stellar_base-rails 0.2.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +17 -5
- data/app/controllers/stellar_base/bridge_callbacks_controller.rb +25 -5
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/check_payload.rb +17 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/compare.rb +21 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/decode_mac_key.rb +19 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/decode_payload.rb +17 -0
- data/app/services/stellar_base/bridge_callbacks/mac_payloads/encode_params.rb +21 -0
- data/app/services/stellar_base/bridge_callbacks/verify_mac_payload.rb +21 -0
- data/lib/stellar_base.rb +5 -1
- data/lib/stellar_base/version.rb +1 -1
- metadata +22 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a83410d8dc46aa9b3e3a7501ff339f620e4bb16073a5156b935a942249204fcd
|
|
4
|
+
data.tar.gz: b76ff40be0ee4f471c37198856157f152ef041d14736e2fdf0eebfaf42f3a770
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2db9224965d1e88f9f6f8b1deba1e50bcf6ac32c7226da4ba8cbaee737c6d9834b0d663861597cabb65eb9e601e13d6e695b7097d44c73df34ca2e6419f3e7f6
|
|
7
|
+
data.tar.gz: 1bf1a4bd010321297c05638303b681756d1c16089d006e8acdc3e4a50fc438d45ef9a35cd5404d0b73c5f9105ef2a1af505d246a9ea243ae32d09d7401e98224
|
data/README.md
CHANGED
|
@@ -21,8 +21,10 @@ StellarBase.configure do |c|
|
|
|
21
21
|
c.modules = %i(bridge_callbacks)
|
|
22
22
|
c.horizon_url = "https://horizon.stellar.org"
|
|
23
23
|
|
|
24
|
-
c.check_bridge_callbacks_authenticity = true
|
|
25
24
|
c.on_bridge_callback = "StellarBridgeReceive::SaveTxn"
|
|
25
|
+
c.check_bridge_callbacks_authenticity = true
|
|
26
|
+
c.check_bridge_callbacks_mac_payload = false
|
|
27
|
+
c.bridge_callbacks_mac_key = "test"
|
|
26
28
|
end
|
|
27
29
|
```
|
|
28
30
|
|
|
@@ -34,6 +36,11 @@ end
|
|
|
34
36
|
- You can supply what endpoints you want to activate with the gem
|
|
35
37
|
- `bridge_callbacks` - this will mount a HTTP/S POST endpoint that acts as callback receiver for bridge server payments on the path. It will call your `.on_bridge_callback` class.
|
|
36
38
|
|
|
39
|
+
#### c.horizon_url
|
|
40
|
+
- Value(s): String, url to horizon
|
|
41
|
+
- Default: https://horizon.stellar.org
|
|
42
|
+
- This is where the engine will check bridge callbacks if `c.check_bridge_callbacks_authenticity` is turned on
|
|
43
|
+
|
|
37
44
|
#### c.on_bridge_callback
|
|
38
45
|
- Value(s): Class
|
|
39
46
|
- Default: None
|
|
@@ -48,10 +55,15 @@ end
|
|
|
48
55
|
- Default: `false`
|
|
49
56
|
- This secures the `/bridge_callbacks` endpoint from fake transactions by checking the transaction ID and it's contents against the Stellar Blockchain. If it doesn't add up, `/bridge_callbacks` endpoint will respond with a 422
|
|
50
57
|
|
|
51
|
-
#### c.
|
|
52
|
-
- Value(s):
|
|
53
|
-
- Default:
|
|
54
|
-
- This
|
|
58
|
+
#### c.check_bridge_callbacks_mac_payload
|
|
59
|
+
- Value(s): `true` or `false`
|
|
60
|
+
- Default: `false`
|
|
61
|
+
- This secures the `/bridge_callbacks` endpoint from fake transactions by checking the `X_PAYLOAD_MAC` header for 1.) existence and 2.) if it matches the HMAC-SH256 encoded raw request body
|
|
62
|
+
|
|
63
|
+
#### c.bridge_callbacks_mac_key
|
|
64
|
+
- Value(s): Any Stellar Private Key, it should be the same as the mac_key configured in your bridge server
|
|
65
|
+
- Default: None
|
|
66
|
+
- This is used to verify the contents of `X_PAYLOAD_MAC` by encoding the raw request body with the decoded `bridge_callback_mac_key` as the key
|
|
55
67
|
|
|
56
68
|
## Installation
|
|
57
69
|
Add this line to your application's Gemfile:
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module StellarBase
|
|
2
2
|
class BridgeCallbacksController < ApplicationController
|
|
3
3
|
skip_before_action :verify_authenticity_token
|
|
4
|
+
before_action :verify_mac_payload, if: :check_mac_payload?
|
|
4
5
|
|
|
5
6
|
def create
|
|
6
7
|
op = BridgeCallbacks::Operations::Process.(bridge_callback: callback_params)
|
|
@@ -10,7 +11,9 @@ module StellarBase
|
|
|
10
11
|
if op.success?
|
|
11
12
|
head :ok
|
|
12
13
|
else
|
|
13
|
-
|
|
14
|
+
contract = op["contract.default"]
|
|
15
|
+
log_unsuccessful_callback(contract.errors.full_messages)
|
|
16
|
+
|
|
14
17
|
head :unprocessable_entity
|
|
15
18
|
end
|
|
16
19
|
end
|
|
@@ -19,11 +22,13 @@ module StellarBase
|
|
|
19
22
|
|
|
20
23
|
private
|
|
21
24
|
|
|
22
|
-
def
|
|
23
|
-
|
|
25
|
+
def check_mac_payload?
|
|
26
|
+
StellarBase.configuration.check_bridge_callbacks_mac_payload
|
|
27
|
+
end
|
|
24
28
|
|
|
25
|
-
|
|
26
|
-
Rails.logger.warn("
|
|
29
|
+
def log_unsuccessful_callback(error_message)
|
|
30
|
+
Rails.logger.warn("Unsuccessful bridge callback #{callback_params.to_s}")
|
|
31
|
+
Rails.logger.warn("Details: #{error_message}")
|
|
27
32
|
end
|
|
28
33
|
|
|
29
34
|
def callback_params
|
|
@@ -40,5 +45,20 @@ module StellarBase
|
|
|
40
45
|
:transaction_id,
|
|
41
46
|
)
|
|
42
47
|
end
|
|
48
|
+
|
|
49
|
+
def verify_mac_payload
|
|
50
|
+
callback_mac_payload = request.headers["HTTP_X_PAYLOAD_MAC"]
|
|
51
|
+
|
|
52
|
+
result = BridgeCallbacks::VerifyMacPayload.(
|
|
53
|
+
callback_params: callback_params,
|
|
54
|
+
callback_mac_payload: callback_mac_payload,
|
|
55
|
+
)
|
|
56
|
+
|
|
57
|
+
if result.failure?
|
|
58
|
+
log_unsuccessful_callback result.message
|
|
59
|
+
head :bad_request
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
43
63
|
end
|
|
44
64
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class CheckPayload
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :callback_mac_payload
|
|
8
|
+
|
|
9
|
+
executed do |c|
|
|
10
|
+
unless c.callback_mac_payload.present?
|
|
11
|
+
c.fail_and_return! "HTTP_X_PAYLOAD_MAC not present"
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class Compare
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :encoded_params, :decoded_payload
|
|
8
|
+
|
|
9
|
+
executed do |c|
|
|
10
|
+
unless c.decoded_payload == c.encoded_params
|
|
11
|
+
message = "HTTP_X_PAYLOAD_MAC and encoded raw POST doesn't match"
|
|
12
|
+
c.fail_and_return! message
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
c.succeed!
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class DecodeMacKey
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
promises :decoded_mac_key
|
|
8
|
+
|
|
9
|
+
executed do |c|
|
|
10
|
+
c.decoded_mac_key = Stellar::Util::StrKey.check_decode(
|
|
11
|
+
:seed,
|
|
12
|
+
StellarBase.configuration.bridge_callbacks_mac_key,
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class DecodePayload
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :callback_mac_payload
|
|
8
|
+
promises :decoded_payload
|
|
9
|
+
|
|
10
|
+
executed do |c|
|
|
11
|
+
c.decoded_payload = Base64.decode64(c.callback_mac_payload)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
module MacPayloads
|
|
4
|
+
class EncodeParams
|
|
5
|
+
|
|
6
|
+
extend LightService::Action
|
|
7
|
+
expects :callback_params, :decoded_mac_key
|
|
8
|
+
promises :encoded_params
|
|
9
|
+
|
|
10
|
+
executed do |c|
|
|
11
|
+
c.encoded_params = OpenSSL::HMAC.digest(
|
|
12
|
+
"SHA256",
|
|
13
|
+
c.decoded_mac_key,
|
|
14
|
+
c.callback_params.to_query,
|
|
15
|
+
)
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module StellarBase
|
|
2
|
+
module BridgeCallbacks
|
|
3
|
+
class VerifyMacPayload
|
|
4
|
+
extend LightService::Organizer
|
|
5
|
+
|
|
6
|
+
def self.call(callback_mac_payload:, callback_params:)
|
|
7
|
+
with(
|
|
8
|
+
callback_mac_payload: callback_mac_payload,
|
|
9
|
+
callback_params: callback_params,
|
|
10
|
+
).reduce(
|
|
11
|
+
MacPayloads::CheckPayload,
|
|
12
|
+
MacPayloads::DecodePayload,
|
|
13
|
+
MacPayloads::DecodeMacKey,
|
|
14
|
+
MacPayloads::EncodeParams,
|
|
15
|
+
MacPayloads::Compare
|
|
16
|
+
)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
data/lib/stellar_base.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require "gem_config"
|
|
2
|
+
require "stellar-base"
|
|
2
3
|
require "light-service"
|
|
3
4
|
require "virtus"
|
|
4
5
|
require "httparty"
|
|
@@ -15,8 +16,11 @@ module StellarBase
|
|
|
15
16
|
with_configuration do
|
|
16
17
|
has :horizon_url, default: "https://horizon.stellar.org"
|
|
17
18
|
has :modules, default: [:bridge_callbacks]
|
|
18
|
-
|
|
19
|
+
|
|
19
20
|
has :on_bridge_callback
|
|
21
|
+
has :check_bridge_callbacks_authenticity, default: false
|
|
22
|
+
has :check_bridge_callbacks_mac_payload, default: false
|
|
23
|
+
has :bridge_callbacks_mac_key, default: false
|
|
20
24
|
end
|
|
21
25
|
|
|
22
26
|
def self.included_module?(module_name)
|
data/lib/stellar_base/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: stellar_base-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ace Subido
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-05-
|
|
11
|
+
date: 2018-05-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: virtus
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: stellar-base
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - '='
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: 0.14.0
|
|
90
|
+
type: :runtime
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - '='
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: 0.14.0
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: trailblazer
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -207,7 +221,13 @@ files:
|
|
|
207
221
|
- app/services/stellar_base/bridge_callbacks/get_operation.rb
|
|
208
222
|
- app/services/stellar_base/bridge_callbacks/get_transaction.rb
|
|
209
223
|
- app/services/stellar_base/bridge_callbacks/initialize_horizon_client.rb
|
|
224
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/check_payload.rb
|
|
225
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/compare.rb
|
|
226
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/decode_mac_key.rb
|
|
227
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/decode_payload.rb
|
|
228
|
+
- app/services/stellar_base/bridge_callbacks/mac_payloads/encode_params.rb
|
|
210
229
|
- app/services/stellar_base/bridge_callbacks/process.rb
|
|
230
|
+
- app/services/stellar_base/bridge_callbacks/verify_mac_payload.rb
|
|
211
231
|
- app/views/layouts/stellar_base/application.html.erb
|
|
212
232
|
- config/routes.rb
|
|
213
233
|
- lib/stellar_base-rails.rb
|