mixin_bot 0.12.0 → 1.0.0

data/lib/mixin_bot/api/snapshot.rb

@@ -3,45 +3,31 @@
 module MixinBot
   class API
     module Snapshot
-      def network_snapshots(**options)
-        path = format(
-          '/network/snapshots?limit=%<limit>s&offset=%<offset>s&asset=%<asset>s&order=%<order>s',
-          limit: options[:limit],
-          offset: options[:offset],
-          asset: options[:asset],
-          order: options[:order]
-        )
-
-        access_token = options[:access_token] || access_token('GET', path)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.get(path, headers: { 'Authorization': authorization })
-      end
-      alias read_network_snapshots network_snapshots
-
-      def snapshots(**options)
-        path = format(
-          '/snapshots?limit=%<limit>s&offset=%<offset>s&asset=%<asset>s&opponent=%<opponent>s&order=%<order>s',
+      def safe_snapshots(**options)
+        path = '/safe/snapshots'
+        params = {
           limit: options[:limit],
           offset: options[:offset],
           asset: options[:asset],
           opponent: options[:opponent],
+          app: options[:app_id],
           order: options[:order]
-        )
+        }
 
-        access_token = options[:access_token] || access_token('GET', path)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.get(path, headers: { 'Authorization': authorization })
+        client.get path, **params
       end
-      alias read_snapshots snapshots
 
-      def network_snapshot(snapshot_id, **options)
-        path = format('/network/snapshots/%<snapshot_id>s', snapshot_id: snapshot_id)
+      def create_safe_snapshot_notification(**kwargs)
+        path = '/safe/snapshots/notifications'
+
+        payload = {
+          transaction_hash: kwargs[:transaction_hash],
+          output_index: kwargs[:output_index],
+          receiver_id: kwargs[:receiver_id]
+        }
 
-        access_token = options[:access_token] || access_token('GET', path)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.get(path, headers: { 'Authorization': authorization })
+        client.post path, **payload, access_token: kwargs[:access_token]
       end
-      alias read_network_snapshot network_snapshot
     end
   end
 end

data/lib/mixin_bot/api/tip.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module MixinBot
+  class API
+    module Tip
+      TIP_ACTIONS = %w[
+        TIP:VERIFY:
+        TIP:ADDRESS:ADD:
+        TIP:ADDRESS:REMOVE:
+        TIP:USER:DEACTIVATE:
+        TIP:EMERGENCY:CONTACT:CREATE:
+        TIP:EMERGENCY:CONTACT:READ:
+        TIP:EMERGENCY:CONTACT:REMOVE:
+        TIP:PHONE:NUMBER:UPDATE:
+        TIP:MULTISIG:REQUEST:SIGN:
+        TIP:MULTISIG:REQUEST:UNLOCK:
+        TIP:COLLECTIBLE:REQUEST:SIGN:
+        TIP:COLLECTIBLE:REQUEST:UNLOCK:
+        TIP:TRANSFER:CREATE:
+        TIP:WITHDRAWAL:CREATE:
+        TIP:TRANSACTION:CREATE:
+        TIP:OAUTH:APPROVE:
+        TIP:PROVISIONING:UPDATE:
+        TIP:APP:OWNERSHIP:TRANSFER:
+        SEQUENCER:REGISTER:
+      ].freeze
+
+      def encrypt_tip_pin(pin, action, *params)
+        raise ArgumentError, 'invalid action' unless TIP_ACTIONS.include? action
+
+        pin_key = MixinBot.utils.decode_key pin
+
+        msg = action + params.flatten.map(&:to_s).join
+
+        msg = Digest::SHA256.digest(msg) unless action == 'TIP:VERIFY:'
+
+        signature = JOSE::JWA::Ed25519.sign msg, pin_key
+
+        encrypt_pin signature
+      end
+    end
+  end
+end

data/lib/mixin_bot/api/transaction.rb

@@ -3,75 +3,199 @@
 module MixinBot
   class API
     module Transaction
-      MULTISIG_TRANSACTION_ARGUMENTS = %i[asset_id receivers threshold amount].freeze
-      def create_multisig_transaction(pin, options = {})
-        raise ArgumentError, "#{MULTISIG_TRANSACTION_ARGUMENTS.join(', ')} are needed for create multisig transaction" unless MULTISIG_TRANSACTION_ARGUMENTS.all? { |param| options.keys.include? param }
-
-        asset_id = options[:asset_id]
-        receivers = options[:receivers]
-        threshold = options[:threshold]
-        amount = options[:amount].to_d
-        memo = options[:memo]
-        trace_id = options[:trace_id] || SecureRandom.uuid
-        encrypted_pin = options[:encrypted_pin] || encrypt_pin(pin)
-
-        path = '/transactions'
-        payload = {
-          asset_id: asset_id,
-          opponent_multisig: {
-            receivers: receivers,
-            threshold: threshold
-          },
-          pin: encrypted_pin,
-          amount: format('%.8f', amount.to_r),
-          trace_id: trace_id,
-          memo: memo
-        }
+      SAFE_TX_VERSION = 0x05
+      OUTPUT_TYPE_SCRIPT = 0x00
+      OUTPUT_TYPE_WITHDRAW_SUBMIT = 0xa1
+
+      # ghost keys
+      def create_safe_keys(*payload, access_token: nil)
+        raise ArgumentError, 'payload should be an array' unless payload.is_a? Array
+        raise ArgumentError, 'payload should not be empty' unless payload.size.positive?
+        raise ArgumentError, 'invalid payload' unless payload.all?(&lambda { |param|
+                                                                      param.key?(:receivers) && param.key?(:index)
+                                                                    })
+
+        payload.each do |param|
+          param[:hint] ||= SecureRandom.uuid
+        end
+
+        path = '/safe/keys'
 
-        access_token = options[:access_token]
-        access_token ||= access_token('POST', path, payload.to_json)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+        client.post path, *payload
       end
+      alias create_ghost_keys create_safe_keys
+
+      # kwargs:
+      # {
+      #  utxos: [ utxo ],
+      #  receivers: [ {
+      #   members: [ uuid ],
+      #   threshold: integer,
+      #   amount: string,
+      #  } ],
+      #  ghosts: [ ghost ],
+      #  extra: string,
+      # }
+      SAFE_RAW_TRANSACTION_ARGUMENTS = %i[utxos receivers].freeze
+      def build_safe_transaction(**kwargs)
+        raise ArgumentError, "#{SAFE_RAW_TRANSACTION_ARGUMENTS.join(', ')} are needed for build safe transaction" unless SAFE_RAW_TRANSACTION_ARGUMENTS.all? { |param| kwargs.keys.include? param }
+
+        utxos = kwargs[:utxos].map(&:with_indifferent_access)
+        receivers = kwargs[:receivers].map(&:with_indifferent_access)
+
+        senders = utxos.map { |utxo| utxo['receivers'] }.uniq
+        raise ArgumentError, 'utxos should have same senders' if senders.size > 1
+
+        senders_threshold = utxos.map { |utxo| utxo['receivers_threshold'] }.uniq
+        raise ArgumentError, 'utxos should have same senders_threshold' if senders_threshold.size > 1
+
+        raise ArgumentError, 'utxos should not be empty' if utxos.empty?
+        raise ArgumentError, 'utxos too many' if utxos.size > 256
+
+        recipients = receivers.map do |receiver|
+          MixinBot.utils.build_safe_recipient(
+            members: receiver[:members],
+            threshold: receiver[:threshold],
+            amount: receiver[:amount]
+          ).with_indifferent_access
+        end
+
+        inputs_sum = utxos.sum(&->(utxo) { utxo['amount'].to_d })
+        outputs_sum = recipients.sum(&->(recipient) { recipient['amount'].to_d })
+        change = inputs_sum - outputs_sum
+        raise InsufficientBalanceError, "inputs sum: #{inputs_sum}" if change.negative?
+
+        if change.positive?
+          recipients << MixinBot.utils.build_safe_recipient(
+            members: utxos[0]['receivers'],
+            threshold: utxos[0]['receivers_threshold'],
+            amount: change
+          ).with_indifferent_access
+        end
+        raise ArgumentError, 'recipients too many' if recipients.size > 256
+
+        asset = utxos[0]['asset']
+        inputs = []
+        utxos.each do |utxo|
+          raise ArgumentError, 'utxo asset not match' unless utxo['asset'] == asset
+
+          inputs << {
+            hash: utxo['transaction_hash'],
+            index: utxo['output_index']
+          }
+        end
+
+        ghost_payload = recipients.map.with_index do |r, index|
+          {
+            receivers: r[:members],
+            index:,
+            hint: SecureRandom.uuid
+          }
+        end
+        ghosts = create_safe_keys(*ghost_payload)['data']
+
+        outputs = []
+        recipients.each_with_index do |recipient, index|
+          outputs << if recipient['destination']
+                       {
+                         type: OUTPUT_TYPE_WITHDRAW_SUBMIT,
+                         amount: recipient['amount'],
+                         withdrawal: {
+                           address: recipient['destination'],
+                           tag: recipient['tag'] || ''
+                         }
+                       }
+                     else
+                       {
+                         type: OUTPUT_TYPE_SCRIPT,
+                         amount: recipient['amount'],
+                         keys: ghosts[index]['keys'],
+                         mask: ghosts[index]['mask'],
+                         script: build_threshold_script(recipient['threshold'])
+                       }
+                     end
+        end
 
-      MAINNET_TRANSACTION_ARGUMENTS = %i[asset_id opponent_key amount].freeze
-      def create_mainnet_transaction(pin, options = {})
-        raise ArgumentError, "#{MAINNET_TRANSACTION_ARGUMENTS.join(', ')} are needed for create main net transactions" unless MAINNET_TRANSACTION_ARGUMENTS.all? { |param| options.keys.include? param }
-
-        asset_id = options[:asset_id]
-        opponent_key = options[:opponent_key]
-        amount = options[:amount].to_d
-        memo = options[:memo]
-        trace_id = options[:trace_id] || SecureRandom.uuid
-        encrypted_pin = options[:encrypted_pin] || encrypt_pin(pin)
-
-        path = '/transactions'
-        payload = {
-          asset_id: asset_id,
-          opponent_key: opponent_key,
-          pin: encrypted_pin,
-          amount: format('%.8f', amount.to_r),
-          trace_id: trace_id,
-          memo: memo
+        {
+          version: SAFE_TX_VERSION,
+          asset:,
+          inputs:,
+          outputs:,
+          extra: kwargs[:extra] || ''
         }
+      end
+
+      def create_safe_transaction_request(request_id, raw)
+        path = '/safe/transaction/requests'
+        payload = [{
+          request_id:,
+          raw:
+        }]
+
+        client.post path, *payload
+      end
+
+      def send_safe_transaction(request_id, raw)
+        path = '/safe/transactions'
+        payload = [{
+          request_id:,
+          raw:
+        }]
+
+        client.post path, *payload
+      end
+
+      def safe_transaction(request_id, access_token: nil)
+        path = format('/safe/transactions/%<request_id>s', request_id:)
 
-        access_token = options[:access_token]
-        access_token ||= access_token('POST', path, payload.to_json)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+        client.get path, access_token:
       end
 
-      def transactions(**options)
-        path = format(
-          '/external/transactions?limit=%<limit>s&offset=%<offset>s&asset=%<asset>s&destination=%<destination>s&tag=%<tag>s',
-          limit: options[:limit],
-          offset: options[:offset],
-          asset: options[:asset],
-          destination: options[:destination],
-          tag: options[:tag]
+      SIGN_SAFE_TRANSACTION_ARGUMENTS = %i[raw utxos request spend_key].freeze
+      def sign_safe_transaction(**kwargs)
+        raise ArgumentError, "#{SIGN_SAFE_TRANSACTION_ARGUMENTS.join(', ')} are needed for sign safe transaction" unless SIGN_SAFE_TRANSACTION_ARGUMENTS.all? { |param| kwargs.keys.include? param }
+
+        raw = kwargs[:raw]
+        tx = MixinBot.utils.decode_raw_transaction raw
+        utxos = kwargs[:utxos]
+        request = kwargs[:request]
+        spend_key = MixinBot.utils.decode_key(kwargs[:spend_key]) || config.spend_key
+        spend_key = Digest::SHA512.digest spend_key[...32]
+
+        msg = [raw].pack('H*')
+
+        y_point = JOSE::JWA::FieldElement.new(
+          JOSE::JWA::X25519.clamp_scalar(spend_key[...32]).x,
+          JOSE::JWA::Edwards25519Point::L
         )
 
-        client.get path
+        tx[:signatures] = []
+        tx[:inputs].each_with_index do |input, index|
+          utxo = utxos[index]
+          raise ArgumentError, 'utxo not match' unless input['hash'] == utxo['transaction_hash'] && input['index'] == utxo['output_index']
+
+          view = [request['views'][index]].pack('H*')
+          x_point = JOSE::JWA::FieldElement.new(
+            # https://github.com/potatosalad/ruby-jose/blob/e1be589b889f1e59ac233a5d19a3fa13f1e4b8a0/lib/jose/jwa/x25519.rb#L122C14-L122C48
+            OpenSSL::BN.new(view.reverse, 2),
+            JOSE::JWA::Edwards25519Point::L
+          )
+
+          t_point = x_point + y_point
+          key = t_point.to_bytes(JOSE::JWA::Edwards25519Point::B)
+
+          pub = MixinBot.utils.generate_public_key key
+          key_index = utxo['keys'].index pub.unpack1('H*')
+          raise ArgumentError, 'cannot find valid key' unless key_index.is_a? Integer
+
+          signature = MixinBot.utils.sign(msg, key:)
+          signature = signature.unpack1('H*')
+          sig = {}
+          sig[key_index] = signature
+          tx[:signatures] << sig
+        end
+
+        MixinBot.utils.encode_raw_transaction tx
       end
     end
   end

data/lib/mixin_bot/api/transfer.rb

@@ -3,40 +3,72 @@
 module MixinBot
   class API
     module Transfer
-      TRANSFER_ARGUMENTS = %i[asset_id opponent_id amount].freeze
-      def create_transfer(pin, options = {})
-        raise ArgumentError, "#{TRANSFER_ARGUMENTS.join(', ')} are needed for create transfer" unless TRANSFER_ARGUMENTS.all? { |param| options.keys.include? param }
-
-        asset_id = options[:asset_id]
-        opponent_id = options[:opponent_id]
-        amount = options[:amount].to_d
-        memo = options[:memo]
-        trace_id = options[:trace_id] || SecureRandom.uuid
-        encrypted_pin = options[:encrypted_pin] || encrypt_pin(pin)
-
-        path = '/transfers'
-        payload = {
-          asset_id: asset_id,
-          opponent_id: opponent_id,
-          pin: encrypted_pin,
-          amount: format('%.8f', amount.to_r),
-          trace_id: trace_id,
-          memo: memo
-        }
-
-        access_token = options[:access_token]
-        access_token ||= access_token('POST', path, payload.to_json)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.post(path, headers: { 'Authorization': authorization }, json: payload)
-      end
+      # kwargs:
+      # {
+      #  members: uuid | [ uuid ],
+      #  threshold: integer / nil,
+      #  asset_id: uuid,
+      #  amount: string / float,
+      #  trace_id: uuid / nil,
+      #  request_id: uuid / nil,
+      #  memo: string,
+      #  spend_key: string / nil,
+      # }
+      def create_safe_transfer(**kwargs)
+        asset_id = kwargs[:asset_id]
+        raise ArgumentError, 'asset_id required' if asset_id.blank?
+
+        amount = kwargs[:amount]&.to_d
+        raise ArgumentError, 'amount required' if amount.blank?
+
+        members = [kwargs[:members]].flatten.compact
+        raise ArgumentError, 'members required' if members.blank?
+
+        threshold = kwargs[:threshold] || members.length
+        request_id = kwargs[:request_id] || kwargs[:trace_id] || SecureRandom.uuid
+        memo = kwargs[:memo] || ''
+
+        # step 1: select inputs
+        outputs = safe_outputs(state: 'unspent', asset: asset_id, limit: 500)['data'].sort_by { |o| o['amount'].to_d }
+
+        utxos = []
+        outputs.each do |output|
+          break if utxos.sum { |o| o['amount'].to_d } >= amount
+
+          utxos.shift if utxos.size >= 256
+          utxos << output
+        end
+
+        # step 2: build transaction
+        tx = build_safe_transaction(
+          utxos:,
+          receivers: [{
+            members:,
+            threshold:,
+            amount:
+          }],
+          extra: memo
+        )
+        raw = MixinBot.utils.encode_raw_transaction tx
+
+        # step 3: verify transaction
+        request = create_safe_transaction_request(request_id, raw)['data']
+
+        # step 4: sign transaction
+        spend_key = MixinBot.utils.decode_key(kwargs[:spend_key]) || config.spend_key
+        signed_raw = sign_safe_transaction(
+          raw:,
+          utxos:,
+          request: request[0],
+          spend_key:
+        )
 
-      def transfer(trace_id, access_token: nil)
-        path = format('/transfers/trace/%<trace_id>s', trace_id: trace_id)
-        access_token ||= access_token('GET', path, '')
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.get(path, headers: { 'Authorization': authorization })
+        # step 5: submit transaction
+        send_safe_transaction(
+          request_id,
+          signed_raw
+        )
       end
-      alias read_transfer transfer
     end
   end
 end

data/lib/mixin_bot/api/user.rb

@@ -3,76 +3,106 @@
 module MixinBot
   class API
     module User
-      # https://developers.mixin.one/api/beta-mixin-message/read-user/
-      def read_user(user_id)
-        # user_id: Mixin User UUID
-        path = format('/users/%<user_id>s', user_id: user_id)
-        access_token = access_token('GET', path, '')
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.get(path, headers: { 'Authorization': authorization })
+      def user(user_id, access_token: nil)
+        path = format('/users/%<user_id>s', user_id:)
+        client.get path, access_token:
       end
 
-      # https://developers.mixin.one/api/alpha-mixin-network/app-user/
-      # Create a new Mixin Network user (like a normal Mixin Messenger user). You should keep PrivateKey which is used to sign an AuthenticationToken and encrypted PIN for the user.
-      def create_user(full_name, key_type: 'RSA', rsa_key: nil, ed25519_key: nil)
-        case key_type
-        when 'RSA'
-          rsa_key ||= generate_rsa_key
-          session_secret = rsa_key[:public_key].gsub(/^-----.*PUBLIC KEY-----$/, '').strip
-        when 'Ed25519'
-          ed25519_key ||= generate_ed25519_key
-          session_secret = ed25519_key[:public_key]
-        else
-          raise 'Only RSA and Ed25519 are supported'
-        end
+      def create_user(full_name, key: nil)
+        keypair = JOSE::JWA::Ed25519.keypair key
+        session_secret = Base64.urlsafe_encode64 keypair[0], padding: false
+        private_key = keypair[1].unpack1('H*')
 
+        path = '/users'
         payload = {
-          full_name: full_name,
-          session_secret: session_secret
+          full_name:,
+          session_secret:
         }
-        access_token = access_token('POST', '/users', payload.to_json)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        res = client.post('/users', headers: { 'Authorization': authorization }, json: payload)
 
-        res.merge(rsa_key: rsa_key, ed25519_key: ed25519_key)
+        res = client.post path, **payload
+        res.merge(private_key:).with_indifferent_access
       end
 
-      def generate_rsa_key
-        rsa_key = OpenSSL::PKey::RSA.new 1024
-        {
-          private_key: rsa_key.to_pem,
-          public_key: rsa_key.public_key.to_pem
-        }
+      def search_user(query, access_token: nil)
+        path = format('/search/%<query>s', query:)
+
+        client.get path, access_token:
       end
 
-      def generate_ed25519_key
-        ed25519_key = JOSE::JWA::Ed25519.keypair
-        {
-          private_key: Base64.strict_encode64(ed25519_key[1]),
-          public_key: Base64.strict_encode64(ed25519_key[0])
+      def fetch_users(user_ids)
+        path = '/users/fetch'
+        user_ids = [user_ids] if user_ids.is_a? String
+        payload = user_ids
+
+        client.post path, *payload
+      end
+
+      def create_safe_user(name, private_key: nil, spend_key: nil)
+        private_keypair = JOSE::JWA::Ed25519.keypair private_key
+        private_key = private_keypair[1].unpack1('H*')
+
+        spend_keypair = JOSE::JWA::Ed25519.keypair spend_key
+        spend_key = spend_keypair[1].unpack1('H*')
+
+        user = create_user name, key: private_keypair[1][...32]
+
+        keystore = {
+          app_id: user['data']['user_id'],
+          session_id: user['data']['session_id'],
+          private_key:,
+          pin_token: user['data']['pin_token_base64'],
+          spend_key: spend_keypair[1].unpack1('H*')
         }
+        user_api = MixinBot::API.new(**keystore)
+
+        user_api.update_pin pin: MixinBot.utils.tip_public_key(spend_keypair[0], counter: user['data']['tip_counter'])
+
+        # wait for tip pin update in server
+        sleep 1
+
+        user_api.safe_register spend_key
+
+        keystore
       end
 
-      # https://developers.mixin.one/api/beta-mixin-message/search-user/
-      # search by Mixin Id or Phone Number
-      def search_user(query)
-        path = format('/search/%<query>s', query: query)
+      def safe_register(pin, spend_key: nil)
+        path = '/safe/users'
+
+        spend_key ||= MixinBot.utils.decode_key pin
+        key = JOSE::JWA::Ed25519.keypair spend_key[...32]
+        public_key = key[0].unpack1('H*')
+
+        hex = SHA3::Digest::SHA256.hexdigest config.app_id
+        signature = Base64.urlsafe_encode64 JOSE::JWA::Ed25519.sign([hex].pack('H*'), key[1]), padding: false
+
+        pin_base64 = encrypt_tip_pin pin, 'SEQUENCER:REGISTER:', config.app_id, public_key
 
-        access_token = access_token('GET', path, '')
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.get(path, headers: { 'Authorization': authorization })
+        payload = {
+          public_key:,
+          signature:,
+          pin_base64:
+        }
+
+        client.post path, **payload
       end
 
-      # https://developers.mixin.one/api/beta-mixin-message/read-users/
-      def fetch_users(user_ids)
-        # user_ids: a array of user_ids
-        path = '/users/fetch'
-        user_ids = [user_ids] if user_ids.is_a? String
-        payload = user_ids
+      def migrate_to_safe(spend_key:, old_pin: nil)
+        profile = me['data']
+        return true if profile['has_safe']
+
+        spend_keypair = JOSE::JWA::Ed25519.keypair spend_key
+        spend_key = spend_keypair[1].unpack1('H*')
 
-        access_token = access_token('POST', path, payload.to_json)
-        authorization = format('Bearer %<access_token>s', access_token: access_token)
-        client.post(path, headers: { 'Authorization': authorization }, json: payload)
+        update_pin pin: MixinBot.utils.tip_public_key(spend_keypair[0], counter: profile['tip_counter']) if profile['tip_key_base64'].blank?
+
+        # wait for tip pin update in server
+        sleep 1
+
+        safe_register spend_key
+
+        {
+          spend_key:
+        }.with_indifferent_access
       end
     end
   end