stellar_base-rails 0.2.1 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ecd5d5fc63b0d3fc23adafd92a5e330c1ae47949bc410898565a9efdb4f6726f
4
- data.tar.gz: 3d7f60859d18ab5376070d7ec7fbc1281ddc4ff8708927221f146978fe2c96e4
3
+ metadata.gz: a83410d8dc46aa9b3e3a7501ff339f620e4bb16073a5156b935a942249204fcd
4
+ data.tar.gz: b76ff40be0ee4f471c37198856157f152ef041d14736e2fdf0eebfaf42f3a770
5
5
  SHA512:
6
- metadata.gz: 9fc6a3115718edb85a4a9e43ff75141d96720514e49c2f41a9dae261b29d2f1a1ddc8979d8ef80cf0c871185fefb469c9ac38f23a279997f7b3105890a8b3ad8
7
- data.tar.gz: 9d8ed4542c4f85231f68ada991cecbe6e5895d3f2f2590dadf4bba0102822b061d50906f8124531199e405712c5334b63e45e52b433628fb60c97aa7f5041763
6
+ metadata.gz: 2db9224965d1e88f9f6f8b1deba1e50bcf6ac32c7226da4ba8cbaee737c6d9834b0d663861597cabb65eb9e601e13d6e695b7097d44c73df34ca2e6419f3e7f6
7
+ data.tar.gz: 1bf1a4bd010321297c05638303b681756d1c16089d006e8acdc3e4a50fc438d45ef9a35cd5404d0b73c5f9105ef2a1af505d246a9ea243ae32d09d7401e98224
data/README.md CHANGED
@@ -21,8 +21,10 @@ StellarBase.configure do |c|
21
21
  c.modules = %i(bridge_callbacks)
22
22
  c.horizon_url = "https://horizon.stellar.org"
23
23
 
24
- c.check_bridge_callbacks_authenticity = true
25
24
  c.on_bridge_callback = "StellarBridgeReceive::SaveTxn"
25
+ c.check_bridge_callbacks_authenticity = true
26
+ c.check_bridge_callbacks_mac_payload = false
27
+ c.bridge_callbacks_mac_key = "test"
26
28
  end
27
29
  ```
28
30
 
@@ -34,6 +36,11 @@ end
34
36
  - You can supply what endpoints you want to activate with the gem
35
37
  - `bridge_callbacks` - this will mount a HTTP/S POST endpoint that acts as callback receiver for bridge server payments on the path. It will call your `.on_bridge_callback` class.
36
38
 
39
+ #### c.horizon_url
40
+ - Value(s): String, url to horizon
41
+ - Default: https://horizon.stellar.org
42
+ - This is where the engine will check bridge callbacks if `c.check_bridge_callbacks_authenticity` is turned on
43
+
37
44
  #### c.on_bridge_callback
38
45
  - Value(s): Class
39
46
  - Default: None
@@ -48,10 +55,15 @@ end
48
55
  - Default: `false`
49
56
  - This secures the `/bridge_callbacks` endpoint from fake transactions by checking the transaction ID and it's contents against the Stellar Blockchain. If it doesn't add up, `/bridge_callbacks` endpoint will respond with a 422
50
57
 
51
- #### c.horizon_url
52
- - Value(s): String, url to horizon
53
- - Default: https://horizon.stellar.org
54
- - This is where the engine will check bridge callbacks if `c.cross_reference_bridge_callback` is turned on
58
+ #### c.check_bridge_callbacks_mac_payload
59
+ - Value(s): `true` or `false`
60
+ - Default: `false`
61
+ - This secures the `/bridge_callbacks` endpoint from fake transactions by checking the `X_PAYLOAD_MAC` header for 1.) existence and 2.) if it matches the HMAC-SH256 encoded raw request body
62
+
63
+ #### c.bridge_callbacks_mac_key
64
+ - Value(s): Any Stellar Private Key, it should be the same as the mac_key configured in your bridge server
65
+ - Default: None
66
+ - This is used to verify the contents of `X_PAYLOAD_MAC` by encoding the raw request body with the decoded `bridge_callback_mac_key` as the key
55
67
 
56
68
  ## Installation
57
69
  Add this line to your application's Gemfile:
@@ -1,6 +1,7 @@
1
1
  module StellarBase
2
2
  class BridgeCallbacksController < ApplicationController
3
3
  skip_before_action :verify_authenticity_token
4
+ before_action :verify_mac_payload, if: :check_mac_payload?
4
5
 
5
6
  def create
6
7
  op = BridgeCallbacks::Operations::Process.(bridge_callback: callback_params)
@@ -10,7 +11,9 @@ module StellarBase
10
11
  if op.success?
11
12
  head :ok
12
13
  else
13
- log_unsuccessful_callback(op)
14
+ contract = op["contract.default"]
15
+ log_unsuccessful_callback(contract.errors.full_messages)
16
+
14
17
  head :unprocessable_entity
15
18
  end
16
19
  end
@@ -19,11 +22,13 @@ module StellarBase
19
22
 
20
23
  private
21
24
 
22
- def log_unsuccessful_callback(op)
23
- Rails.logger.warn("Unsuccessful bridge callback #{callback_params.to_s}")
25
+ def check_mac_payload?
26
+ StellarBase.configuration.check_bridge_callbacks_mac_payload
27
+ end
24
28
 
25
- error_messages = op["contract.default"].errors.full_messages
26
- Rails.logger.warn("Details: #{error_messages}")
29
+ def log_unsuccessful_callback(error_message)
30
+ Rails.logger.warn("Unsuccessful bridge callback #{callback_params.to_s}")
31
+ Rails.logger.warn("Details: #{error_message}")
27
32
  end
28
33
 
29
34
  def callback_params
@@ -40,5 +45,20 @@ module StellarBase
40
45
  :transaction_id,
41
46
  )
42
47
  end
48
+
49
+ def verify_mac_payload
50
+ callback_mac_payload = request.headers["HTTP_X_PAYLOAD_MAC"]
51
+
52
+ result = BridgeCallbacks::VerifyMacPayload.(
53
+ callback_params: callback_params,
54
+ callback_mac_payload: callback_mac_payload,
55
+ )
56
+
57
+ if result.failure?
58
+ log_unsuccessful_callback result.message
59
+ head :bad_request
60
+ end
61
+ end
62
+
43
63
  end
44
64
  end
@@ -0,0 +1,17 @@
1
+ module StellarBase
2
+ module BridgeCallbacks
3
+ module MacPayloads
4
+ class CheckPayload
5
+
6
+ extend LightService::Action
7
+ expects :callback_mac_payload
8
+
9
+ executed do |c|
10
+ unless c.callback_mac_payload.present?
11
+ c.fail_and_return! "HTTP_X_PAYLOAD_MAC not present"
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,21 @@
1
+ module StellarBase
2
+ module BridgeCallbacks
3
+ module MacPayloads
4
+ class Compare
5
+
6
+ extend LightService::Action
7
+ expects :encoded_params, :decoded_payload
8
+
9
+ executed do |c|
10
+ unless c.decoded_payload == c.encoded_params
11
+ message = "HTTP_X_PAYLOAD_MAC and encoded raw POST doesn't match"
12
+ c.fail_and_return! message
13
+ end
14
+
15
+ c.succeed!
16
+ end
17
+ end
18
+ end
19
+ end
20
+ end
21
+
@@ -0,0 +1,19 @@
1
+ module StellarBase
2
+ module BridgeCallbacks
3
+ module MacPayloads
4
+ class DecodeMacKey
5
+
6
+ extend LightService::Action
7
+ promises :decoded_mac_key
8
+
9
+ executed do |c|
10
+ c.decoded_mac_key = Stellar::Util::StrKey.check_decode(
11
+ :seed,
12
+ StellarBase.configuration.bridge_callbacks_mac_key,
13
+ )
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
19
+
@@ -0,0 +1,17 @@
1
+ module StellarBase
2
+ module BridgeCallbacks
3
+ module MacPayloads
4
+ class DecodePayload
5
+
6
+ extend LightService::Action
7
+ expects :callback_mac_payload
8
+ promises :decoded_payload
9
+
10
+ executed do |c|
11
+ c.decoded_payload = Base64.decode64(c.callback_mac_payload)
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
17
+
@@ -0,0 +1,21 @@
1
+ module StellarBase
2
+ module BridgeCallbacks
3
+ module MacPayloads
4
+ class EncodeParams
5
+
6
+ extend LightService::Action
7
+ expects :callback_params, :decoded_mac_key
8
+ promises :encoded_params
9
+
10
+ executed do |c|
11
+ c.encoded_params = OpenSSL::HMAC.digest(
12
+ "SHA256",
13
+ c.decoded_mac_key,
14
+ c.callback_params.to_query,
15
+ )
16
+ end
17
+ end
18
+ end
19
+ end
20
+ end
21
+
@@ -0,0 +1,21 @@
1
+ module StellarBase
2
+ module BridgeCallbacks
3
+ class VerifyMacPayload
4
+ extend LightService::Organizer
5
+
6
+ def self.call(callback_mac_payload:, callback_params:)
7
+ with(
8
+ callback_mac_payload: callback_mac_payload,
9
+ callback_params: callback_params,
10
+ ).reduce(
11
+ MacPayloads::CheckPayload,
12
+ MacPayloads::DecodePayload,
13
+ MacPayloads::DecodeMacKey,
14
+ MacPayloads::EncodeParams,
15
+ MacPayloads::Compare
16
+ )
17
+ end
18
+ end
19
+ end
20
+ end
21
+
data/lib/stellar_base.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require "gem_config"
2
+ require "stellar-base"
2
3
  require "light-service"
3
4
  require "virtus"
4
5
  require "httparty"
@@ -15,8 +16,11 @@ module StellarBase
15
16
  with_configuration do
16
17
  has :horizon_url, default: "https://horizon.stellar.org"
17
18
  has :modules, default: [:bridge_callbacks]
18
- has :check_bridge_callbacks_authenticity, default: false
19
+
19
20
  has :on_bridge_callback
21
+ has :check_bridge_callbacks_authenticity, default: false
22
+ has :check_bridge_callbacks_mac_payload, default: false
23
+ has :bridge_callbacks_mac_key, default: false
20
24
  end
21
25
 
22
26
  def self.included_module?(module_name)
@@ -1,3 +1,3 @@
1
1
  module StellarBase
2
- VERSION = '0.2.1'
2
+ VERSION = '0.3.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stellar_base-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ace Subido
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-05-07 00:00:00.000000000 Z
11
+ date: 2018-05-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: virtus
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: stellar-base
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - '='
88
+ - !ruby/object:Gem::Version
89
+ version: 0.14.0
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '='
95
+ - !ruby/object:Gem::Version
96
+ version: 0.14.0
83
97
  - !ruby/object:Gem::Dependency
84
98
  name: trailblazer
85
99
  requirement: !ruby/object:Gem::Requirement
@@ -207,7 +221,13 @@ files:
207
221
  - app/services/stellar_base/bridge_callbacks/get_operation.rb
208
222
  - app/services/stellar_base/bridge_callbacks/get_transaction.rb
209
223
  - app/services/stellar_base/bridge_callbacks/initialize_horizon_client.rb
224
+ - app/services/stellar_base/bridge_callbacks/mac_payloads/check_payload.rb
225
+ - app/services/stellar_base/bridge_callbacks/mac_payloads/compare.rb
226
+ - app/services/stellar_base/bridge_callbacks/mac_payloads/decode_mac_key.rb
227
+ - app/services/stellar_base/bridge_callbacks/mac_payloads/decode_payload.rb
228
+ - app/services/stellar_base/bridge_callbacks/mac_payloads/encode_params.rb
210
229
  - app/services/stellar_base/bridge_callbacks/process.rb
230
+ - app/services/stellar_base/bridge_callbacks/verify_mac_payload.rb
211
231
  - app/views/layouts/stellar_base/application.html.erb
212
232
  - config/routes.rb
213
233
  - lib/stellar_base-rails.rb