straight-server 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 52533bcd5fc953b35fd81b8bf7f4a4b974954b01
-  data.tar.gz: 6d43d836466f5d29f849536b08286ee7497973f8
+  metadata.gz: 3d3e00cdba620b59557e0f28a51cdc3a82a7b953
+  data.tar.gz: 53372b11a9ddd0045bba84f4b42e9c2706ec9668
 SHA512:
-  metadata.gz: 1350baf54ebb72e7baf2ccfefd48fe9ffd39c309436e9ed9e52f2f174736935e6b0e9d424e6bf08bff5f1fefc6ae5c0a54343bf3082e11b285c82b606d99f461
-  data.tar.gz: 199b84bf7ed343c417d29d92195180c753ae73da916cd45dd4297d16b62253287ffc977056a9cc2164f8ba4ac4da09c8572368283b0b0de3f0d022b9d91fb903
+  metadata.gz: 0ca180d944906bd732574b91794012e0661e09de8d47900906ccd06e9269746aaf2a39be3ceffd02ccb2e9e4f9a89e4b9d824ceee2293a9b4c69f9ffc8473f44
+  data.tar.gz: 656718bdf4cc21510fa657efd33265545e7d4cc9a0b47f27e263dfd888e5d55c6216056f897b2af2555e414622731ffaa30313824b67d31b21b9556a54ee2bd6

data/Gemfile

@@ -8,6 +8,7 @@ gem "sequel"
 gem "logmaster", '0.1.5'
 gem "ruby-hmac"
 gem "httparty"
+gem "money-tree", "0.9.0"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
@@ -18,6 +19,7 @@ group :development do
 end
 
 group :test do
+  gem 'timecop'
   gem 'rspec'
   gem 'factory_girl'
   gem 'sqlite3'

data/Gemfile.lock

@@ -51,7 +51,7 @@ GEM
     hashie (3.4.1)
     highline (1.7.2)
     http_parser.rb (0.6.0)
-    httparty (0.13.3)
+    httparty (0.13.5)
       json (~> 1.8)
       multi_xml (>= 0.5.2)
     i18n (0.7.0)
@@ -74,7 +74,7 @@ GEM
     mime-types (2.5)
     mini_portile (0.6.2)
     minitest (5.6.1)
-    money-tree (0.8.9)
+    money-tree (0.9.0)
       ffi
     multi_json (1.11.0)
     multi_xml (0.5.5)
@@ -120,6 +120,7 @@ GEM
       money-tree
       satoshi-unit
     thread_safe (0.3.5)
+    timecop (0.7.3)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
     websocket-driver (0.5.4)
@@ -139,6 +140,7 @@ DEPENDENCIES
   httparty
   jeweler (~> 2.0.1)
   logmaster (= 0.1.5)
+  money-tree (= 0.9.0)
   redis
   rspec
   ruby-hmac
@@ -146,3 +148,4 @@ DEPENDENCIES
   sequel
   sqlite3
   straight (= 0.2.2)
+  timecop

data/Gemfile.travis

@@ -8,6 +8,7 @@ gem "sequel"
 gem "logmaster", '0.1.5'
 gem "ruby-hmac"
 gem "httparty"
+gem "money-tree", "0.9.0"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
@@ -18,6 +19,7 @@ group :development do
 end
 
 group :test do
+  gem 'timecop'
   gem 'rspec'
   gem 'factory_girl'
   gem 'sqlite3'

data/README.md

@@ -61,20 +61,21 @@ Below I assume it runs on localhost on port 9696.
 
 the result of this request will be the following json:
 
-    {"status":0,"amount":1,"address":"1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q","tid":null,"id":1 }
+    {"status":0,"amount":1,"address":"1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q","tid":null,"id":1, keychain_id: 1, last_keychain_id: 1 }
 
 Now you can obviously use that output to provide your user with the address and the expected
 amount to be sent there. At this point, the server starts automatically tracking the order address
 in a separate thread, so that when the money arrive, a callback will be issued to the url provided
 in the `~/.straight/config.yml` file for the current gateway. This callback request will contain order info too.
+
 Here's an example of a callback url request that could be made by Straight server when order status changes:
 
-    GET http://mystore.com/payment-callback?order_id=1&amount=1&status=2&address=1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q&tid=tid1&data=some+random+data
+    GET http://mystore.com/payment-callback?order_id=234&amount=1&status=2&address=1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q&tid=tid1&callback_data=some+random+data&keychain_id=1&last_keychain_id=1
 
-As you may have noticed, there's a parameter called `data`. It is a way for you to pass info back
-to your app. It will have the same value as the `data` parameter you passed to the create order request:
+As you may have noticed, there's a parameter called `callback_data`. It is a way for you to pass info back
+to your app. It will have the same value as the `callback_data` parameter you passed to the create order request:
 
-    POST /gateways/1/orders?amount=1&data=some+random+data
+    POST /gateways/1/orders?amount=1&callback_data=some+random+data
 
 You can specify amount in other currencies, as well as various BTC denominations.
 It will be converted using the current exchange rate (see [Straight::ExchangeAdapter](https://github.com/snitko/straight/blob/master/lib/straight/exchange_rate_adapter.rb)) into satoshis:
@@ -89,11 +90,13 @@ It will be converted using the current exchange rate (see [Straight::ExchangeAda
 **Checking the order manually**
 You can check the status of the order manually with the following request:
 
-    GET /gateways/1/orders/1
+    GET /gateways/1/orders/:id
 
-may return something like:
+where `:id` can either be order `id` (CAUTION: order `id` is NOT the same as `keychain_id`) or
+`payment_id` - both are returned in the json data when the order
+is created (see above). The request above may return something like:
 
-    {"status":2,"amount":1,"address":"1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q","tid":"f0f9205e41bf1b79cb7634912e86bb840cedf8b1d108bd2faae1651ca79a5838","id":1 }
+    {"status":2,"amount":1,"address":"1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q","tid":"f0f9205e41bf1b79cb7634912e86bb840cedf8b1d108bd2faae1651ca79a5838","id":1, "keychain_id": 1, "last_keychain_id": 1 }
 
 **Subscribing to the order using websockets**:
 You can also subscribe to the order status changes using websockets at:
@@ -195,13 +198,12 @@ Go to your `~/.straight/config.yml` directory and set two options for each of yo
     check_signature: true
 
 This will force gateways to check signatures when you try to create a new order. A signature is
-a HMAC SHA256 hash of the secret and an order id. Because you need order id, it means you have
+a HMAC SHA256 hash of the secret and a keychain_id. Because you need keychain_id, it means you have
 to actually provide it manually in the params. It can be any integer > 0, but it's better
-that it is a consecutive integer, so keep track of order ids in your application. Obviously,
-if an order with such an id already exists, the request will be rejected. A possible request
-(assuming secret is the line mentioned above in the sample config) would look like this:
+that it is a consecutive integer, so keep track of the last keychain_id that was used in your
+application. A possible request (assuming secret is the line mentioned above in the sample config) would look like this:
 
-    POST /gateways/1/orders?amount=1&order_id=1&signature=aa14c26b2ae892a8719b0c2c57f162b967bfbfbdcc38d8883714a0680cf20467
+    POST /gateways/1/orders?amount=1&keychain_id=1&signature=aa14c26b2ae892a8719b0c2c57f162b967bfbfbdcc38d8883714a0680cf20467
 
 An example of obtaining such signature in Ruby:
 
@@ -210,21 +212,46 @@ An example of obtaining such signature in Ruby:
     secret = 'a long string of random chars'
     OpenSSL::HMAC.digest('sha256', secret, "1").unpack("H*").first # "1" may be order_id here
 
-Straight server will also sign the callback url request. However, since the signature may be
-known to an attacker once it was used for creating a new order, we can no longer use it directly.
-Thus, Straight server will use a double signature calculated like this:
+Straight server will also sign the callback url request. However, since keychain_id may potentially
+be shared between 2 or more orders, the callback signature is based on internal `order_id` returned
+with the json after you create the said order. Here's an example of such a signature:
 
+    order.id #=> 234
     secret = 'a long string of random chars'
-    h1 = OpenSSL::HMAC.digest('sha256', secret, "1").unpack("H*").first
-    h2 = OpenSSL::HMAC.digest('sha256', secret, h1).unpack("H*").first
+    h = OpenSSL::HMAC.digest('sha256', secret, 234).unpack("H*").first
 
 and then send the request to the callback url with that signature:
 
-    GET http://mystore.com/payment-callback?order_id=1&amount=1&status=2&address=1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q&tid=tid1&data=some+random+data?signature=aa14c26b2ae892a8719b0c2c57f162b967bfbfbdcc38d8883714a0680cf20467
+    GET http://mystore.com/payment-callback?order_id=234&amount=1&status=2&address=1NZov2nm6gRCGW6r4q1qHtxXurrWNpPr1q&tid=tid1&callback_data=some+random+data?signature=aa14c26b2ae892a8719b0c2c57f162b967bfbfbdcc38d8883714a0680cf20467&keychain_id=1&last_keychain_id=1
 
 It is now up to your application to calculate that signature, compare it and
 make sure that only one such request is allowed (that is, if signature was used, it cannot be used again).
 
+What is keychain_id and why do we need it?
+------------------------------------------
+
+`keychain_id` is used to derive the next address from your BIP32 pubkey.
+If you try to create orders with the same `keychain_id` they will also have the same
+address, which is, as you can imagine, not a very good idea. However it is allowed and there's
+a good reason for that.
+
+Wallets that support BIP32 pubkeys will only do a forward address lookup for a limited number of
+addreses. For example, if you have 20 expired, unpaid orders and someone sends you money to the address
+of the 21-st order, your wallet may not see that. Thus, it is important to ensure that there are
+no more than N expired orders in a row. The respective setting in the config file is called
+`reuse_address_orders_threshold` and the default value is 20.
+
+If you have 20 orders in a row and try to create another one, straight-server will see that and will
+automatically reuse the `keychain_id` (and consequently, the address too) of the 20-th order. It will
+also set the 21-st order's `reused` field to the value of `1`.
+
+CAUTION: while you don't need to provide `keychain_id` when creating orders with gateways that
+do not require signatures, you still must do it with gateways that do require signatures.
+In this case, it is very important to make sure that you don't accidentally provide `keychain_id`
+that is too far away from the last used one. For example, if the gateway's `last_keychain_id` is `10`,
+do not use `35` for the next order, use `11`. `last_gateway_id` is always returned with other info
+when you create or check order status.
+
 Querying the blockchain
 -----------------------
 Straight currently uses third-party services, such as Blokchain.info and Helloblock.io to track

data/Rakefile

@@ -2,14 +2,17 @@
 
 require 'rubygems'
 require 'bundler'
+require 'rake'
+
 begin
-  Bundler.setup(:default, :development)
+  Bundler.setup(:default, :development, :test)
 rescue Bundler::BundlerError => e
   $stderr.puts e.message
   $stderr.puts "Run `bundle install` to install missing gems"
   exit e.status_code
 end
-require 'rake'
+
+Dir.glob('lib/tasks/*.rake').each { |r| load r }
 
 require 'jeweler'
 Jeweler::Tasks.new do |gem|

data/VERSION

@@ -1 +1 @@
-0.2.2
+0.2.3

data/db/migrations/003_add_payment_id_to_orders.rb

@@ -7,7 +7,7 @@ Sequel.migration do
 
   down do
     drop_index    :orders, :payment_id
-    remove_column :orders, :payment_id
+    drop_column :orders, :payment_id
   end
 
 end

data/db/migrations/004_add_description_to_orders.rb

@@ -5,7 +5,7 @@ Sequel.migration do
   end
 
   down do
-    remove_column :orders, :description
+    drop_column :orders, :description
   end
 
 end

data/db/migrations/005_add_orders_expiration_period_to_gateways.rb

@@ -5,7 +5,7 @@ Sequel.migration do
   end
 
   down do
-    remove_column :gateways, :orders_expiration_period
+    drop_column :gateways, :orders_expiration_period
   end
 
 end

data/db/migrations/006_add_check_order_status_in_db_first_to_gateways.rb

@@ -5,7 +5,7 @@ Sequel.migration do
   end
 
   down do
-    remove_column :gateways, :check_order_status_in_db_first
+    drop_column :gateways, :check_order_status_in_db_first
   end
 
 end

data/db/migrations/007_add_active_switcher_to_gateways.rb

@@ -5,7 +5,7 @@ Sequel.migration do
   end
 
   down do
-    remove_column :gateways, :active
+    drop_column :gateways, :active
   end
 
 end

data/db/migrations/008_add_order_counters_to_gateways.rb

@@ -5,7 +5,7 @@ Sequel.migration do
   end
 
   down do
-    remove_column :gateways, :order_counters
+    drop_column :gateways, :order_counters
   end
 
 end

data/db/migrations/009_add_hashed_id_to_gateways.rb

@@ -11,8 +11,8 @@ Sequel.migration do
   end
 
   down do
-    remove_index  :gateways, :hashed_id
-    remove_column :gateways, :hashed_id
+    drop_index  :gateways, :hashed_id
+    drop_column :gateways, :hashed_id
   end
 
 end

data/db/migrations/010_add_address_reusability_orders.rb

@@ -0,0 +1,19 @@
+Sequel.migration do
+
+  up do
+    drop_index  :orders, [:keychain_id, :gateway_id]
+    drop_index  :orders, :address
+    add_index :orders, [:keychain_id, :gateway_id]
+    add_index :orders, :address
+    add_column :orders, :reused, Integer, default: 0
+  end
+
+  down do
+    drop_index  :orders, [:keychain_id, :gateway_id]
+    drop_index  :orders, :address
+    drop_column :orders, :reused 
+    add_index :orders, [:keychain_id, :gateway_id], unique: true
+    add_index :orders, :address, unique: true
+  end
+
+end

data/db/migrations/011_add_callback_data_to_orders.rb

@@ -0,0 +1,11 @@
+Sequel.migration do
+
+  up do
+    add_column :orders, :callback_data, String
+  end
+
+  down do
+    remove_column :orders, :callback_data
+  end
+
+end

data/db/schema.rb

@@ -0,0 +1,55 @@
+Sequel.migration do
+  change do
+    create_table(:gateways, :ignore_index_errors=>true) do
+      primary_key :id
+      Integer :confirmations_required, :default=>0, :null=>false
+      Integer :last_keychain_id, :default=>0, :null=>false
+      String :pubkey, :size=>255, :null=>false
+      String :order_class, :size=>255, :null=>false
+      String :secret, :size=>255, :null=>false
+      String :name, :size=>255, :null=>false
+      String :default_currency, :default=>"BTC", :size=>255
+      String :callback_url, :size=>255
+      TrueClass :check_signature, :default=>false, :null=>false
+      String :exchange_rate_adapter_names, :size=>255
+      DateTime :created_at, :null=>false
+      DateTime :updated_at
+      Integer :orders_expiration_period
+      TrueClass :check_order_status_in_db_first
+      TrueClass :active, :default=>true
+      String :order_counters, :size=>255
+      String :hashed_id, :size=>255
+      
+      index [:hashed_id]
+      index [:id], :unique=>true
+      index [:name], :unique=>true
+      index [:pubkey], :unique=>true
+    end
+    
+    create_table(:orders, :ignore_index_errors=>true) do
+      primary_key :id
+      String :address, :size=>255, :null=>false
+      String :tid, :size=>255
+      Integer :status, :default=>0, :null=>false
+      Integer :keychain_id, :null=>false
+      Bignum :amount, :null=>false
+      Integer :gateway_id, :null=>false
+      String :data, :size=>255
+      String :callback_response, :text=>true
+      DateTime :created_at, :null=>false
+      DateTime :updated_at
+      String :payment_id, :size=>255
+      String :description, :size=>255
+      Integer :reused, :default=>0
+      
+      index [:address]
+      index [:id], :unique=>true
+      index [:keychain_id, :gateway_id]
+      index [:payment_id], :unique=>true
+    end
+    
+    create_table(:schema_info) do
+      Integer :version, :default=>0, :null=>false
+    end
+  end
+end

data/examples/client/client.html

@@ -16,7 +16,7 @@
       <p>Use this form to generate a new order:</p>
       Gateway id: <input name="gateway_id"/><br/>
       Signature: <input name="signature"/><br/>
-      Keychain id: <input name="order_id"/><br/>
+      Keychain id: <input name="keychain_id"/><br/>
       Amount (in default currency for the gateway, usually in satoshi, but could be USD or EUR): <input name="amount"/>
       <p><button id="create_order">Create Order</button></p>
     </div>

data/examples/client/client.js

@@ -5,7 +5,7 @@ jQuery(function($) {
       url: '/gateways/' + $("input[name=gateway_id]").val() + '/orders',
       type: 'POST',
       dataType: 'json',
-      data: { amount: $("input[name=amount]").val(), signature: $("input[name=signature]").val(), order_id :$("input[name=order_id]").val() },
+      data: { amount: $("input[name=amount]").val(), signature: $("input[name=signature]").val(), keychain_id :$("input[name=keychain_id]").val() },
       success: function(response) {
         window.location = '/pay/' + response.payment_id
       }

data/lib/straight-server/config.rb

@@ -14,7 +14,9 @@ module StraightServer
                     :check_order_status_in_db_first,
                     :port,
                     :blockchain_adapters,
-                    :expiration_overtime
+                    :expiration_overtime,
+                    :reuse_address_orders_threshold,
+                    :throttle
     end
 
   end

data/lib/straight-server/gateway.rb

@@ -57,7 +57,7 @@ module StraightServer
           begin
             @exchange_rate_adapters << Straight::ExchangeRate.const_get("#{adapter}Adapter").instance
           rescue NameError => e 
-            puts "WARNING: No exchange rate adapter with the name #{a} was found!"
+            puts "WARNING: No exchange rate adapter with the name #{adapter} was found!"
           end
         end
       end
@@ -113,16 +113,28 @@ module StraightServer
       signature = attrs.delete(:signature)
       if !check_signature || sign_with_secret(attrs[:keychain_id]) == signature
         raise InvalidOrderId if check_signature && (attrs[:keychain_id].nil? || attrs[:keychain_id].to_i <= 0)
+
+        # If we decide to reuse the order, we simply need to supply the
+        # keychain_id that was used in the order we're reusing.
+        # The address will be generated correctly.
+        if reused_order = find_reusable_order
+          attrs[:keychain_id] = reused_order.keychain_id 
+        end
+
         order = order_for_keychain_id(
           amount:           attrs[:amount],
-          keychain_id:      attrs[:keychain_id] || increment_last_keychain_id!,
+          keychain_id:      attrs[:keychain_id] || self.last_keychain_id+1,
           currency:         attrs[:currency],
           btc_denomination: attrs[:btc_denomination]
         )
-        order.id         = attrs[:id].to_i if attrs[:id]
-        order.data       = attrs[:data]    if attrs[:data]
-        order.gateway    = self
+        order.id            = attrs[:id].to_i       if attrs[:id]
+        order.data          = attrs[:data]          if attrs[:data]
+        order.callback_data = attrs[:callback_data] if attrs[:callback_data]
+        order.gateway       = self
+        order.reused        = reused_order.reused + 1 if reused_order
         order.save
+
+        self.update_last_keychain_id(attrs[:keychain_id]) unless order.reused > 0
         self.save
         StraightServer.logger.info "Order #{order.id} created: #{order.to_h}"
         order
@@ -132,14 +144,9 @@ module StraightServer
       end
     end
 
-    # Used to track the current keychain_id number, which is used by
-    # Straight::Gateway to generate addresses from the pubkey. The number is supposed
-    # to be incremented by 1. In the case of a Config file type of Gateway, the value
-    # is stored in a file in the .straight directory.
-    def increment_last_keychain_id!
-      self.last_keychain_id += 1
-      self.save
-      self.last_keychain_id
+    def update_last_keychain_id(new_value=nil)
+      #new_value = nil if new_value && new_value.empty?
+      new_value ? self.last_keychain_id = new_value : self.last_keychain_id += 1
     end
 
     def add_websocket_for_order(ws, order)
@@ -205,6 +212,25 @@ module StraightServer
       @@redis.incrby("#{StraightServer::Config.redis[:prefix]}:gateway_#{id}:#{counter_name}_orders_counter", by)
     end
 
+    # If we have more than Config.reuse_address_orders_threshold i a row for this gateway,
+    # this method returns the one which keychain_id (and, consequently, address) is to be reused.
+    # It also checks (just in case) if any transactions has been made to the addres-to-be-reused,
+    # because even though the order itself might be expired, the address might have been used for
+    # something else.
+    #
+    # If there were transactions to it, there's actually no need to reuse the address and we can
+    # safely return nil.
+    #
+    # Also, see comments for #find_expired_orders_row method.
+    def find_reusable_order
+      expired_orders = find_expired_orders_row
+      if expired_orders.size >= Config.reuse_address_orders_threshold &&
+      fetch_transactions_for(expired_orders.last.address).empty?
+        return expired_orders.last
+      end
+      nil
+    end
+
     private
 
       # Tries to send a callback HTTP request to the resource specified
@@ -217,9 +243,9 @@ module StraightServer
         StraightServer.logger.info "Attempting to send request to the callback url for order #{order.id} to #{callback_url}..."
 
         # Composing the request uri here
-        signature = self.check_signature ? "&signature=#{sign_with_secret(order.id, level: 2)}" : ''
-        data      = order.data           ? "&data=#{order.data}"                                : ''
-        uri       = URI.parse(callback_url + '?' + order.to_http_params + signature + data)
+        signature = self.check_signature ? "&signature=#{sign_with_secret(order.id)}" : ''
+        callback_data = order.callback_data ? "&callback_data=#{order.callback_data}" : ''
+        uri           = URI.parse(callback_url + '?' + order.to_http_params + signature + callback_data)
 
         begin
           response = Net::HTTP.get_response(uri)
@@ -238,6 +264,63 @@ module StraightServer
         StraightServer.logger.info "Callback request for order #{order.id} performed successfully"
       end
 
+
+      # Wallets that support BIP32 do a limited address lookup. If you have 20 empty addresses in a row
+      # (actually not 20, but Config.reuse_address_orders_threshold, 20 is the default value) it won't
+      # look past it and if an order is generated with the 21st address and Bitcoins are paid there,
+      # the wallet may not detect it. Thus we need to always check for the number of expired orders
+      # in a row and reuse an address.
+      #
+      # This method takes care of the first part of that equation: finds the row of expired orders.
+      # It works like this:
+      #
+      # 1. Finds 20 last orders
+      # 2. Checks if they form a row of expired orders, that is if there is no non-expired non-new orders
+      # in the array:
+      #
+      #   if YES (all orders in the row are indeed expired)
+      #     a) Try the next 20 until we find that one non-expired, non-new order
+      #     b) Put all orders in an array, then slice it so only the oldest 20 are there
+      #     c) return 20 oldest expired orders
+      #
+      #   if NO (some orders are paid)
+      #     Return the row of expired orders - which is not enough to trigger a reuse
+      #     (the triger is in the #find_reusable_order method, which calls this one).
+      def find_expired_orders_row
+        
+        orders = []
+        row    = nil
+        offset = 0
+
+        while row.nil? || row.size > 0
+          row = Order.where(gateway_id: self.id).order(Sequel.desc(:keychain_id), Sequel.desc(:reused)).limit(Config.reuse_address_orders_threshold).offset(offset).to_a
+
+          row.reject! do |o|
+            reject = false
+            row.each do |o2|
+              reject = true if o.keychain_id == o2.keychain_id && o.reused < o2.reused 
+            end
+            reject
+          end
+
+          row.sort! { |o1, o2| o2.id <=> o1.id }
+
+          row.each do |o|
+            if o.status == Order::STATUSES[:expired]
+              orders.unshift(o)
+            elsif o.status == Order::STATUSES[:new]
+              next
+            else
+              return orders[0...Config.reuse_address_orders_threshold]
+            end
+          end
+          offset += Config.reuse_address_orders_threshold
+        end
+
+        orders
+
+      end
+
   end
 
   # Uses database to load and save attributes
@@ -250,15 +333,28 @@ module StraightServer
     plugin :serialization, :marshal
     plugin :after_initialize
 
+
     def self.find_by_hashed_id(s)
       self.where(hashed_id: s).first
     end
 
+    # This virtual attribute is important because it's difficult to detect whether secret was actually
+    # updated or not. Sequel's #changed_columns may mistakenly say :secret attr was changed, while it
+    # hasn't. Thus we provide a manual way of ensuring this. It's also better and works as safety switch:
+    # we don't want somebody accidentally updating a secret.
+    attr_accessor :update_secret
+
     def before_create
       super
       encrypt_secret
     end
 
+    def before_update
+      encrypt_secret if @update_secret
+      @update_secret = false
+      super
+    end
+
     def after_create
       @@websockets[self.id] = {}
       update(hashed_id: OpenSSL::HMAC.digest('sha256', Config.server_secret, self.id.to_s).unpack("H*").first)
@@ -288,25 +384,28 @@ module StraightServer
       self[id]
     end
 
-    private
-
-      def encrypt_secret
-        cipher           = OpenSSL::Cipher::AES.new(128, :CBC)
-        cipher.encrypt
-        cipher.key       = OpenSSL::HMAC.digest('sha256', 'nonce', Config.server_secret).unpack("H*").first[0,16]
-        cipher.iv        = iv = OpenSSL::HMAC.digest('sha256', 'nonce', "#{self.id}#{Config.server_secret}").unpack("H*").first[0,16]
-        encrypted        = cipher.update(self[:secret]) << cipher.final()
-        base64_encrypted = Base64.strict_encode64(encrypted).encode('utf-8') 
-        result           = "#{iv}:#{base64_encrypted}"
-        
-        # Check whether we can decrypt. It should not be possible to encrypt the
-        # gateway secret unless we are sure we can decrypt it.
-        if decrypt_secret(result) == self[:secret]
-          self.secret = result
-        else
-          raise "Decrypted and original secrets don't match! Cannot proceed with writing the encrypted gateway secret."
-        end
+    def encrypt_secret
+      cipher           = OpenSSL::Cipher::AES.new(128, :CBC)
+      cipher.encrypt
+      cipher.key       = OpenSSL::HMAC.digest('sha256', 'nonce', Config.server_secret).unpack("H*").first[0,16]
+
+      cipher.iv        = iv = OpenSSL::HMAC.digest('sha256', 'nonce', "#{self.class.max(:id)}#{Config.server_secret}").unpack("H*").first[0,16]
+      raise "cipher.iv cannot be nil" unless iv
+
+      encrypted        = cipher.update(self[:secret]) << cipher.final()
+      base64_encrypted = Base64.strict_encode64(encrypted).encode('utf-8') 
+      result           = "#{iv}:#{base64_encrypted}"
+      
+      # Check whether we can decrypt. It should not be possible to encrypt the
+      # gateway secret unless we are sure we can decrypt it.
+      if decrypt_secret(result) == self[:secret]
+        self.secret = result
+      else
+        raise "Decrypted and original secrets don't match! Cannot proceed with writing the encrypted gateway secret."
       end
+    end
+
+    private
 
       def decrypt_secret(encrypted_field=self[:secret])
         decipher      = OpenSSL::Cipher::AES.new(128, :CBC)