mobius-client 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: aa4d61727ba66679c6a5089ec75012d4c87e1d24
-  data.tar.gz: a2418ab7d25c6f54e3f8e9a36800f8b929be5913
+SHA256:
+  metadata.gz: f26fccdb1893d53cbb280832a4fe527a98f17c9d62bb4350cc07629caea51251
+  data.tar.gz: c2b3d55a4c15c334617d3571d1e1ad0ac1a8436685f5e965dcf1854d55d59f64
 SHA512:
-  metadata.gz: fbf295dd5c30ae4decfddad11da7f071a4b9840a648a1fd5a9ad190af01058e63e6db0d53c40fe2c38e90001c739f5081bbd48fa1542cb0c42b381211ab4930b
-  data.tar.gz: a89f53e9a33aba413fe7e53b0e71b737acdd7954315de9283f7876ca3c5f41358597f00a58ba9f5c151f308d9a2b10ce18cdfa6ee8f40197e2d8693263bc2fcd
+  metadata.gz: 62078725168f732c21c720471ab26780dce72fd19869d0177715ff69caa49aee7e29eb815b0f44e91777c48d15a0473dd6976f5b38ee335af4aa0cc346e0d664
+  data.tar.gz: fadbdb441858930947ccf18895505fd5c5c44525acb99fe365f2212bbaeced1cf15e26426215a7ad3520e1caf792963704c25d5c16930141afd0ce031c72e548

data/README.md

@@ -22,6 +22,14 @@ An overview of the DApp Store architecture is:
   1) Adds the application's public key as a signer so the application can access the MOBI and
   2) Signs a challenge transaction from the app with its secret key to authenticate that this user owns the account. This prevents a different person from pretending they own the account and spending the MOBI (more below under Authentication).
 
+## Sample Application
+
+[Flappy Bird](https://github.com/mobius-network/flappy-bird-dapp) has been reimplemented using this new arhictecture and the above simple server code!
+
+## Documentation
+
+[[RDoc.info](http://www.rubydoc.info/github/mobius-network/mobius-client-ruby/master)]
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -50,41 +58,47 @@ You can also obtain free test network MOBI from https://mobius.network/friendbot
 
 ### Setting up test user accounts
 
-1. Create empty Stellar account without a MOBI trustline.
+1. Create an empty Stellar account without a MOBI trustline.
     ```
       $ mobius-cli create account
     ```
-2. Create stellar account with 1,000 test-net MOBI
+2. Create a stellar account with 1,000 test-net MOBI
     ```
       $ mobius-cli create dapp-account
     ```
-3. Create stellar account with 1,000 test-net MOBI and the specified application public key added as a signer
+3. Create a stellar account with 1,000 test-net MOBI and the specified application public key added as a signer
     ```
       $ mobius-cli create dapp-account -a <Your application public key>
     ```
 
 ### Account Creation Wizard
 
-Below command will create and setup the 4 account types above for testing and generate a simple HTML test interface that simulates the DApp Store authentication functionality (obtaining a challenge request from an app, signing it, and then openining the specified app passing in a JWT encoded token the application will use to verify this request is from the user that owns the specified MOBI account).
+The below command will create and setup the 4 account types above for testing and generate a simple HTML test interface that simulates the DApp Store authentication functionality (obtaining a challenge request from an app, signing it, and then opening the specified app passing in a JWT encoded token the application will use to verify this request is from the user that owns the specified MOBI account).
 
 ```
   $ mobius-cli create dev-wallet
 ```
 
+## Production Server Setup
+
+Your production server must use HTTPS and set the below header on the `/auth` endpoint:
+
+`Access-Control-Allow-Origin: *`
+
 ## Authentication
 
 ### Explanation
 
 When a user opens an app through the DApp Store it tells the app what Mobius account it should use for payment.
 
-The application needs to ensure that the user actually owns the secret key to the Mobius account and that this isn't a replay attack from a user who captured a previous request and is replyaing it.
+The application needs to ensure that the user actually owns the secret key to the Mobius account and that this isn't a replay attack from a user who captured a previous request and is replaying it.
 
 This authentication is accomplished through the following process:
 
 * When the user opens an app in the DApp Store it requests a challenge from the application.
 * The challenge is a payment transaction of 1 XLM from and to the application account. It is never sent to the network - it is just used for authentication.
-* The application generates the challenge transaction on request, signs it with itss own private key, and sends it to user.
-* User receives the challenge transaction, verifies it is signed by the application's secret key by checking it the application's published public key that it receives through the DApp Store, and then signs the transaction which its own private key and sends it back to application along with its public key.
+* The application generates the challenge transaction on request, signs it with its own private key, and sends it to user.
+* The user receives the challenge transaction and verifies it is signed by the application's secret key by checking it against the application's published public key (that it receives through the DApp Store). Then the user signs the transaction with its own private key and sends it back to application along with its public key.
 * Application checks that challenge transaction is now signed by itself and the public key that was passed in. Time bounds are also checked to make sure this isn't a replay attack. If everything passes the server replies with a token the application can pass in to "login" with the specified public key and use it for payment (it would have previously given the app access to the public key by adding the app's public key as a signer).
 
 Note: the challenge transaction also has time bounds to restrict the time window when it can be used.
@@ -97,7 +111,7 @@ See demo at:
 
 ### Sample Server Implementation
 
-```
+```ruby
 class AuthController < ApplicationController
   skip_before_action :verify_authenticity_token, :only => [:authenticate]
 
@@ -148,7 +162,7 @@ end
 
 ### Explanation
 
-After the user completes the authentication process they have a token T. They now pass it to the application to "login" which tells the application which Mobius account to withdraw MOBI from (the user public key) when a payment is needed. For a web application the token is generally passed in via a `token` request parameter. Upon opening the website/loading the application it checks that the token is valid (within time bounds etc) and the account in the token has added the app as a signer so it can withraw MOBI from it.
+After the user completes the authentication process they have a token. They now pass it to the application to "login" which tells the application which Mobius account to withdraw MOBI from (the user public key) when a payment is needed. For a web application the token is generally passed in via a `token` request parameter. Upon opening the website/loading the application it checks that the token is valid (within time bounds etc) and the account in the token has added the app as a signer so it can withdraw MOBI from it.
 
 
 See demo at:
@@ -159,7 +173,7 @@ See demo at:
 
 ### Sample Server Implementation
 
-```
+```ruby
 class AppController < ApplicationController
   skip_before_action :verify_authenticity_token, :only => [:pay]
 
@@ -182,9 +196,9 @@ class AppController < ApplicationController
     render plain: app.balance
   end
 
-  # POST /pay
-  def pay
-    app.pay(ROUND_PRICE)
+  # POST /charge
+  def charge
+    app.charge(ROUND_PRICE)
     render plain: app.balance
   rescue Mobius::Client::Error::InsufficientFunds
     render :gone
@@ -211,13 +225,9 @@ class AppController < ApplicationController
 end
 ```
 
-## Sample Application
-
-[Flappy Bird](https://github.com/mobius-network/flappy-bird-dapp) has been reimplemented using this new arhictecture and the above simple server code!
-
 ## CLI Test Implementation
 
-  Normally, as mentioned the Mobius DApp Store will request a challenge, validate and sign it, pass it back to the application to obtain an access token, and then open the application and pass in the token.
+  Normally the Mobius DApp Store will request a challenge, validate and sign it, pass it back to the application to obtain an access token, and then open the application and pass in the token.
 
   For development purposes you can use the simple HTML test interface generated via `mobius-cli create dev-wallet` as mentioned above in the "Account Creation Wizard" section or you can use the these CLI commands.
 
@@ -237,10 +247,6 @@ end
 
   Check `lib/mobius/cli/auth.rb` for details.
 
-## Documentation
-
-[[RDoc.info](http://www.rubydoc.info/github/mobius-network/mobius-client-ruby/master)]
-
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -257,4 +263,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the Mobius::Client project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/mobius-client/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the Mobius::Client project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/mobius-network/mobius-client-ruby/blob/master/CODE_OF_CONDUCT.md).

data/lib/mobius/client/app.rb

@@ -19,109 +19,97 @@ class Mobius::Client::App
   # @return [Float] User balance.
   def balance
     validate!
-    balance_object["balance"].to_f
+    user_account.balance
   end
 
   # Returns application balance.
   # @return [Float] Application balance.
   def app_balance
-    app_balance_object["balance"].to_f
+    app_account.balance
   end
 
   # Makes payment.
-  # @param amount [Float] Payment amount.
+  # @param amount [Numeric, String] Payment amount.
   # @param target_address [String] Optional: third party receiver address.
-  # rubocop:disable Metrics/AbcSize
+  # @deprecated use {#charge} instead
   def pay(amount, target_address: nil)
-    current_balance = balance
-    raise Mobius::Client::Error::InsufficientFunds if current_balance < amount.to_f
-    envelope_base64 = payment_tx(amount.to_f, target_address).to_envelope(app_keypair).to_xdr(:base64)
-    post_tx(envelope_base64).tap do
-      [app_account, user_account].each(&:reload!)
+    warn "[DEPRECATED] method Mobius::Client::App#pay is deprecated and will be removed, use Mobius::Client::App#charge instead"
+    charge(amount, target_address)
+  end
+
+  # Charges user's wallet.
+  # @param amount [Numeric, String] Payment amount.
+  # @param target_address [String] Optional: third party receiver address.
+  def charge(amount, target_address: nil)
+    amount = cast_amount(amount)
+
+    raise Mobius::Client::Error::InsufficientFunds if balance < amount
+
+    submit_tx do |operations|
+      operations << payment_op(amount, dest: app_keypair, src: user_keypair)
+      operations << payment_op(amount, dest: target_address, src: app_keypair) if target_address
     end
   rescue Faraday::ClientError => err
     handle(err)
   end
-  # rubocop:enable Metrics/AbcSize
 
-  # Sends money from application account to third party.
+  # Sends money from user's account to third party.
   # @param amount [Float] Payment amount.
   # @param address [String] Target address.
-  # rubocop:disable Metrics/AbcSize
   def transfer(amount, address)
-    current_balance = app_balance
-    raise Mobius::Client::Error::InsufficientFunds if current_balance < amount.to_f
-    envelope_base64 = transfer_tx(amount.to_f, address).to_envelope(app_keypair).to_xdr(:base64)
-    post_tx(envelope_base64).tap do
-      [app_account, user_account].each(&:reload!)
-    end
+    amount = cast_amount(amount)
+    raise Mobius::Client::Error::InsufficientFunds if app_balance < amount
+    submit_tx { |operations| operations << payment_op(amount, dest: address, src: user_keypair) }
   rescue Faraday::ClientError => err
     handle(err)
   end
-  # rubocop:enable Metrics/AbcSize
 
-  private
-
-  def post_tx(txe)
-    Mobius::Client.horizon_client.horizon.transactions._post(tx: txe)
-  end
-
-  def payment_tx(amount, target_address)
-    Stellar::Transaction.for_account(
-      account: user_keypair,
-      sequence: user_account.next_sequence_value,
-      fee: target_address.nil? ? FEE : FEE * 2
-    ).tap do |t|
-      t.operations << payment_op(amount.to_f)
-      t.operations << third_party_payment_op(target_address, amount) if target_address
+  # Sends money from application account to user's account or target_address, if given
+  # @param amount [Float] Payment amount.
+  # @param target_address [String] Optional: third party receiver address.
+  def payout(amount, target_address: user_keypair.address)
+    amount = cast_amount(amount)
+    raise Mobius::Client::Error::InsufficientFunds if app_balance < amount
+    submit_tx do |operations|
+      operations << payment_op(amount, dest: target_address, src: app_keypair)
     end
+  rescue Faraday::ClientError => err
+    handle(err)
   end
 
-  def payment_op(amount)
-    Stellar::Operation.payment(
-      destination: app_keypair,
-      amount: Stellar::Amount.new(amount.to_f, Mobius::Client.stellar_asset).to_payment
-    )
-  end
+  private
 
-  def third_party_payment_op(target_address, amount)
-    Stellar::Operation.payment(
-      source_account: app_keypair,
-      destination: Mobius::Client.to_keypair(target_address),
-      amount: Stellar::Amount.new(amount.to_f, Mobius::Client.stellar_asset).to_payment
-    )
-  end
+  def submit_tx
+    return unless block_given?
 
-  def transfer_tx(amount, address)
-    Stellar::Transaction.payment(
+    tx = Stellar::Transaction.for_account(
       account: user_keypair,
       sequence: user_account.next_sequence_value,
-      destination: Mobius::Client.to_keypair(address),
-      amount: Stellar::Amount.new(amount.to_f, Mobius::Client.stellar_asset).to_payment
     )
-  end
 
-  def validate!
-    raise Mobius::Client::Error::AuthorisationMissing unless authorized?
-    raise Mobius::Client::Error::TrustlineMissing if balance_object.nil?
-  end
+    yield(tx.operations)
 
-  def limit
-    balance_object["limit"].to_f
+    tx.fee = FEE * tx.operations.size
+
+    txe = tx.to_envelope(app_keypair).to_xdr(:base64)
+    post_txe(txe).tap { [app_account, user_account].each(&:reload!) }
   end
 
-  def balance_object
-    find_balance(user_account.info.balances)
+  def post_txe(txe)
+    Mobius::Client.horizon_client.horizon.transactions._post(tx: txe)
   end
 
-  def app_balance_object
-    find_balance(app_account.info.balances)
+  def payment_op(amount, dest:, src:)
+    Stellar::Operation.payment(
+      source_account: Mobius::Client.to_keypair(src),
+      destination: Mobius::Client.to_keypair(dest),
+      amount: Stellar::Amount.new(amount, Mobius::Client.stellar_asset).to_payment
+    )
   end
 
-  def find_balance(balances)
-    balances.find do |s|
-      s["asset_code"] == Mobius::Client.asset_code && s["asset_issuer"] == Mobius::Client.asset_issuer
-    end
+  def validate!
+    raise Mobius::Client::Error::AuthorisationMissing unless authorized?
+    raise Mobius::Client::Error::TrustlineMissing unless user_account.trustline_exists?
   end
 
   def app_keypair
@@ -147,5 +135,11 @@ class Mobius::Client::App
     raise err
   end
 
+  def cast_amount(amount)
+    Float(amount).to_d
+  rescue ArgumentError
+    raise Mobius::Client::Error::InvalidAmount, "Invalid amount provided: `#{amount}`"
+  end
+
   FEE = 100
 end

data/lib/mobius/client/blockchain/account.rb

@@ -5,14 +5,14 @@ class Mobius::Client::Blockchain::Account
   # @!method initialize(keypair)
   # @param keypair [Stellar::Keypair] account keypair
   # @!scope instance
-  param :keypair
+  param :keypair, Mobius::Client.method(:to_keypair)
 
   # Returns true if trustline exists for given asset and limit is positive.
   # @param asset [Stellar::Asset] Stellar asset to check or :native
   # @return [Boolean] true if trustline exists
   def trustline_exists?(asset = Mobius::Client.stellar_asset)
     balance = find_balance(asset)
-    (balance && !balance.dig("limit").to_f.zero?) || false
+    (balance && !balance.dig("limit").to_d.zero?) || false
   end
 
   # Returns balance for given asset
@@ -20,7 +20,7 @@ class Mobius::Client::Blockchain::Account
   # @return [Float] Balance value.
   def balance(asset = Mobius::Client.stellar_asset)
     balance = find_balance(asset)
-    balance && balance.dig("balance").to_f
+    balance && balance.dig("balance").to_d
   end
 
   # Returns true if given keypair is added as cosigner to current account.

data/lib/mobius/client/error.rb

@@ -46,4 +46,8 @@ class Mobius::Client::Error < StandardError
   # Raised if unknown or empty value has passed to KeyPairFactory
   class UnknownKeyPairType < self
   end
+
+  # Raised, when NaN provided as an amount for payment operation
+  class InvalidAmount < self
+  end
 end

data/lib/mobius/client/version.rb

@@ -1,5 +1,5 @@
 module Mobius
   module Client
-    VERSION = "0.2.1".freeze
+    VERSION = "0.3.0".freeze
   end
 end

data/lib/mobius/client.rb

@@ -1,3 +1,5 @@
+require "bigdecimal"
+require "bigdecimal/util"
 require "constructor_shortcut"
 require "dry-initializer"
 require "stellar-sdk"
@@ -7,6 +9,11 @@ require "jwt"
 
 require "mobius/client/version"
 
+begin
+  require "pry-byebug"
+rescue LoadError
+end
+
 module Mobius
   module Cli
     autoload :Base,   "mobius/cli/base"

data/mobius-client.gemspec

@@ -32,6 +32,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop", "~> 0.53"
   spec.add_development_dependency "rubocop-rspec", "~> 1.23"
+  spec.add_development_dependency "pry-byebug"
   spec.add_development_dependency "simplecov", ">= 0.16.1"
   spec.add_development_dependency "simplecov-console", ">= 0.4.2"
   spec.add_development_dependency "timecop", "~> 0.9", ">= 0.9.1"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mobius-client
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Viktor Sokolov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-04-26 00:00:00.000000000 Z
+date: 2018-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -114,6 +114,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.23'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -392,7 +406,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Mobius Ruby Client