straight-server 0.2.3 → 1.0.0

data/lib/straight-server/initializer.rb

@@ -41,12 +41,12 @@ module StraightServer
       create_logger
       connect_to_db
       run_migrations         if migrations_pending?
-      setup_redis_connection if StraightServer::Config.count_orders
+      setup_redis_connection
       initialize_routes
     end
 
     def add_route(path, &block)
-      @routes[path] = block 
+      @routes[path] = block
     end
 
     def create_config_files
@@ -116,6 +116,7 @@ module StraightServer
     end
 
     def create_logger
+      return unless Config.logmaster
       require_relative 'logger'
       StraightServer.logger = StraightServer::Logger.new(
         log_level:       ::Logger.const_get(Config.logmaster['log_level'].upcase),
@@ -128,7 +129,11 @@ module StraightServer
 
     def initialize_routes
       @routes = {}
-      add_route /\A\/gateways\/.+?\/orders(\/.+)?\Z/ do |env|
+      add_route %r{\A/gateways/.+?/orders(/.+)?\Z} do |env|
+        controller = OrdersController.new(env)
+        controller.response
+      end
+      add_route %r{\A/gateways/.+?/last_keychain_id\Z} do |env|
         controller = OrdersController.new(env)
         controller.response
       end
@@ -168,6 +173,7 @@ module StraightServer
         # an unclean shutdown of the server. Let's check and update the status manually once.
         if order.time_left_before_expiration < 1
           StraightServer.logger.info "Order #{order.id} seems to be expired, but status remains #{order.status}. Will check for status update manually."
+          order.gateway.test_mode = true if order.test_mode
           order.status(reload: true)
 
           # if we still see no transactions to that address,
@@ -187,17 +193,17 @@ module StraightServer
     end
 
     # Loads redis gem and sets up key prefixes for order counters
-    # for the current straight environment. 
+    # for the current straight environment.
     def setup_redis_connection
-      require 'redis'
+      raise "Redis not configured" unless Config.redis
       Config.redis = Config.redis.keys_to_sym
-      Config.redis[:connection] = Redis.new(
+      Config.redis[:prefix] ||= "StraightServer:#{Config.environment}"
+      StraightServer.redis_connection = Redis.new(
         host:     Config.redis[:host],
         port:     Config.redis[:port],
         db:       Config.redis[:db],
         password: Config.redis[:password]
       )
-      Config.redis[:prefix] ||= "StraightServer:#{Config.environment}"
     end
 
   end

data/lib/straight-server/order.rb

@@ -1,5 +1,5 @@
 module StraightServer
- 
+
   class Order < Sequel::Model
 
     include Straight::OrderModule
@@ -10,12 +10,12 @@ module StraightServer
 
     # Additional data that can be passed and stored with each order. Not returned with the callback.
     serialize_attributes :marshal, :data
-    
+
     # data that was provided by the merchan upon order creation and is sent back with the callback
-    serialize_attributes :marshal, :callback_data     
+    serialize_attributes :marshal, :callback_data
 
     # stores the response of the server to which the callback is issued
-    serialize_attributes :marshal, :callback_response 
+    serialize_attributes :marshal, :callback_response
 
     plugin :after_initialize
     def after_initialize
@@ -25,7 +25,7 @@ module StraightServer
     def gateway
       @gateway ||= Gateway.find_by_id(gateway_id)
     end
-    
+
     def gateway=(g)
       self.gateway_id = g.id
       @gateway        = g
@@ -60,13 +60,30 @@ module StraightServer
       self[:status] = @status
     end
 
+    def cancelable?
+      status == Straight::Order::STATUSES.fetch(:new)
+    end
+
+    def cancel
+      self.status = Straight::Order::STATUSES.fetch(:canceled)
+      save
+      StraightServer::Thread.interrupt(label: payment_id)
+    end
+
     def save
       super # calling Sequel::Model save
       @status_changed = false
     end
 
     def to_h
-      super.merge({ id: id, payment_id: payment_id, amount_in_btc: amount_in_btc(as: :string), keychain_id: keychain_id, last_keychain_id: self.gateway.last_keychain_id })
+      super.merge({
+        id: id,
+        payment_id: payment_id,
+        amount_in_btc: amount_in_btc(as: :string),
+        amount_paid_in_btc: amount_in_btc(field: amount_paid,as: :string),
+        keychain_id: keychain_id,
+        last_keychain_id: (self.gateway.test_mode ? self.gateway.test_last_keychain_id : self.gateway.last_keychain_id)
+      })
     end
 
     def to_json
@@ -75,17 +92,18 @@ module StraightServer
 
     def validate
       super # calling Sequel::Model validator
-      errors.add(:amount,     "is not numeric") if !amount.kind_of?(Numeric)
-      errors.add(:amount,     "should be more than 0") if amount && amount <= 0
-      errors.add(:gateway_id, "is invalid") if !gateway_id.kind_of?(Numeric) || gateway_id <= 0
-      errors.add(:description, "should be shorter than 255 charachters") if description.kind_of?(String) && description.length > 255
-      errors.add(:gateway, "is inactive, cannot create order for inactive gateway") unless gateway.active
-      validates_unique   :id
+      errors.add(:amount,      "is not numeric") if !amount.kind_of?(Numeric)
+      errors.add(:amount,      "should be more than 0") if amount && amount <= 0
+      errors.add(:amount_paid, "is not numeric") if !amount.kind_of?(Numeric)
+      errors.add(:gateway_id,  "is invalid") if !gateway_id.kind_of?(Numeric) || gateway_id <= 0
+      errors.add(:description, "should be shorter than 256 characters") if description.kind_of?(String) && description.length > 255
+      errors.add(:gateway,     "is inactive, cannot create order for inactive gateway") if !gateway.active && self.new?
+      validates_unique :id
       validates_presence [:address, :keychain_id, :gateway_id, :amount]
     end
 
     def to_http_params
-      "order_id=#{id}&amount=#{amount}&amount_in_btc=#{amount_in_btc(as: :string)}&status=#{status}&address=#{address}&tid=#{tid}&keychain_id=#{keychain_id}&last_keychain_id=#{@gateway.last_keychain_id}"
+      "order_id=#{id}&amount=#{amount}&amount_in_btc=#{amount_in_btc(as: :string)}&amount_paid_in_btc=#{amount_in_btc(field: amount_paid, as: :string)}&status=#{status}&address=#{address}&tid=#{tid}&keychain_id=#{keychain_id}&last_keychain_id=#{@gateway.last_keychain_id}"
     end
 
     def before_create
@@ -96,13 +114,13 @@ module StraightServer
         self.data = {} unless self.data
         self.data[:exchange_rate] = { price: gateway.current_exchange_rate, currency: gateway.default_currency }
       end
-      
+
       super
     end
 
     # Update Gateway's order_counters, incrementing the :new counter.
     # All other increments/decrements happen in the the Gateway#order_status_changed callback,
-    # but the initial :new increment needs this code because the Gateway#order_status_changed 
+    # but the initial :new increment needs this code because the Gateway#order_status_changed
     # isn't called in this case.
     def after_create
       self.gateway.increment_order_counter!(:new) if StraightServer::Config.count_orders
@@ -112,15 +130,19 @@ module StraightServer
     # Order#created_at into account now, so that we don't start checking on
     # an order that is already expired. Or, if it's not expired yet,
     # we make sure to stop all checks as soon as it expires, but not later.
-    def start_periodic_status_check(duration: nil)
-      StraightServer.logger.info "Starting periodic status checks of order #{self.id} (expires in #{duration} seconds)"
+    def start_periodic_status_check
       if (t = time_left_before_expiration) > 0
+        StraightServer.logger.info "Starting periodic status checks of order #{id} (expires in #{t} seconds)"
         check_status_on_schedule(duration: t)
       end
       self.save if self.status_changed?
     end
 
     def check_status_on_schedule(period: 10, iteration_index: 0, duration: 600, time_passed: 0)
+      if StraightServer::Thread.interrupted?(thread: ::Thread.current)
+        StraightServer.logger.info "Checking status of order #{self.id} interrupted"
+        return
+      end
       StraightServer.logger.info "Checking status of order #{self.id}"
       super
     end

data/lib/straight-server/orders_controller.rb

@@ -1,8 +1,10 @@
-require_relative './throttler'
+require_relative 'throttler'
+require_relative 'signature_validator'
 
 module StraightServer
 
   class OrdersController
+    include Goliath::Constants
 
     attr_reader :response
 
@@ -21,7 +23,9 @@ module StraightServer
         return [404, {}, "Gateway not found" ]
       end
 
-      unless @gateway.check_signature
+      if @gateway.check_signature
+        StraightServer::SignatureValidator.new(@gateway, @env).validate!
+      else
         ip = @env['HTTP_X_FORWARDED_FOR'].to_s
         ip = @env['REMOTE_ADDR'] if ip.empty?
         if StraightServer::Throttler.new(@gateway.id).deny?(ip)
@@ -43,20 +47,20 @@ module StraightServer
           currency:         @params['currency'],
           btc_denomination: @params['btc_denomination'],
           keychain_id:      @params['keychain_id'],
-          signature:        @params['signature'],
           callback_data:    @params['callback_data'],
-          data:             @params['data']
+          data:             @params['data'],
+          description:      @params['description']
         }
+
         order = @gateway.create_order(order_data)
-        StraightServer::Thread.new do
+        StraightServer::Thread.new(label: order.payment_id) do
           # Because this is a new thread, we have to wrap the code inside in #watch_exceptions
           # once again. Otherwise, no watching is done. Oh, threads!
           StraightServer.logger.watch_exceptions do
             order.start_periodic_status_check
           end
         end
-        order = add_callback_data_warning(order)
-        [200, {}, order.to_json ]
+        [200, {}, add_callback_data_warning(order).to_json]
       rescue Sequel::ValidationFailed => e
         StraightServer.logger.warn(
           "VALIDATION ERRORS in order, cannot create it:\n" +
@@ -64,11 +68,8 @@ module StraightServer
           "Order data: #{order_data.inspect}\n"
         )
         [409, {}, "Invalid order: #{e.message}" ]
-      rescue StraightServer::GatewayModule::InvalidSignature
-        [409, {}, "Invalid signature for id: #{@params['order_id']}" ]
-      rescue StraightServer::GatewayModule::InvalidOrderId
-        StraightServer.logger.warn message = "An invalid id for order supplied: #{@params['order_id']}"
-        [409, {}, message ]
+      rescue Straight::Gateway::OrderAmountInvalid => e
+        [409, {}, "Invalid order: #{e.message}" ]
       rescue StraightServer::GatewayModule::GatewayInactive
         StraightServer.logger.warn message = "The gateway is inactive, you cannot create order with it"
         [503, {}, message ]
@@ -82,6 +83,10 @@ module StraightServer
         return [404, {}, "Gateway not found" ]
       end
 
+      if @gateway.check_signature
+        StraightServer::SignatureValidator.new(@gateway, @env).validate!
+      end
+
       order = find_order
 
       if order
@@ -106,8 +111,40 @@ module StraightServer
       end
     end
 
+    def cancel
+      unless @gateway
+        StraightServer.logger.warn "Gateway not found"
+        return [404, {}, "Gateway not found"]
+      end
+
+      if @gateway.check_signature
+        StraightServer::SignatureValidator.new(@gateway, @env).validate!
+      end
+
+      if (order = find_order)
+        order.status(reload: true)
+        order.save if order.status_changed?
+        if order.cancelable?
+          order.cancel
+          [200, {}, '']
+        else
+          [409, {}, "Order is not cancelable"]
+        end
+      end
+    end
+
+    def last_keychain_id
+      unless @gateway
+        StraightServer.logger.warn "Gateway not foun"
+        return [404, {}, "Gateway not found"]
+      end
+
+      [200, {}, {gateway_id: @gateway.id, last_keychain_id: @gateway.last_keychain_id}.to_json]
+    end
+
     private
 
+      # Refactoring proposed: https://github.com/AlexanderPavlenko/straight-server/commit/49ea6e3732a9564c04d8dfecaee6d0ebaa462042
       def dispatch
 
         StraightServer.logger.blank_lines
@@ -115,17 +152,30 @@ module StraightServer
 
         @gateway = StraightServer::Gateway.find_by_hashed_id(@request_path[1])
 
-        @response = if @request_path[3] # if an order id is supplied
-          @params['id'] = @request_path[3]
-          @params['id'] = @params['id'].to_i if @params['id'] =~ /\A\d+\Z/
-          if @request_path[4] == 'websocket'
-            websocket
-          elsif @request_path[4].nil? && @method == 'GET'
-            show
+        @response = begin
+          if @request_path[3] # if an order id is supplied
+            @params['id'] = @request_path[3]
+            @params['id'] = @params['id'].to_i if @params['id'] =~ /\A\d+\Z/
+            if @request_path[4] == 'websocket'
+              websocket
+            elsif @request_path[4] == 'cancel'&& @method == 'POST'
+              cancel
+            elsif @request_path[4].nil? && @method == 'GET'
+              show
+            end
+          elsif @request_path[2] == 'last_keychain_id'
+            last_keychain_id
+          elsif @request_path[3].nil?# && @method == 'POST'
+            create
           end
-        elsif @request_path[3].nil?# && @method == 'POST'
-          create
+        rescue StraightServer::SignatureValidator::InvalidNonce
+          StraightServer.logger.warn message = "X-Nonce is invalid: #{@env["#{HTTP_PREFIX}X_NONCE"].inspect}"
+          [409, {}, message]
+        rescue StraightServer::SignatureValidator::InvalidSignature
+          StraightServer.logger.warn message = "X-Signature is invalid: #{@env["#{HTTP_PREFIX}X_SIGNATURE"].inspect}"
+          [409, {}, message]
         end
+
         @response = [404, {}, "#{@method} /#{@request_path.join('/')} Not found"] if @response.nil?
       end
 

data/lib/straight-server/random_string.rb

@@ -1,18 +1,8 @@
+require 'securerandom'
+
 class String
 
   def self.random(len)
-    s = ""
-    while s.length != len do
-      s = rand(36**len).to_s(36) 
-    end
-    s
-  end
-
-  def repeat(times)
-    result = ""
-    times.times { result << self }
-    result
+    BTC::Base58.base58_from_data(SecureRandom.random_bytes(len))[0, len]
   end
-
 end
-

data/lib/straight-server/server.rb

@@ -11,7 +11,6 @@ module StraightServer
       StraightServer.logger.info "starting Straight Server v #{StraightServer::VERSION}"
       require_relative 'order'
       require_relative 'gateway'
-      require_relative 'orders_controller'
       load_addons
       resume_tracking_active_orders!
     end
@@ -20,7 +19,7 @@ module StraightServer
       # Even though we define that option here, it is purely for the purposes of compliance with
       # Goliath server. If don't do that, there will be an exception saying "unrecognized argument".
       # In reality, we make use of --config-dir value in the in StraightServer::Initializer and stored
-      # it in StraightServer::Initializer.config_dir property. 
+      # it in StraightServer::Initializer.config_dir property.
       opts.on('-c', '--config-dir STRING', "Directory where config files and addons are placed") do |val|
         options[:config_dir] = File.expand_path(val || ENV['HOME'] + '/.straight' )
       end
@@ -42,7 +41,7 @@ module StraightServer
         # AFTER the process is daemonized, this shall remain as it is now.
         begin
           return process_request(env)
-        rescue Sequel::DatabaseDisconnectError 
+        rescue Sequel::DatabaseDisconnectError
           connect_to_db
           return process_request(env)
         end
@@ -74,6 +73,6 @@ module StraightServer
       # no block was called, means no route matched. Let's render 404
       return [404, {}, "#{env['REQUEST_METHOD']} #{env['REQUEST_PATH']} Not found"]
     end
-    
+
   end
 end

data/lib/straight-server/signature_validator.rb

@@ -0,0 +1,69 @@
+require 'goliath/constants'
+require 'base64'
+
+module StraightServer
+  class SignatureValidator
+    include Goliath::Constants
+
+    SignatureValidatorError = Class.new(StandardError)
+    InvalidNonce            = Class.new(SignatureValidatorError)
+    InvalidSignature        = Class.new(SignatureValidatorError)
+
+    attr_reader :gateway, :env
+
+    def initialize(gateway, env)
+      @gateway = gateway
+      @env     = env
+    end
+
+    def validate!
+      raise InvalidNonce unless valid_nonce?
+      raise InvalidSignature unless valid_signature?
+      true
+    end
+
+    def valid_nonce?
+      nonce = env["#{HTTP_PREFIX}X_NONCE"].to_i
+      redis = StraightServer.redis_connection
+      loop do
+        redis.watch last_nonce_key do
+          last_nonce = redis.get(last_nonce_key).to_i
+          if last_nonce < nonce
+            result = redis.multi do |multi|
+              multi.set last_nonce_key, nonce
+            end
+            return true if result[0] == 'OK'
+          else
+            redis.unwatch
+            return false
+          end
+        end
+      end
+    end
+
+    def valid_signature?
+      signature == env["#{HTTP_PREFIX}X_SIGNATURE"]
+    end
+
+    def last_nonce_key
+      "#{Config[:'redis.prefix']}:LastNonce:#{gateway.id}"
+    end
+
+    def signature
+      self.class.signature(
+        nonce:       env["#{HTTP_PREFIX}X_NONCE"],
+        body:        env[RACK_INPUT].kind_of?(StringIO) ? env[RACK_INPUT].string : env[RACK_INPUT].to_s,
+        method:      env[REQUEST_METHOD],
+        request_uri: env[REQUEST_URI],
+        secret:      gateway.secret,
+      )
+    end
+
+    # Should mirror StraightServerKit.signature
+    def self.signature(nonce:, body:, method:, request_uri:, secret:)
+      sha512  = OpenSSL::Digest::SHA512.new
+      request = "#{method.to_s.upcase}#{request_uri}#{sha512.digest("#{nonce}#{body}")}"
+      Base64.strict_encode64 OpenSSL::HMAC.digest(sha512, secret.to_s, request)
+    end
+  end
+end