIC KEY-----$/, '').strip!
+      def create_user(full_name, key_type: 'RSA', rsa_key: nil, ed25519_key: nil)
+        case key_type
+        when 'RSA'
+          rsa_key ||= generate_rsa_key
+          session_secret = rsa_key[:public_key].gsub(/^-----.*PUBLIC KEY-----$/, '').strip
+        when 'Ed25519'
+          ed25519_key ||= generate_ed25519_key
+          session_secret = ed25519_key[:public_key]
+        else
+          raise 'Only RSA and Ed25519 are supported'
+        end
 
         payload = {
           full_name: full_name,
           session_secret: session_secret
         }
-
         access_token = access_token('POST', '/users', payload.to_json)
         authorization = format('Bearer %<access_token>s', access_token: access_token)
         res = client.post('/users', headers: { 'Authorization': authorization }, json: payload)
 
-        res.merge(rsa_key: rsa_key)
+        res.merge(rsa_key: rsa_key, ed25519_key: ed25519_key)
       end
 
       def generate_rsa_key
@@ -39,6 +45,14 @@ module MixinBot
         }
       end
 
+      def generate_ed25519_key
+        ed25519_key = JOSE::JWA::Ed25519.keypair
+        {
+          private_key: Base64.strict_encode64(ed25519_key[1]),
+          public_key: Base64.strict_encode64(ed25519_key[0])
+        }
+      end
+
       # https://developers.mixin.one/api/beta-mixin-message/search-user/
       # search by Mixin Id or Phone Number
       def search_user(query)

data/lib/mixin_bot/api/withdraw.rb

@@ -4,7 +4,7 @@ module MixinBot
   class API
     module Withdraw
       # https://developers.mixin.one/api/alpha-mixin-network/create-address/
-      def create_withdraw_address(options)
+      def create_withdraw_address(options, access_token: nil)
         path = '/addresses'
         encrypted_pin = encrypt_pin(options[:pin])
         payload =
@@ -27,33 +27,33 @@ module MixinBot
             }
           end
 
-        access_token = access_token('POST', path, payload.to_json)
+        access_token ||= access_token('POST', path, payload.to_json)
         authorization = format('Bearer %<access_token>s', access_token: access_token)
         client.post(path, headers: { 'Authorization': authorization }, json: payload)
       end
 
       # https://developers.mixin.one/api/alpha-mixin-network/read-address/
-      def get_withdraw_address(address)
+      def get_withdraw_address(address, access_token: nil)
         path = format('/addresses/%<address>s', address: address)
-        access_token = access_token('GET', path, '')
+        access_token ||= access_token('GET', path, '')
         authorization = format('Bearer %<access_token>s', access_token: access_token)
         client.get(path, headers: { 'Authorization': authorization })
       end
 
       # https://developers.mixin.one/api/alpha-mixin-network/delete-address/
-      def delete_withdraw_address(address, pin)
+      def delete_withdraw_address(address, pin, access_token: nil)
         path = format('/addresses/%<address>s/delete', address: address)
         payload = {
           pin: encrypt_pin(pin)
         }
 
-        access_token = access_token('POST', path, payload.to_json)
+        access_token ||= access_token('POST', path, payload.to_json)
         authorization = format('Bearer %<access_token>s', access_token: access_token)
         client.post(path, headers: { 'Authorization': authorization }, json: payload)
       end
 
       # https://developers.mixin.one/api/alpha-mixin-network/withdrawal-addresses/
-      def withdrawals(options)
+      def withdrawals(options, access_token: nil)
         address_id = options[:address_id]
         pin = options[:pin]
         amount = options[:amount]
@@ -69,7 +69,7 @@ module MixinBot
           pin: encrypt_pin(pin)
         }
 
-        access_token = access_token('POST', path, payload.to_json)
+        access_token ||= access_token('POST', path, payload.to_json)
         authorization = format('Bearer %<access_token>s', access_token: access_token)
         client.post(path, headers: { 'Authorization': authorization }, json: payload)
       end

data/lib/mixin_bot/cli.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require 'awesome_print'
+require 'cli/ui'
+require 'thor'
+require 'yaml'
+require 'json'
+require_relative './cli/node'
+require_relative './cli/me'
+require_relative './cli/multisig'
+
+module MixinBot
+  class CLI < Thor
+    # https://github.com/Shopify/cli-ui
+    UI = ::CLI::UI
+
+    class_option :apihost, type: :string, aliases: '-a', desc: 'Specify mixin api host, default as api.mixin.one'
+    class_option :pretty, type: :boolean, aliases: '-p', desc: 'Print output in pretty'
+
+    attr_reader :config, :api
+
+    def initialize(*args)
+      super
+      if File.exist? options[:config].to_s
+        @config =
+          begin
+            YAML.load_file options[:config]
+          rescue StandardError => e
+            log UI.fmt(
+              format(
+                '{{x}} %<file>s is not a valid .yml file',
+                file: options[:config]
+              )
+            )
+            UI::Frame.open('{{x}}', color: :red) do
+              log e
+            end
+          end
+      elsif options[:config]
+        @confg =
+          begin
+            JSON.parse options[:config]
+          rescue StandardError => e
+            log UI.fmt(
+              format(
+                '{{x}} Failed to parse %<config>s',
+                config: options[:config]
+              )
+            )
+            UI::Frame.open('{{x}}', color: :red) do
+              log e
+            end
+          end
+      end
+
+      return unless @config
+
+      MixinBot.api_host = options[:apihost]
+      @api ||=
+        begin
+          MixinBot::API.new(
+            client_id: @config['client_id'],
+            client_secret: @config['client_secret'],
+            session_id: @config['session_id'],
+            pin_token: @config['pin_token'],
+            private_key: @config['private_key'],
+            pin_code: @config['pin_code']
+          )
+        rescue StandardError => e
+          log UI.fmt '{{x}}: Failed to initialize api, maybe your config is incorrect.'
+          UI.Frame.open('{{x}}', color: :red) do
+            log e
+          end
+        end
+    end
+
+    desc 'node', 'mixin node commands helper'
+    subcommand 'node', MixinBot::NodeCLI
+
+    desc 'version', 'Distay MixinBot version'
+    def version
+      log MixinBot::VERSION
+    end
+
+    def self.exit_on_failure?
+      true
+    end
+
+    private
+
+    def api_method(method, *args, **params)
+      if api.nil?
+        log UI.fmt '{{x}} MixinBot api not initialized!'
+        return
+      end
+
+      res = if args.empty? && params.empty?
+              api&.public_send method
+            elsif args.empty? && !params.empty?
+              api&.public_send method params
+            elsif !args.empty? && params.empty?
+              api&.public_send method, args
+            else
+              args.push params
+              api&.public_send method, args
+            end
+      log res
+
+      [res, res && res['error'].nil?]
+    rescue MixinBot::Errors => e
+      UI::Frame.open('{{x}}', color: :red) do
+        log e
+      end
+    end
+
+    def log(obj)
+      if options[:pretty]
+        if obj.is_a? String
+          puts obj
+        else
+          ap obj
+        end
+      else
+        puts obj.inspect
+      end
+    end
+  end
+end

data/lib/mixin_bot/cli/me.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module MixinBot
+  class CLI < Thor
+    desc 'read_me', 'fetch mixin bot profile'
+    option :config, required: true, aliases: '-c'
+    def read_me
+      api_method(:read_me)
+    end
+
+    desc 'read_assets', 'fetch mixin bot assets'
+    option :config, required: true, aliases: '-c'
+    def read_assets
+      api_method(:read_assets)
+    end
+
+    desc 'cal_assets_as_usd', 'fetch mixin bot assets'
+    option :config, required: true, aliases: '-c'
+    def cal_assets_as_usd
+      assets, success = read_assets
+      return unless success
+
+      sum = assets['data'].map(
+        &lambda { |asset|
+           asset['balance'].to_f * asset['price_usd'].to_f
+         }
+      ).sum
+      UI::Frame.open('USD') do
+        log sum
+      end
+    end
+
+    desc 'read_asset', 'fetch specific asset of mixin bot'
+    option :config, required: true, aliases: '-c'
+    option :assetid, required: true, aliases: '-s'
+    def read_asset
+      api_method(:read_asset, options[:assetid])
+    end
+  end
+end

data/lib/mixin_bot/cli/multisig.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module MixinBot
+  class CLI < Thor
+    desc 'get_all_multisigs', 'fetch all utxos'
+    option :config, required: true, aliases: '-c'
+    def all_multisigs
+      api_method(:get_all_multisigs)
+    end
+  end
+end

data/lib/mixin_bot/cli/node.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'date'
+
+module MixinBot
+  class NodeCLI < Thor
+    # https://github.com/Shopify/cli-ui
+    UI = ::CLI::UI
+    UI::StdoutRouter.enable
+
+    desc 'listallnodes', 'List all mixin nodes'
+    def listallnodes
+      return unless ensure_mixin_command_exist
+
+      o, e, _s = Open3.capture3('mixin -n 35.188.235.212:8239 listallnodes')
+      log e unless e.empty?
+      log o
+    end
+
+    desc 'mint', 'Mint from mint distributions'
+    option :node, required: true, aliases: '-n', desc: 'node RPC address'
+    option :batch, type: :numeric, required: true, aliases: '-b', desc: 'mint batch'
+    option :view, type: :string, required: true, aliases: '-v', desc: 'view key'
+    option :address, type: :string, required: true, aliases: '-d', desc: 'address'
+    def mint
+      c = (Date.today - Date.new(2019, 2, 28)).to_i + 1
+      distributions = []
+      UI::Spinner.spin('Listing mint distributions') do |spinner|
+        o, _e, _s = Open3.capture3(
+          'mixin',
+          '-n',
+          options[:node],
+          'listmintdistributions',
+          '-c',
+          c.to_s
+        )
+        distributions = eval o
+        spinner.update_title "#{distributions.size} mint distributions listed"
+      end
+
+      tx = ''
+      UI::Spinner.spin('Finding transaction') do |spinner|
+        index = distributions.index(&->(d) { d[:batch] == options[:batch] })
+        tx = distributions[index][:transaction]
+        spinner.update_title "Transaction hash found: #{tx}"
+      end
+
+      UI::Spinner.spin('Fetching transaction') do |spinner|
+        o, _e, _s = Open3.capture3(
+          'mixin',
+          '-n',
+          options[:node],
+          'gettransaction',
+          '-x',
+          tx
+        )
+        tx = eval o
+        spinner.update_title "#{tx[:outputs].size} transaction outputs found"
+      end
+
+      tx[:outputs].each_with_index do |output, index|
+        address = ''
+        UI::Spinner.spin("Checking output index: #{index}") do |spinner|
+          o, _e, _s = Open3.capture3(
+            'mixin',
+            'decryptghostkey',
+            '--key',
+            output[:keys].first,
+            '--mask',
+            output[:mask],
+            '--view',
+            options[:view]
+          )
+          address = o.chomp
+          spinner.update_title "Index #{index} Address: #{address}"
+        end
+        log "Found Utxo: #{index}" if address == options[:address]
+      end
+    end
+
+    private
+
+    def ensure_mixin_command_exist
+      return true if command?('mixin')
+
+      log UI.fmt '{{x}} `mixin` command is not valid!'
+      log UI.fmt 'Please install mixin software and provide a executable `mixin` command'
+    end
+
+    def command?(name)
+      `which #{name}`
+      $CHILD_STATUS.success?
+    end
+
+    def log(obj)
+      if options[:pretty]
+        if obj.is_a? String
+          puts obj
+        else
+          ap obj
+        end
+      else
+        puts obj.inspect
+      end
+    end
+  end
+end