stellar_base-rails 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +17 -5
- data/app/controllers/stellar_base/bridge_callbacks_controller.rb +25 -5
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/check_payload.rb +17 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/compare.rb +21 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/decode_mac_key.rb +19 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/decode_payload.rb +17 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/encode_params.rb +21 -0
- data/app/services/stellar_base/bridge_callbacks/verify_mac_payload.rb +21 -0
- data/lib/stellar_base.rb +5 -1
- data/lib/stellar_base/version.rb +1 -1
- metadata +22 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a83410d8dc46aa9b3e3a7501ff339f620e4bb16073a5156b935a942249204fcd
|
|
4
|
+
data.tar.gz: b76ff40be0ee4f471c37198856157f152ef041d14736e2fdf0eebfaf42f3a770
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2db9224965d1e88f9f6f8b1deba1e50bcf6ac32c7226da4ba8cbaee737c6d9834b0d663861597cabb65eb9e601e13d6e695b7097d44c73df34ca2e6419f3e7f6
|
|
7
|
+
data.tar.gz: 1bf1a4bd010321297c05638303b681756d1c16089d006e8acdc3e4a50fc438d45ef9a35cd5404d0b73c5f9105ef2a1af505d246a9ea243ae32d09d7401e98224
|
data/README.md
CHANGED
|
@@ -21,8 +21,10 @@ StellarBase.configure do |c|
|
|
|
21
21
|
c.modules = %i(bridge_callbacks)
|
|
22
22
|
c.horizon_url = "https://horizon.stellar.org"
|
|
23
23
|
|
|
24
|
-
c.check_bridge_callbacks_authenticity = true
|
|
25
24
|
c.on_bridge_callback = "StellarBridgeReceive::SaveTxn"
|
|
25
|
+
c.check_bridge_callbacks_authenticity = true
|
|
26
|
+
c.check_bridge_callbacks_mac_payload = false
|
|
27
|
+
c.bridge_callbacks_mac_key = "test"
|
|
26
28
|
end
|
|
27
29
|
```
|
|
28
30
|
|
|
@@ -34,6 +36,11 @@ end
|
|
|
34
36
|
- You can supply what endpoints you want to activate with the gem
|
|
35
37
|
- `bridge_callbacks` - this will mount a HTTP/S POST endpoint that acts as callback receiver for bridge server payments on the path. It will call your `.on_bridge_callback` class.
|
|
36
38
|
|
|
39
|
+
#### c.horizon_url
|
|
40
|
+
- Value(s): String, url to horizon
|
|
41
|
+
- Default: https://horizon.stellar.org
|
|
42
|
+
- This is where the engine will check bridge callbacks if `c.check_bridge_callbacks_authenticity` is turned on
|
|
43
|
+
|
|
37
44
|
#### c.on_bridge_callback
|
|
38
45
|
- Value(s): Class
|
|
39
46
|
- Default: None
|
|
@@ -48,10 +55,15 @@ end
|
|
|
48
55
|
- Default: `false`
|
|
49
56
|
- This secures the `/bridge_callbacks` endpoint from fake transactions by checking the transaction ID and it's contents against the Stellar Blockchain. If it doesn't add up, `/bridge_callbacks` endpoint will respond with a 422
|
|
50
57
|
|
|
51
|
-
#### c.
|
|
52
|
-
- Value(s):
|
|
53
|
-
- Default:
|
|
54
|
-
- This
|
|
58
|
+
#### c.check_bridge_callbacks_mac_payload
|
|
59
|
+
- Value(s): `true` or `false`
|
|
60
|
+
- Default: `false`
|
|
61
|
+
- This secures the `/bridge_callbacks` endpoint from fake transactions by checking the `X_PAYLOAD_MAC` header for 1.) existence and 2.) if it matches the HMAC-SH256 encoded raw request body
|
|
62
|
+
|
|
63
|
+
#### c.bridge_callbacks_mac_key
|
|
64
|
+
- Value(s): Any Stellar Private Key, it should be the same as the mac_key configured in your bridge server
|
|
65
|
+
- Default: None
|
|
66
|
+
- This is used to verify the contents of `X_PAYLOAD_MAC` by encoding the raw request body with the decoded `bridge_callback_mac_key` as the key
|
|
55
67
|
|
|
56
68
|
## Installation
|
|
57
69
|
Add this line to your application's Gemfile:
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module StellarBase
|
|
2
2
|
class BridgeCallbacksController < ApplicationController
|
|
3
3
|
skip_before_action :verify_authenticity_token
|
|
4
|
+
before_action :verify_mac_payload, if: :check_mac_payload?
|
|
4
5
|
|
|
5
6
|
def create
|
|
6
7
|
op = BridgeCallbacks::Operations::Process.(bridge_callback: callback_params)
|
|
@@ -10,7 +11,9 @@ module StellarBase
|
|
|
10
11
|
if op.success?
|
|
11
12
|
head :ok
|
|
12
13
|
else
|
|
13
|
-
|
|
14
|
+
contract = op["contract.default"]
|
|
15
|
+
log_unsuccessful_callback(contract.errors.full_messages)
|
|
16
|
+
|
|
14
17
|
head :unprocessable_entity
|
|
15
18
|
end
|
|
16
19
|
end
|
|
@@ -19,11 +22,13 @@ module StellarBase
|
|
|
19
22
|
|
|
20
23
|
private
|
|
21
24
|
|
|
22
|
-
def
|
|
23
|
-
|
|
25
|
+
def check_mac_payload?
|
|
26
|
+
StellarBase.configuration.check_bridge_callbacks_mac_payload
|
|
27
|
+
end
|
|
24
28
|
|
|
25
|
-
|
|
26
|
-
Rails.logger.warn("
|
|
29
|
+
def log_unsuccessful_callback(error_message)
|
|
30
|
+
Rails.logger.warn("Unsuccessful bridge callback #{callback_params.to_s}")
|
|
31
|
+
Rails.logger.warn("Details: #{error_message}")
|
|
27
32
|
end
|
|
28
33
|
|
|
29
34
|
def callback_params
|
|
@@ -40,5 +45,20 @@ module StellarBase
|
|
|
40
45
|
:transaction_id,
|
|
41
46
|
)
|
|
42
47
|
end
|
|
48
|
+
|
|
49
|
+
def verify_mac_payload
|
|
50
|
+
callback_mac_payload = request.headers["HTTP_X_PAYLOAD_MAC"]
|
|
51
|
+
|
|
52
|
+
result = BridgeCallbacks::VerifyMacPayload.(
|
|
53
|
+
callback_params: callback_params,
|
|
54
|
+
callback_mac_payload: callback_mac_payload,
|
|
55
|
+
)
|
|
56
|
+
|
|
57
|
+
if result.failure?
|
|
58
|
+
log_unsuccessful_callback result.message
|
|
59
|
+
head :bad_request
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
43
63
|
end
|
|
44
64
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class CheckPayload
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :callback_mac_payload
|
|
8
|
+
|
|
9
|
+
executed do |c|
|
|
10
|
+
unless c.callback_mac_payload.present?
|
|
11
|
+
c.fail_and_return! "HTTP_X_PAYLOAD_MAC not present"
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class Compare
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :encoded_params, :decoded_payload
|
|
8
|
+
|
|
9
|
+
executed do |c|
|
|
10
|
+
unless c.decoded_payload == c.encoded_params
|
|
11
|
+
message = "HTTP_X_PAYLOAD_MAC and encoded raw POST doesn't match"
|
|
12
|
+
c.fail_and_return! message
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
c.succeed!
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class DecodeMacKey
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
promises :decoded_mac_key
|
|
8
|
+
|
|
9
|
+
executed do |c|
|
|
10
|
+
c.decoded_mac_key = Stellar::Util::StrKey.check_decode(
|
|
11
|
+
:seed,
|
|
12
|
+
StellarBase.configuration.bridge_callbacks_mac_key,
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class DecodePayload
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :callback_mac_payload
|
|
8
|
+
promises :decoded_payload
|
|
9
|
+
|
|
10
|
+
executed do |c|
|
|
11
|
+
c.decoded_payload = Base64.decode64(c.callback_mac_payload)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class EncodeParams
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :callback_params, :decoded_mac_key
|
|
8
|
+
promises :encoded_params
|
|
9
|
+
|
|
10
|
+
executed do |c|
|
|
11
|
+
c.encoded_params = OpenSSL::HMAC.digest(
|
|
12
|
+
"SHA256",
|
|
13
|
+
c.decoded_mac_key,
|
|
14
|
+
c.callback_params.to_query,
|
|
15
|
+
)
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
class VerifyMacPayload
|
|
4
|
+
extend LightService::Organizer
|
|
5
|
+
|
|
6
|
+
def self.call(callback_mac_payload:, callback_params:)
|
|
7
|
+
with(
|
|
8
|
+
callback_mac_payload: callback_mac_payload,
|
|
9
|
+
callback_params: callback_params,
|
|
10
|
+
).reduce(
|
|
11
|
+
MacPayloads::CheckPayload,
|
|
12
|
+
MacPayloads::DecodePayload,
|
|
13
|
+
MacPayloads::DecodeMacKey,
|
|
14
|
+
MacPayloads::EncodeParams,
|
|
15
|
+
MacPayloads::Compare
|
|
16
|
+
)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
data/lib/stellar_base.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require "gem_config"
|
|
2
|
+
require "stellar-base"
|
|
2
3
|
require "light-service"
|
|
3
4
|
require "virtus"
|
|
4
5
|
require "httparty"
|
|
@@ -15,8 +16,11 @@ module StellarBase
|
|
|
15
16
|
with_configuration do
|
|
16
17
|
has :horizon_url, default: "https://horizon.stellar.org"
|
|
17
18
|
has :modules, default: [:bridge_callbacks]
|
|
18
|
-
|
|
19
|
+
|
|
19
20
|
has :on_bridge_callback
|
|
21
|
+
has :check_bridge_callbacks_authenticity, default: false
|
|
22
|
+
has :check_bridge_callbacks_mac_payload, default: false
|
|
23
|
+
has :bridge_callbacks_mac_key, default: false
|
|
20
24
|
end
|
|
21
25
|
|
|
22
26
|
def self.included_module?(module_name)
|
data/lib/stellar_base/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stellar_base-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ace Subido
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-05-
|
|
11
|
+
date: 2018-05-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: virtus
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: stellar-base
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - '='
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: 0.14.0
|
|
90
|
+
type: :runtime
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - '='
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: 0.14.0
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: trailblazer
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -207,7 +221,13 @@ files:
|
|
|
207
221
|
- app/services/stellar_base/bridge_callbacks/get_operation.rb
|
|
208
222
|
- app/services/stellar_base/bridge_callbacks/get_transaction.rb
|
|
209
223
|
- app/services/stellar_base/bridge_callbacks/initialize_horizon_client.rb
|
|
224
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/check_payload.rb
|
|
225
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/compare.rb
|
|
226
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/decode_mac_key.rb
|
|
227
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/decode_payload.rb
|
|
228
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/encode_params.rb
|
|
210
229
|
- app/services/stellar_base/bridge_callbacks/process.rb
|
|
230
|
+
- app/services/stellar_base/bridge_callbacks/verify_mac_payload.rb
|
|
211
231
|
- app/views/layouts/stellar_base/application.html.erb
|
|
212
232
|
- config/routes.rb
|
|
213
233
|
- lib/stellar_base-rails.rb
|