straight-server 0.2.2 → 0.2.3

data/lib/straight-server/initializer.rb

@@ -3,6 +3,7 @@ module StraightServer
   module Initializer
 
     GEM_ROOT = File.expand_path('../..', File.dirname(__FILE__))
+    MIGRATIONS_ROOT = GEM_ROOT + '/db/migrations/'
 
     module ConfigDir
 
@@ -52,13 +53,13 @@ module StraightServer
       FileUtils.mkdir_p(ConfigDir.path) unless File.exist?(ConfigDir.path)
 
       unless File.exist?(ConfigDir.path + '/addons.yml')
-        puts "\e[1;33mNOTICE!\e[0m \e[33mNo file ~/.straight/addons.yml was found. Created an empty sample for you.\e[0m"
+        puts "\e[1;33mNOTICE!\e[0m \e[33mNo file #{ConfigDir.path}/addons.yml was found. Created an empty sample for you.\e[0m"
         puts "No need to restart until you actually list your addons there. Now will continue loading StraightServer."
-        FileUtils.cp(GEM_ROOT + '/templates/addons.yml', ENV['HOME'] + '/.straight/') 
+        FileUtils.cp(GEM_ROOT + '/templates/addons.yml', ConfigDir.path)
       end
 
       unless File.exist?(ConfigDir.path + '/server_secret')
-        puts "\e[1;33mNOTICE!\e[0m \e[33mNo file ~/.straight/server_secret was found. Created one for you.\e[0m"
+        puts "\e[1;33mNOTICE!\e[0m \e[33mNo file #{ConfigDir.path}/server_secret was found. Created one for you.\e[0m"
         puts "No need to restart so far. Now will continue loading StraightServer."
         File.open(ConfigDir.path + '/server_secret', "w") do |f|
           f.puts String.random(16)
@@ -66,10 +67,10 @@ module StraightServer
       end
 
       unless File.exist?(ConfigDir.path + '/config.yml')
-        puts "\e[1;33mWARNING!\e[0m \e[33mNo file ~/.straight/config was found. Created a sample one for you.\e[0m"
+        puts "\e[1;33mWARNING!\e[0m \e[33mNo file #{ConfigDir.path}/config.yml was found. Created a sample one for you.\e[0m"
         puts "You should edit it and try starting the server again.\n"
 
-        FileUtils.cp(GEM_ROOT + '/templates/config.yml', ENV['HOME'] + '/.straight/') 
+        FileUtils.cp(GEM_ROOT + '/templates/config.yml', ConfigDir.path)
         puts "Shutting down now.\n\n"
         exit
       end
@@ -106,12 +107,12 @@ module StraightServer
 
     def run_migrations
       print "\nPending migrations for the database detected. Migrating..."
-      Sequel::Migrator.run(StraightServer.db_connection, GEM_ROOT + '/db/migrations/')
+      Sequel::Migrator.run(StraightServer.db_connection, MIGRATIONS_ROOT)
       print "done\n\n"
     end
 
     def migrations_pending?
-      !Sequel::Migrator.is_current?(StraightServer.db_connection, GEM_ROOT + '/db/migrations/')
+      !Sequel::Migrator.is_current?(StraightServer.db_connection, MIGRATIONS_ROOT)
     end
 
     def create_logger

data/lib/straight-server/order.rb

@@ -7,8 +7,15 @@ module StraightServer
     plugin :timestamps, create: :created_at, update: :updated_at
 
     plugin :serialization
-    serialize_attributes :marshal, :callback_response
+
+    # Additional data that can be passed and stored with each order. Not returned with the callback.
     serialize_attributes :marshal, :data
+    
+    # data that was provided by the merchan upon order creation and is sent back with the callback
+    serialize_attributes :marshal, :callback_data     
+
+    # stores the response of the server to which the callback is issued
+    serialize_attributes :marshal, :callback_response 
 
     plugin :after_initialize
     def after_initialize
@@ -59,7 +66,7 @@ module StraightServer
     end
 
     def to_h
-      super.merge({ id: id, payment_id: payment_id, amount_in_btc: amount_in_btc(as: :string) })
+      super.merge({ id: id, payment_id: payment_id, amount_in_btc: amount_in_btc(as: :string), keychain_id: keychain_id, last_keychain_id: self.gateway.last_keychain_id })
     end
 
     def to_json
@@ -73,16 +80,16 @@ module StraightServer
       errors.add(:gateway_id, "is invalid") if !gateway_id.kind_of?(Numeric) || gateway_id <= 0
       errors.add(:description, "should be shorter than 255 charachters") if description.kind_of?(String) && description.length > 255
       errors.add(:gateway, "is inactive, cannot create order for inactive gateway") unless gateway.active
-      validates_unique   :id, :address, [:keychain_id, :gateway_id]
+      validates_unique   :id
       validates_presence [:address, :keychain_id, :gateway_id, :amount]
     end
 
     def to_http_params
-      "order_id=#{id}&amount=#{amount}&status=#{status}&address=#{address}&tid=#{tid}"
+      "order_id=#{id}&amount=#{amount}&amount_in_btc=#{amount_in_btc(as: :string)}&status=#{status}&address=#{address}&tid=#{tid}&keychain_id=#{keychain_id}&last_keychain_id=#{@gateway.last_keychain_id}"
     end
 
     def before_create
-      self.payment_id = gateway.sign_with_secret("#{keychain_id}#{amount}#{created_at}")
+      self.payment_id = gateway.sign_with_secret("#{keychain_id}#{amount}#{created_at}#{(Order.max(:id) || 0)+1}")
 
       # Save info about current exchange rate at the time of purchase
       unless gateway.default_currency == 'BTC'

data/lib/straight-server/orders_controller.rb

@@ -1,3 +1,5 @@
+require_relative './throttler'
+
 module StraightServer
 
   class OrdersController
@@ -13,34 +15,52 @@ module StraightServer
     end
 
     def create
-      
+
       unless @gateway
         StraightServer.logger.warn "Gateway not found"
         return [404, {}, "Gateway not found" ]
       end
 
+      unless @gateway.check_signature
+        ip = @env['HTTP_X_FORWARDED_FOR'].to_s
+        ip = @env['REMOTE_ADDR'] if ip.empty?
+        if StraightServer::Throttler.new(@gateway.id).deny?(ip)
+          StraightServer.logger.warn message = "Too many requests, please try again later"
+          return [429, {}, message]
+        end
+      end
+
       begin
+
+        # This is to inform users of previous version of a deprecated param
+        # It will have to be removed at some point.
+        if @params['order_id']
+          return [409, {}, "Error: order_id is no longer a valid param. Use keychain_id instead and consult the documentation." ]
+        end
+
         order_data = {
           amount:           @params['amount'], # this is satoshi
           currency:         @params['currency'],
           btc_denomination: @params['btc_denomination'],
-          keychain_id:      @params['order_id'],
+          keychain_id:      @params['keychain_id'],
           signature:        @params['signature'],
+          callback_data:    @params['callback_data'],
           data:             @params['data']
         }
         order = @gateway.create_order(order_data)
         StraightServer::Thread.new do
           # Because this is a new thread, we have to wrap the code inside in #watch_exceptions
-          # once again. Otherwise, not watching is done. Oh, threads!
+          # once again. Otherwise, no watching is done. Oh, threads!
           StraightServer.logger.watch_exceptions do
             order.start_periodic_status_check
           end
         end
+        order = add_callback_data_warning(order)
         [200, {}, order.to_json ]
       rescue Sequel::ValidationFailed => e
         StraightServer.logger.warn(
           "VALIDATION ERRORS in order, cannot create it:\n" +
-          "#{e.message.split(",").each_with_index.map { |e,i| "#{i+1}. #{e.lstrip}"}.join("\n") }\n" + 
+          "#{e.message.split(",").each_with_index.map { |e,i| "#{i+1}. #{e.lstrip}"}.join("\n") }\n" +
           "Order data: #{order_data.inspect}\n"
         )
         [409, {}, "Invalid order: #{e.message}" ]
@@ -62,7 +82,8 @@ module StraightServer
         return [404, {}, "Gateway not found" ]
       end
 
-      order = Order[@params['id']] || (@params['id'] =~ /[^\d]+/ && Order[:payment_id => @params['id']])
+      order = find_order
+
       if order
         order.status(reload: true)
         order.save if order.status_changed?
@@ -71,13 +92,8 @@ module StraightServer
     end
 
     def websocket
-      
-      order = if @params['id'] =~ /[^\d]+/
-        Order[:payment_id => @params['id']]
-      else
-        Order[@params['id']]
-      end
 
+      order = find_order
       if order
         begin
           @gateway.add_websocket_for_order ws = Faye::WebSocket.new(@env), order
@@ -93,7 +109,7 @@ module StraightServer
     private
 
       def dispatch
-        
+
         StraightServer.logger.blank_lines
         StraightServer.logger.info "#{@method} #{@env['REQUEST_PATH']}\n#{@params}"
 
@@ -110,7 +126,23 @@ module StraightServer
         elsif @request_path[3].nil?# && @method == 'POST'
           create
         end
-        @response = [404, {}, "#{@method} /#{@request_path.join('/')} Not found"] if @response.nil? 
+        @response = [404, {}, "#{@method} /#{@request_path.join('/')} Not found"] if @response.nil?
+      end
+
+      def find_order
+        if @params['id'] =~ /[^\d]+/
+          Order[:payment_id => @params['id']]
+        else
+          Order[@params['id']]
+        end
+      end
+
+      def add_callback_data_warning(order)
+        o = order.to_h
+        if @params['data'].kind_of?(String) && @params['callback_data'].nil?
+          o[:WARNING] = "Maybe you meant to use callback_data? The API has changed now. Consult the documentation."
+        end
+        o
       end
 
   end

data/lib/straight-server/throttler.rb

@@ -0,0 +1,63 @@
+module StraightServer
+  class Throttler
+
+    def initialize(gateway_id)
+      @id    = "gateway_#{gateway_id}"
+      @redis = Config.redis && Config.redis[:connection]
+      @limit = @period = @ip_ban_duration = 0
+      if Config.throttle
+        @limit           = Config.throttle[:requests_limit].to_i
+        @period          = Config.throttle[:period].to_i # in seconds
+        @ip_ban_duration = Config.throttle[:ip_ban_duration].to_i # in seconds
+      end
+    end
+
+    # @param [String] ip address
+    # @return [Boolean|Nil] true if request should be rejected,
+    #                       false if request should be served,
+    #                       nil if redis is not available
+    def deny?(ip)
+      banned?(ip) || throttled?(ip)
+    end
+
+    private
+
+    def throttled?(ip)
+      return false if @limit <= 0 || @period <= 0
+      return unless @redis
+      key   = throttled_key(ip)
+      value = @redis.incr(key)
+      @redis.expire key, @period * 2
+      if value > @limit
+        ban ip
+        true
+      else
+        false
+      end
+    end
+
+    def banned?(ip)
+      return false if @ip_ban_duration <= 0
+      return unless @redis
+      value = @redis.get(banned_key(ip)).to_i
+      if value > 0
+        Time.now.to_i <= value + @ip_ban_duration
+      else
+        false
+      end
+    end
+
+    def ban(ip)
+      return if @ip_ban_duration <= 0
+      @redis.set banned_key(ip), Time.now.to_i, ex: @ip_ban_duration
+    end
+
+    def throttled_key(ip)
+      "#{Config.redis[:prefix]}:Throttle:#{@id}:#{@period}_#{@limit}:#{Time.now.to_i / @period}:#{ip}"
+    end
+
+    def banned_key(ip)
+      "#{Config.redis[:prefix]}:BannedIP:#{ip}"
+    end
+  end
+end

data/lib/tasks/db.rake

@@ -0,0 +1,42 @@
+require_relative '../straight-server'
+
+namespace :db do
+  task :environment do
+    include StraightServer::Initializer
+    ConfigDir.set!
+    create_config_files
+    read_config_file
+    connect_to_db
+  end
+
+  desc "Migrates the database"
+  task :migrate, [:step] => :environment do |t, args|
+    target = args[:step] && (step = args[:step].to_i) > 0 ?
+               current_migration_version + step : nil
+
+    Sequel::Migrator.run(StraightServer.db_connection, MIGRATIONS_ROOT, target: target)
+    dump_schema
+  end
+
+  desc "Rollbacks database migrations"
+  task :rollback, [:step] => :environment do |t, args|
+    target = args[:step] && (step = args[:step].to_i) > 0 ?
+      current_migration_version - step : 0
+
+    Sequel::Migrator.run(StraightServer.db_connection, MIGRATIONS_ROOT, target: target)
+    dump_schema
+  end
+
+  def current_migration_version
+    db = StraightServer.db_connection
+
+    Sequel::Migrator.migrator_class(MIGRATIONS_ROOT).new(db, MIGRATIONS_ROOT, {}).current
+  end
+
+  def dump_schema
+    StraightServer.db_connection.extension :schema_dumper
+    open('db/schema.rb', 'w') do |f|
+      f.puts StraightServer.db_connection.dump_schema_migration(same_db: false)
+    end
+  end
+end

data/spec/.straight/config.yml

@@ -4,11 +4,12 @@ gateways_source: config
 environment: test
 count_orders: true
 expiration_overtime: 0
+reuse_address_orders_threshold: 5
 
 gateways:
 
   default:
-    pubkey: 'xpub-000'
+    pubkey: 'xpub6Arp6y5VVQzq3LWTHz7gGsGKAdM697RwpWgauxmyCybncqoAYim6P63AasNKSy3VUAYXFj7tN2FZ9CM9W7yTfmerdtAPU4amuSNjEKyDeo6'
     confirmations_required: 0
     order_class: "StraightServer::Order"
     secret: 'secret'
@@ -22,7 +23,7 @@ gateways:
       - Bitstamp
     active: true
   second_gateway:
-    pubkey: 'xpub-001'
+    pubkey: 'xpub6AH1Ymkkrwk3TaMrVrXBCpcGajKc9a1dAJBTKr1i4GwYLgLk7WDvPtN1o1cAqS5DZ9CYzn3gZtT7BHEP4Qpsz24UELTncPY1Zsscsm3ajmX'
     confirmations_required: 0
     order_class: "StraightServer::Order"
     secret: 'secret'

data/spec/lib/gateway_spec.rb

@@ -6,6 +6,7 @@ RSpec.describe StraightServer::Gateway do
     @gateway = StraightServer::GatewayOnConfig.find_by_id(1)
     @order_mock = double("order mock")
     allow(@order_mock).to receive(:old_status)
+    allow(@order_mock).to receive(:reused).and_return(0)
     [:id, :gateway=, :save, :to_h, :id=].each { |m| allow(@order_mock).to receive(m) }
     @order_for_keychain_id_args = { amount: 1, keychain_id: 1, currency: nil, btc_denomination: nil }
   end
@@ -47,6 +48,76 @@ RSpec.describe StraightServer::Gateway do
     expect(@gateway.blockchain_adapters.map(&:class)).to eq([Straight::Blockchain::BlockchainInfoAdapter, Straight::Blockchain::MyceliumAdapter])
   end
 
+  it "updates last_keychain_id to the new value provided in keychain_id if it's larger than the last_keychain_id" do
+    @gateway.create_order(amount: 2252.706, currency: 'USD', signature: hmac_sha256('100', 'secret'), keychain_id: 100)
+    expect(@gateway.last_keychain_id).to eq(100) 
+    @gateway.create_order(amount: 2252.706, currency: 'USD', signature: hmac_sha256('150', 'secret'), keychain_id: 150)
+    expect(@gateway.last_keychain_id).to eq(150) 
+    @gateway.create_order(amount: 2252.706, currency: 'USD', signature: hmac_sha256('50', 'secret'), keychain_id: 50)
+  end
+
+  context "reusing addresses" do
+
+    # Config.reuse_address_orders_threshold for the test env is 5
+    
+    before(:each) do
+      @gateway = StraightServer::GatewayOnConfig.find_by_id(2)
+      allow(@gateway).to receive(:order_status_changed).with(anything).and_return([])
+      allow(@gateway).to receive(:fetch_transactions_for).with(anything).and_return([])
+      create_list(:order, 4, status: StraightServer::Order::STATUSES[:expired], gateway_id: @gateway.id)
+      create_list(:order, 2, status: StraightServer::Order::STATUSES[:paid],    gateway_id: @gateway.id)
+      @expired_orders_1 = create_list(:order, 5, status: StraightServer::Order::STATUSES[:expired], gateway_id: @gateway.id)
+      @expired_orders_2 = create_list(:order, 2, status: StraightServer::Order::STATUSES[:expired], gateway_id: @gateway.id)
+    end
+
+    it "finds all expired orders that follow in a row" do
+      expect(@gateway.send(:find_expired_orders_row).size).to eq(5)
+      expect(@gateway.send(:find_expired_orders_row).map(&:id)).to     include(*@expired_orders_1.map(&:id))
+      expect(@gateway.send(:find_expired_orders_row).map(&:id)).not_to include(*@expired_orders_2.map(&:id))
+    end
+
+    it "picks an expired order which address is going to be reused" do
+      expect(@gateway.find_reusable_order).to eq(@expired_orders_1.last)
+    end
+     
+    it "picks an expired order which address is going to be reused only when this address received no transactions" do
+      allow(@gateway).to receive(:fetch_transactions_for).with(@expired_orders_1.last.address).and_return(['transaction'])
+      expect(@gateway.find_reusable_order).to eq(nil)
+    end
+
+    it "creates a new order with a reused address" do
+      reused_order = @expired_orders_1.last
+      order        = @gateway.create_order(amount: 2252.706, currency: 'USD')
+      expect(order.keychain_id).to eq(reused_order.keychain_id)
+      expect(order.address).to     eq(@gateway.address_for_keychain_id(reused_order.keychain_id)) 
+      expect(order.reused).to      eq(1)
+    end
+
+    it "doesn't increment last_keychain_id if order is reused" do
+      last_keychain_id = @gateway.last_keychain_id
+      order = @gateway.create_order(amount: 2252.706, currency: 'USD')
+      expect(@gateway.last_keychain_id).to eq(last_keychain_id) 
+
+      order.status = StraightServer::Order::STATUSES[:paid]
+      order.save
+      order_2 = @gateway.create_order(amount: 2252.706, currency: 'USD')
+      expect(@gateway.last_keychain_id).to eq(last_keychain_id+1) 
+    end
+
+    it "after the reused order was paid, gives next order a new keychain_id" do
+      order = @gateway.create_order(amount: 2252.706, currency: 'USD')
+      order.status = StraightServer::Order::STATUSES[:expired]
+      order.save
+      expect(order.keychain_id).to eq(@expired_orders_1.last.keychain_id) 
+
+      order = @gateway.create_order(amount: 2252.706, currency: 'USD')
+      order.status = StraightServer::Order::STATUSES[:paid]
+      order.save
+      expect(@gateway.send(:find_expired_orders_row).map(&:id)).to be_empty
+    end
+
+  end
+
   context "callback url" do
 
     before(:each) do
@@ -75,7 +146,7 @@ RSpec.describe StraightServer::Gateway do
     it "signs the callback if gateway has a secret" do
       @gateway = StraightServer::GatewayOnConfig.find_by_id(1) # Gateway 1 requires signatures
       expect(@response_mock).to receive(:code).twice.and_return("200")
-      expect(URI).to receive(:parse).with('http://localhost:3000/payment-callback?' + @order.to_http_params + "&signature=#{hmac_sha256(hmac_sha256(@order.id, 'secret'), 'secret')}")
+      expect(URI).to receive(:parse).with('http://localhost:3000/payment-callback?' + @order.to_http_params + "&signature=#{hmac_sha256(@order.id, 'secret')}")
       expect(Net::HTTP).to receive(:get_response).and_return(@response_mock)
       @gateway.order_status_changed(@order)
     end
@@ -83,10 +154,10 @@ RSpec.describe StraightServer::Gateway do
     it "receives random data in :data params and sends it back in a callback request" do
       @order.data = 'some random data'
       expect(@gateway).to receive(:order_for_keychain_id).with(@order_for_keychain_id_args).once.and_return(@order)
-      @gateway.create_order(amount: 1, data: 'some random data')
+      @gateway.create_order(amount: 1, callback_data: 'some random data')
       expect(@response_mock).to receive(:code).twice.and_return("200")
       expect(Net::HTTP).to receive(:get_response).and_return(@response_mock)
-      expect(URI).to receive(:parse).with('http://localhost:3001/payment-callback?' + @order.to_http_params + "&data=#{@order.data}")
+      expect(URI).to receive(:parse).with('http://localhost:3001/payment-callback?' + @order.to_http_params + "&callback_data=#{@order.data}")
       @gateway.order_status_changed(@order)
     end
 
@@ -152,12 +223,12 @@ RSpec.describe StraightServer::Gateway do
       expect(gateway1).to be_kind_of(StraightServer::GatewayOnConfig)
       expect(gateway2).to be_kind_of(StraightServer::GatewayOnConfig)
 
-      expect(gateway1.pubkey).to eq('xpub-000') 
+      expect(gateway1.pubkey).to eq('xpub6Arp6y5VVQzq3LWTHz7gGsGKAdM697RwpWgauxmyCybncqoAYim6P63AasNKSy3VUAYXFj7tN2FZ9CM9W7yTfmerdtAPU4amuSNjEKyDeo6') 
       expect(gateway1.confirmations_required).to eq(0) 
       expect(gateway1.order_class).to eq("StraightServer::Order") 
       expect(gateway1.name).to eq("default") 
 
-      expect(gateway2.pubkey).to eq('xpub-001') 
+      expect(gateway2.pubkey).to eq('xpub6AH1Ymkkrwk3TaMrVrXBCpcGajKc9a1dAJBTKr1i4GwYLgLk7WDvPtN1o1cAqS5DZ9CYzn3gZtT7BHEP4Qpsz24UELTncPY1Zsscsm3ajmX') 
       expect(gateway2.confirmations_required).to eq(0) 
       expect(gateway2.order_class).to eq("StraightServer::Order") 
       expect(gateway2.name).to eq("second_gateway") 
@@ -166,7 +237,8 @@ RSpec.describe StraightServer::Gateway do
     it "saves and retrieves last_keychain_id from the file in the .straight dir" do
       @gateway.check_signature = false
       expect(File.read("#{ENV['HOME']}/.straight/default_last_keychain_id").to_i).to eq(0)
-      @gateway.increment_last_keychain_id!
+      @gateway.update_last_keychain_id
+      @gateway.save
       expect(File.read("#{ENV['HOME']}/.straight/default_last_keychain_id").to_i).to eq(1)
 
       expect(@gateway).to receive(:order_for_keychain_id).with(@order_for_keychain_id_args.merge({ keychain_id: 2})).once.and_return(@order_mock)
@@ -201,7 +273,8 @@ RSpec.describe StraightServer::Gateway do
       @gateway.check_signature = false
       @gateway.save
       expect(DB[:gateways][:name => 'default'][:last_keychain_id]).to eq(0)
-      @gateway.increment_last_keychain_id!
+      @gateway.update_last_keychain_id
+      @gateway.save
       expect(DB[:gateways][:name => 'default'][:last_keychain_id]).to eq(1)
 
       expect(@gateway).to receive(:order_for_keychain_id).with(@order_for_keychain_id_args.merge({ keychain_id: 2})).once.and_return(@order_mock)
@@ -210,11 +283,17 @@ RSpec.describe StraightServer::Gateway do
     end
 
     it "encryptes and decrypts the gateway secret" do
-      expect(@gateway.send(:encrypt_secret)).to eq("96c1c24edff5c1c2:6THJEZqg+2qlDhtWE2Tytg==")
-      expect(@gateway.send(:decrypt_secret)).to eq("secret")
+      expect(@gateway.save)
+      expect(@gateway[:secret]).to eq("96c1c24edff5c1c2:6THJEZqg+2qlDhtWE2Tytg==")
       expect(@gateway.secret).to eq("secret")
     end
 
+    it "re-encrypts the new gateway secrect if it was changed" do
+      @gateway.save
+      @gateway.update(secret: 'new secret', update_secret: true)
+      expect(@gateway.secret).to eq("new secret")
+    end
+
     it "finds orders using #find_by_id method which is essentially an alias for Gateway[]" do
       @gateway.save
       expect(StraightServer::GatewayOnDB.find_by_id(@gateway.id)).to eq(@gateway)

data/spec/lib/order_spec.rb

@@ -13,6 +13,7 @@ RSpec.describe StraightServer::Order do
     allow(@gateway).to receive(:increment_order_counter!)
     allow(@gateway).to receive(:current_exchange_rate).and_return(111)
     allow(@gateway).to receive(:default_currency).and_return('USD')
+    allow(@gateway).to receive(:last_keychain_id).and_return(222)
     @order = create(:order, gateway_id: @gateway.id)
     allow(@gateway).to receive(:fetch_transactions_for).with(anything).and_return([])
     allow(@gateway).to receive(:order_status_changed).with(anything)
@@ -28,11 +29,11 @@ RSpec.describe StraightServer::Order do
 
   it "prepares data as http params" do
     allow(@order).to receive(:tid).and_return("tid1")
-    expect(@order.to_http_params).to eq("order_id=#{@order.id}&amount=10&status=#{@order.status}&address=#{@order.address}&tid=tid1")
+    expect(@order.to_http_params).to eq("order_id=#{@order.id}&amount=10&amount_in_btc=#{@order.amount_in_btc(as: :string)}&status=#{@order.status}&address=#{@order.address}&tid=tid1&keychain_id=#{@order.keychain_id}&last_keychain_id=#{@order.gateway.last_keychain_id}")
   end
 
   it "generates a payment_id" do
-    expect(@order.payment_id).to eq(@order.gateway.sign_with_secret("#{@order.id}#{@order.amount}#{@order.created_at}"))
+    expect(@order.payment_id).not_to be_nil
   end
 
   it "starts a periodic status check but subtracts the time passed from order creation from the duration of the check" do
@@ -72,6 +73,11 @@ RSpec.describe StraightServer::Order do
     expect(order.data[:exchange_rate]).to eq({ price: 111, currency: 'USD' })
   end
 
+  it "returns last_keychain_id for the gateway along with other order data" do
+    order = create(:order, gateway_id: @gateway.id)
+    expect(order.to_h).to include(keychain_id: order.keychain_id, last_keychain_id: @gateway.last_keychain_id) 
+  end
+
   describe "DB interaction" do
 
     it "saves a new order into the database" do
@@ -111,17 +117,6 @@ RSpec.describe StraightServer::Order do
         expect( -> { create(:order, id: order.id, gateway_id: @gateway.id) }).to raise_error()
       end
 
-      it "doesn't save order if the order with the same address exists" do
-        order = create(:order, gateway_id: @gateway.id)
-        expect( -> { create(:order, address: order.address) }).to raise_error()
-      end
-
-      it "doesn't save order if the order with the same keychain_id and gateway_id exists" do
-        order = create(:order, gateway_id: @gateway.id)
-        expect( -> { create(:order, keychain_id: order.id, gateway_id: order.gateway_id+1) }).not_to raise_error()
-        expect( -> { create(:order, keychain_id: order.id, gateway_id: order.gateway_id)   }).to     raise_error()
-      end
-
       it "doesn't save order if the amount is invalid" do
         expect( -> { create(:order, amount: 0) }).to raise_error()
       end

data/spec/lib/orders_controller_spec.rb

@@ -15,7 +15,7 @@ RSpec.describe StraightServer::OrdersController do
     it "creates an order and renders its attrs in json" do
       allow(StraightServer::Thread).to receive(:new) # ignore periodic status checks, we're not testing it here
       send_request "POST", '/gateways/2/orders', amount: 10
-      expect(response).to render_json_with(status: 0, amount: 10, address: "address1", tid: nil, id: :anything)
+      expect(response).to render_json_with(status: 0, amount: 10, address: "address1", tid: nil, id: :anything, keychain_id: @gateway.last_keychain_id, last_keychain_id: @gateway.last_keychain_id)
     end
 
     it "renders 409 error when an order cannot be created due to some validation errors" do
@@ -32,10 +32,11 @@ RSpec.describe StraightServer::OrdersController do
       send_request "POST", '/gateways/2/orders', amount: 10
     end
 
-    it "passes data param to Order which then saves it serialized" do
+    it "passes data and callback_data param to Order which then saves it serialized" do
       allow(StraightServer::Thread).to receive(:new) # ignore periodic status checks, we're not testing it here
-      send_request "POST", '/gateways/2/orders', amount: 10, data: { hello: 'world' }
+      send_request "POST", '/gateways/2/orders', amount: 10, data: { hello: 'world' }, callback_data: 'some random data'
       expect(StraightServer::Order.last.data.hello).to eq('world')
+      expect(StraightServer::Order.last.callback_data).to eq('some random data')
     end
 
     it "renders 503 page when the gateway is inactive" do
@@ -43,6 +44,7 @@ RSpec.describe StraightServer::OrdersController do
       send_request "POST", '/gateways/2/orders', amount: 1
       expect(response[0]).to eq(503)
       expect(response[2]).to eq("The gateway is inactive, you cannot create order with it")
+      @gateway.active = true
     end
 
     it "finds gateway using hashed_id" do
@@ -50,6 +52,37 @@ RSpec.describe StraightServer::OrdersController do
       send_request "POST", "/gateways/#{@gateway.id}/orders", amount: 10
     end
 
+    it "warns about a deprecated order_id param" do
+      send_request "POST", "/gateways/#{@gateway.id}/orders", amount: 10, order_id: 1
+      expect(response[2]).to eq("Error: order_id is no longer a valid param. Use keychain_id instead and consult the documentation.")
+    end
+
+    it 'limits creation of orders without signature' do
+      new_config          = StraightServer::Config.dup
+      new_config.throttle = {requests_limit: 1, period: 1}
+      stub_const 'StraightServer::Config', new_config
+      allow(StraightServer::Thread).to receive(:new)
+
+      send_request "POST", '/gateways/2/orders', amount: 10
+      expect(response).to render_json_with(status: 0, amount: 10, address: "address1", tid: nil, id: :anything, keychain_id: @gateway.last_keychain_id, last_keychain_id: @gateway.last_keychain_id)
+      send_request "POST", '/gateways/2/orders', amount: 10
+      expect(response).to eq [429, {}, "Too many requests, please try again later"]
+
+      @gateway1 = StraightServer::Gateway.find_by_id(1)
+      @gateway1.check_signature = true
+      5.times do |i|
+        i += 1
+        send_request "POST", '/gateways/1/orders', amount: 10, keychain_id: i, signature: @gateway1.sign_with_secret(i)
+        expect(response[0]).to eq 200
+        expect(response).to render_json_with(status: 0, amount: 10, tid: nil, id: :anything, keychain_id: i, last_keychain_id: i)
+      end
+    end
+
+    it "warns you about the use of callback_data instead of data" do
+      allow(StraightServer::Thread).to receive(:new)
+      send_request "POST", '/gateways/2/orders', amount: 10, data: "I meant this to be callback_data"
+      expect(response).to render_json_with(WARNING: "Maybe you meant to use callback_data? The API has changed now. Consult the documentation.")
+    end
   end
 
   describe "show action" do
@@ -83,7 +116,6 @@ RSpec.describe StraightServer::OrdersController do
 
     it "finds order by payment_id" do
       allow(@order_mock).to receive(:status_changed?).and_return(false)
-      expect(StraightServer::Order).to receive(:[]).with('payment_id').and_return(nil)
       expect(StraightServer::Order).to receive(:[]).with(:payment_id => 'payment_id').and_return(@order_mock)
       send_request "GET", '/gateways/2/orders/payment_id'
       expect(response).to eq([200, {}, "order json mock"])