mobius-client 0.1.0

data/lib/mobius/client.rb

@@ -0,0 +1,117 @@
+require "dry-initializer"
+require "stellar-sdk"
+require "faraday"
+require "faraday_middleware"
+require "jwt"
+
+require "mobius/client/version"
+
+module Mobius
+  module Cli
+    autoload :Base,   "mobius/cli/base"
+    autoload :App,    "mobius/cli/app"
+    autoload :Auth,   "mobius/cli/auth"
+    autoload :Create, "mobius/cli/create"
+  end
+
+  module Client
+    autoload :Error,     "mobius/client/error"
+    autoload :FriendBot, "mobius/client/friend_bot"
+    autoload :App,       "mobius/client/app"
+
+    module Auth
+      autoload :Challenge, "mobius/client/auth/challenge"
+      autoload :Jwt,       "mobius/client/auth/jwt"
+      autoload :Sign,      "mobius/client/auth/sign"
+      autoload :Token,     "mobius/client/auth/token"
+    end
+
+    module Blockchain
+      autoload :Account,         "mobius/client/blockchain/account"
+      autoload :AddCosigner,     "mobius/client/blockchain/add_cosigner"
+      autoload :CreateTrustline, "mobius/client/blockchain/create_trustline"
+      autoload :FriendBot,       "mobius/client/blockchain/friend_bot"
+      autoload :KeyPairFactory,  "mobius/client/blockchain/key_pair_factory"
+    end
+
+    class << self
+      attr_writer :mobius_host
+
+      # Mobius API host
+      def mobius_host
+        @mobius_host ||= "https://mobius.network"
+      end
+
+      def network=(value)
+        @network = value
+        Stellar.default_network = stellar_network
+      end
+
+      # Stellar network to use (:test || :public). See notes on thread-safety in ruby-stellar-base.
+      # Safe to set on startup.
+      def network
+        @network ||= :test
+      end
+
+      # `Stellar::Client` instance
+      attr_writer :horizon_client
+
+      def horizon_client
+        @horizon_client ||= network == :test ? Stellar::Client.default_testnet : Stellar::Client.default
+      end
+
+      # Asset code used for payments (MOBI by default)
+      attr_writer :asset_code
+
+      def asset_code
+        @asset_code ||= "MOBI"
+      end
+
+      # Asset issuer account
+      attr_writer :asset_issuer
+
+      def asset_issuer
+        return @asset_issuer if @asset_issuer
+        return "GA6HCMBLTZS5VYYBCATRBRZ3BZJMAFUDKYYF6AH6MVCMGWMRDNSWJPIH" if network == :public
+        "GDRWBLJURXUKM4RWDZDTPJNX6XBYFO3PSE4H4GPUL6H6RCUQVKTSD4AT"
+      end
+
+      # Challenge expires in (seconds, 1d by default)
+      attr_writer :challenge_expires_in
+
+      def challenge_expires_in
+        @challenge_expires_in ||= 60 * 60 * 24
+      end
+
+      # Stellar::Asset instance of asset used for payments
+      def stellar_asset
+        @stellar_asset ||= Stellar::Asset.alphanum4(asset_code, Stellar::KeyPair.from_address(asset_issuer))
+      end
+
+      # In strict mode, session must be not older than seconds from now (10 by default)
+      attr_writer :strict_interval
+
+      def strict_interval
+        @strict_interval ||= 10
+      end
+
+      # Runs block on selected Stellar network
+      def on_network
+        Stellar.on_network(stellar_network) do
+          yield if block_given?
+        end
+      end
+
+      # Converts given argument to Stellar::KeyPair
+      def to_keypair(subject)
+        Mobius::Client::Blockchain::KeyPairFactory.produce(subject)
+      end
+
+      private
+
+      def stellar_network
+        Mobius::Client.network == :test ? Stellar::Networks::TESTNET : Stellar::Networks::PUBLIC
+      end
+    end
+  end
+end

data/lib/mobius/client/app.rb

@@ -0,0 +1,136 @@
+# Interface to user balance in application.
+class Mobius::Client::App
+  extend Dry::Initializer
+
+  # @!method initialize(seed)
+  # @param seed [String] Developers private key.
+  # @param address [String] Users public key.
+  # @!scope instance
+  param :seed
+  param :address
+
+  # Checks if developer is authorized to use an application.
+  # @return [Bool] Authorization status.
+  def authorized?
+    user_account.authorized?(app_keypair)
+  end
+
+  # Returns user balance.
+  # @return [Float] User balance.
+  def balance
+    validate!
+    balance_object["balance"].to_f
+  end
+
+  # Returns application balance.
+  # @return [Float] Application balance.
+  def app_balance
+    app_balance_object["balance"].to_f
+  end
+
+  # Makes payment.
+  # @param amount [Float] Payment amount.
+  # @param target_address [String] Optional: third party receiver address.
+  def pay(amount, target_address: nil)
+    current_balance = balance
+    raise Mobius::Client::Error::InsufficientFunds if current_balance < amount.to_f
+    envelope_base64 = payment_tx(amount.to_f, target_address).to_envelope(app_keypair).to_xdr(:base64)
+    post_tx(envelope_base64).tap do
+      [app_account, user_account].each(&:reload!)
+    end
+  end
+
+  # Sends money from application account to third party.
+  # @param amount [Float] Payment amount.
+  # @param address [String] Target address.
+  def transfer(amount, address)
+    current_balance = app_balance
+    raise Mobius::Client::Error::InsufficientFunds if current_balance < amount.to_f
+    envelope_base64 = transfer_tx(amount.to_f, address).to_envelope(app_keypair).to_xdr(:base64)
+    post_tx(envelope_base64).tap do
+      [app_account, user_account].each(&:reload!)
+    end
+  end
+
+  private
+
+  def post_tx(txe)
+    Mobius::Client.horizon_client.horizon.transactions._post(tx: txe)
+  end
+
+  def payment_tx(amount, target_address)
+    Stellar::Transaction.for_account(
+      account: user_keypair,
+      sequence: user_account.next_sequence_value,
+      fee: target_address.nil? ? FEE : FEE * 2
+    ).tap do |t|
+      t.operations << payment_op(amount.to_f)
+      t.operations << third_party_payment_op(target_address, amount) if target_address
+    end
+  end
+
+  def payment_op(amount)
+    Stellar::Operation.payment(
+      destination: app_keypair,
+      amount: Stellar::Amount.new(amount.to_f, Mobius::Client.stellar_asset).to_payment
+    )
+  end
+
+  def third_party_payment_op(target_address, amount)
+    Stellar::Operation.payment(
+      source_account: app_keypair,
+      destination: Mobius::Client.to_keypair(target_address),
+      amount: Stellar::Amount.new(amount.to_f, Mobius::Client.stellar_asset).to_payment
+    )
+  end
+
+  def transfer_tx(amount, address)
+    Stellar::Transaction.payment(
+      account: user_keypair,
+      sequence: user_account.next_sequence_value,
+      destination: Mobius::Client.to_keypair(address),
+      amount: Stellar::Amount.new(amount.to_f, Mobius::Client.stellar_asset).to_payment
+    )
+  end
+
+  def validate!
+    raise Mobius::Client::Error::AuthorisationMissing unless authorized?
+    raise Mobius::Client::Error::TrustlineMissing if balance_object.nil?
+  end
+
+  def limit
+    balance_object["limit"].to_f
+  end
+
+  def balance_object
+    find_balance(user_account.info.balances)
+  end
+
+  def app_balance_object
+    find_balance(app_account.info.balances)
+  end
+
+  def find_balance(balances)
+    balances.find do |s|
+      s["asset_code"] == Mobius::Client.asset_code && s["asset_issuer"] == Mobius::Client.asset_issuer
+    end
+  end
+
+  def app_keypair
+    @app_keypair ||= Mobius::Client.to_keypair(seed)
+  end
+
+  def user_keypair
+    @user_keypair ||= Mobius::Client.to_keypair(address)
+  end
+
+  def app_account
+    @app_account ||= Mobius::Client::Blockchain::Account.new(app_keypair)
+  end
+
+  def user_account
+    @user_account ||= Mobius::Client::Blockchain::Account.new(user_keypair)
+  end
+
+  FEE = 100
+end

data/lib/mobius/client/auth/challenge.rb

@@ -0,0 +1,72 @@
+# Generates challenge transaction on developer's side.
+class Mobius::Client::Auth::Challenge
+  extend Dry::Initializer
+
+  # @!method initialize(seed)
+  # @param seed [String] Developers private key
+  # @!scope instance
+  param :seed
+
+  # Generates challenge transaction signed by developers private key. Minimum valid time bound is set to current time.
+  # Maximum valid time bound is set to `expire_in` seconds from now.
+  #
+  # @param expire_in [Integer] Session expiration time (seconds from now). 0 means "never".
+  # @return [String] base64-encoded transaction envelope
+  def call(expire_in = Mobius::Client.challenge_expires_in)
+    payment = Stellar::Transaction.payment(
+      source_account: keypair,
+      account: Stellar::KeyPair.random,
+      destination: keypair,
+      sequence: random_sequence,
+      amount: micro_xlm,
+      memo: memo
+    )
+
+    payment.time_bounds = build_time_bounds(expire_in)
+
+    payment.to_envelope(keypair).to_xdr(:base64)
+  end
+
+  class << self
+    # Shortcut to challenge generation method.
+    #
+    # @param seed [String] Developers private key
+    # @return [String] base64-encoded transaction envelope
+    def call(*args)
+      new(*args).call
+    end
+  end
+
+  private
+
+  # @return [Stellar::Keypair] Stellar::Keypair object for given seed.
+  def keypair
+    @keypair ||= Stellar::KeyPair.from_seed(seed)
+  end
+
+  # @return [Integer] Random sequence number
+  def random_sequence
+    MAX_SEQ_NUMBER - SecureRandom.random_number(RANDOM_LIMITS)
+  end
+
+  # @return [Stellar::TimeBounds] Current time..expire time
+  def build_time_bounds(expire_in)
+    Stellar::TimeBounds.new(
+      min_time: Time.now.to_i,
+      max_time: Time.now.to_i + expire_in.to_i || 0
+    )
+  end
+
+  # @return [Stellar::Amount] 1 XLM
+  def micro_xlm
+    Stellar::Amount.new(1).to_payment
+  end
+
+  # @return [Stellar::Memo] Auth transaction memo
+  def memo
+    Stellar::Memo.new(:memo_text, "Mobius authentication")
+  end
+
+  MAX_SEQ_NUMBER = (2**128 - 1).freeze # MAX sequence number
+  RANDOM_LIMITS = 65535                # Sequence random limits
+end

data/lib/mobius/client/auth/jwt.rb

@@ -0,0 +1,37 @@
+# Generates JWT token based on valid token transaction signed by both parties and decodes JWT token into hash.
+class Mobius::Client::Auth::Jwt
+  extend Dry::Initializer
+
+  # @!method initialize(secret)
+  # @param secret [String] JWT secret
+  # @!scope instance
+  param :secret
+
+  # Returns JWT token.
+  # @param token [Mobius::Client::Auth::Token] Valid auth token
+  # @return [String] JWT token
+  def encode(token)
+    payload = {
+      hash: token.hash(:hex),
+      public_key: token.address,
+      min_time: token.time_bounds.min_time,
+      max_time: token.time_bounds.max_time
+    }
+
+    JWT.encode(payload, secret, ALG)
+  end
+
+  # Returns decoded JWT token.
+  # @param jwt [String] JWT token
+  # @return [Hash] Decoded token params
+  def decode!(jwt)
+    OpenStruct.new(
+      JWT.decode(jwt, secret, true, algorithm: ALG).first
+    ).tap do |payload|
+      raise TokenExpired unless (payload.min_time..payload.max_time).cover?(Time.now.to_i)
+    end
+  end
+
+  # Used JWT algorithm
+  ALG = "HS512".freeze
+end

data/lib/mobius/client/auth/sign.rb

@@ -0,0 +1,48 @@
+# Signs challenge transaction on user's side.
+class Mobius::Client::Auth::Sign
+  extend Dry::Initializer
+
+  # @!method initialize(seed, xdr)
+  # @param seed [String] Users private key
+  # @param xdr [String] Challenge transaction xdr
+  # @param address [String] Developers public key
+  # @!scope instance
+  param :seed
+  param :xdr
+  param :address
+
+  # Adds signature to given transaction.
+  #
+  # @return [String] base64-encoded transaction envelope
+  def call
+    validate!
+    envelope.dup.tap { |e| e.signatures << e.tx.sign_decorated(keypair) }.to_xdr(:base64)
+  end
+
+  class << self
+    def call(*args)
+      new(*args).call
+    end
+  end
+
+  private
+
+  # @return [Stellar::Keypair] Stellar::Keypair object for given seed.
+  def keypair
+    @keypair ||= Stellar::KeyPair.from_seed(seed)
+  end
+
+  # @return [Stellar::Keypair] Stellar::Keypair object for given address.
+  def developer_keypair
+    @developer_keypair ||= Stellar::KeyPair.from_address(address)
+  end
+
+  # @return [Stellar::TransactionEnvelope] Stellar::TransactionEnvelope for given challenge.
+  def envelope
+    @envelope ||= Stellar::TransactionEnvelope.from_xdr(xdr, "base64")
+  end
+
+  def validate!
+    raise Mobius::Client::Error::Unauthorized unless envelope.signed_correctly?(developer_keypair)
+  end
+end

data/lib/mobius/client/auth/token.rb

@@ -0,0 +1,81 @@
+# Checks challenge transaction signed by user on developer's side.
+class Mobius::Client::Auth::Token
+  extend Dry::Initializer
+
+  # @!method initialize(seed, xdr, address)
+  # @param seed [String] Developers private key.
+  # @param xdr [String] Auth transaction XDR.
+  # @param address [String] User public key.
+  # @!scope instance
+  param :seed
+  param :xdr
+  param :address
+
+  # Returns time bounds for given transaction.
+  #
+  # @return [Stellar::TimeBounds] Time bounds for given transaction (`.min_time` and `.max_time`).
+  # @raise [Unauthorized] if one of the signatures is invalid.
+  # @raise [Invalid] if transaction is malformed or time bounds are missing.
+  def time_bounds
+    bounds = envelope.tx.time_bounds
+
+    raise Mobius::Client::Error::Unauthorized unless signed_correctly?
+    raise Mobius::Client::Error::MalformedTransaction if bounds.nil?
+
+    bounds
+  end
+
+  # Validates transaction signed by developer and user.
+  #
+  # @param strict [Bool] if true, checks that lower time limit is within Mobius::Client.strict_interval seconds from now
+  # @return [Boolean] true if transaction is valid, raises exception otherwise
+  # @raise [Unauthorized] if one of the signatures is invalid
+  # @raise [Invalid] if transaction is malformed or time bounds are missing
+  # @raise [Expired] if transaction is expired (current time outside it's time bounds)
+  def validate!(strict = true)
+    bounds = time_bounds
+    raise Mobius::Client::Error::TokenExpired unless time_now_covers?(bounds)
+    raise Mobius::Client::Error::TokenTooOld if strict && too_old?(bounds)
+    true
+  end
+
+  # @return [String] transaction hash
+  def hash(format = :binary)
+    validate! # Guard!
+    h = envelope.tx.hash
+    return h if format == :binary
+    h.unpack("H*").first
+  end
+
+  private
+
+  # @return [Stellar::KeyPair] Stellar::KeyPair object for given seed
+  def keypair
+    @keypair ||= Stellar::KeyPair.from_seed(seed)
+  end
+
+  # @return [Stellar::KeyPair] Stellar::KeyPair of user being authorized
+  def their_keypair
+    @their_keypair ||= Stellar::KeyPair.from_address(address)
+  end
+
+  # @return [Stellar::TrnansactionEnvelope] Stellar::TrnansactionEnvelope of challenge transaction
+  def envelope
+    @envelope ||= Stellar::TransactionEnvelope.from_xdr(xdr, "base64")
+  end
+
+  # @return [Bool] true if transaction is signed by both parties
+  def signed_correctly?
+    envelope.signed_correctly?(keypair, their_keypair)
+  end
+
+  # @return [Bool] true if current time is within transaction time bounds
+  def time_now_covers?(time_bounds)
+    (time_bounds.min_time..time_bounds.max_time).cover?(Time.now.to_i)
+  end
+
+  # @return [Bool] true if transaction is created more than n secods from now
+  def too_old?(time_bounds)
+    Time.now.to_i > time_bounds.min_time + Mobius::Client.strict_interval
+  end
+end