Initial commit.
This commit is contained in:
commit
45abac7a2d
|
@ -0,0 +1,4 @@
|
|||
lurkcoin.db
|
||||
db.json*
|
||||
.mypy_cache
|
||||
go
|
|
@ -0,0 +1,238 @@
|
|||
# lurkcoinV3 API documentation
|
||||
|
||||
**This document is a work in progress and is subject to change!**
|
||||
|
||||
lurkcoin provides an API for servers and other integrations.
|
||||
|
||||
In version 3 of the API, JSON is recommended for requests and used for all
|
||||
responses. If you cannot decode JSON, you should probably use the legacy
|
||||
[lurkcoinV2 API](https://gist.github.com/luk3yx/8028cedb3bfb282d9ba3f2d1c7871231).
|
||||
There are currently no plans to remove the older API.
|
||||
|
||||
All API endpoints require an `Authorization` header with the
|
||||
[`Basic`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme)
|
||||
authentication scheme. If the username somehow happens to contain colons (`:`),
|
||||
these can be replaced with underscores (`_`).
|
||||
|
||||
*With Python's requests library, you can simply add
|
||||
`auth=('username', 'token')` as a keyword argument.*
|
||||
|
||||
# Response format
|
||||
|
||||
All responses will be a JSON object containing a `success` boolean. If lurkcoin
|
||||
encounters errors processing your request, this will be false and an error code
|
||||
will be added to the response. Otherwise, the response data (if any) will be in
|
||||
the `result` key.
|
||||
|
||||
### Examples
|
||||
|
||||
```json
|
||||
{
|
||||
"success": true,
|
||||
"result": 1234.56
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{
|
||||
"success": false,
|
||||
"error": "ERR_CANNOTAFFORD",
|
||||
"message": "You cannot afford to do that!"
|
||||
}
|
||||
```
|
||||
|
||||
### Globally raised errors
|
||||
|
||||
The following errors may be raised on any API endpoint:
|
||||
- `ERR_INVALIDLOGIN` when either `username` or `token` is invalid.
|
||||
- `ERR_INVALIDREQUEST` when required parameters are missing or are an invalid
|
||||
type.
|
||||
- `ERR_INTERNALERROR` when something really nasty happens.
|
||||
|
||||
# API endpoints
|
||||
|
||||
These endpoints are shared between both lurkcoinV3-core and the suggested bank
|
||||
API. Any API parameter marked with "servers only" can only be used with
|
||||
lurkcoinV3-core.
|
||||
|
||||
## GET `/v3/summary`
|
||||
|
||||
Returns an "account summary".
|
||||
|
||||
This endpoint returns a JSON-formatted object with the following items:
|
||||
- `uid`: An internal UID for the user, this is probably the username with
|
||||
only the following characters: `[A-Za-z0-9_]+`.
|
||||
- `name`: The username for the user. This is used in [transaction objects].
|
||||
- `bal`: A number with the user's current balance.
|
||||
- `balance`: The balance formatted as a string (if `bal` is `1.23`,
|
||||
`balance` will be `¤1.23` or similar).
|
||||
- `history`: A list with the 10 most recent [transaction objects].
|
||||
- `interest_rate`: The current interest rate.
|
||||
- `target_balance` *(servers only)*: The server's target balance. This will be
|
||||
`0` if the server's local currency is equal to lurkcoin.
|
||||
|
||||
## POST `/v3/pay`
|
||||
|
||||
Sends a payment to a user. This will return the transaction object (see
|
||||
`/v3/history`) on success. This can optionally be used to generate transaction
|
||||
IDs for local transactions.
|
||||
|
||||
Parameters:
|
||||
- `source` *(servers only)*: The user who is sending the transaction.
|
||||
- `target`: The target user to pay.
|
||||
- `target_server`: The server to pay the user on. If this is a bank, empty
|
||||
strings should be treated as the current bank.
|
||||
- `amount`: The amount to pay the user.
|
||||
- `local_currency` *(servers only)*: If `true`, lurkcoin will calculate the
|
||||
local server's exchange rate before processing the transaction.
|
||||
|
||||
Errors raised:
|
||||
- `ERR_SERVERNOTFOUND` when `target_server` doesn't exist.
|
||||
- `ERR_INVALIDAMOUNT` when the amount is invalid
|
||||
- `ERR_CANNOTPAYNOTHING` when the amount (after exchange rate calculations)
|
||||
is ¤0.00.
|
||||
- `ERR_CANNOTAFFORD` when your balance is lower than the amount sent (in
|
||||
lurkcoins).
|
||||
|
||||
## GET `/v3/balance`
|
||||
|
||||
Returns your account balance as a number.
|
||||
|
||||
## GET `/v3/history`
|
||||
|
||||
Returns a list of [transaction objects].
|
||||
|
||||
## POST `/v3/exchange_rates`
|
||||
|
||||
Gets the exchange rate for the specified server. Will return a number.
|
||||
|
||||
Parameters:
|
||||
- `source` *(optional)*: The server the money is hypothetically coming from.
|
||||
- `target` *(optional)*: The server the money is hypothetically going to.
|
||||
- `amount`: The amount of money being transferred.
|
||||
|
||||
Errors raised:
|
||||
- `ERR_SOURCESERVERNOTFOUND` when `source` doesn't exist.
|
||||
- `ERR_TARGETSERVERNOTFOUND` when `target` doesn't exist.
|
||||
- `ERR_INVALIDAMOUNT` when `amount` is invalid.
|
||||
|
||||
## GET `/v3/pending_transactions`
|
||||
|
||||
Returns a JSON-formatted list of unprocessed [transaction objects]. Note that
|
||||
the order of this list is not guaranteed to be the same between API calls.
|
||||
|
||||
## POST `/v3/acknowledge_transactions`
|
||||
|
||||
Marks transactions as processed. Invalid or already processed transaction IDs
|
||||
will be silently ignored.
|
||||
|
||||
**Please cache processed transaction IDs until this request has succeeded to
|
||||
stop transactions being applied twice.**
|
||||
|
||||
Parameters:
|
||||
- `transactions`: A list of transaction IDs that have been processed.
|
||||
|
||||
## POST `/v3/reject_transactions`
|
||||
|
||||
Marks transactions as rejected, for example when one was sent to a non-existent
|
||||
user. Invalid or already processed transaction IDs will be silently ignored.
|
||||
|
||||
*If a transaction gets marked as rejected, the target user (if any) must not
|
||||
receive the transaction as the transaction may be reverted.*
|
||||
|
||||
Parameters:
|
||||
- `transactions`: A list of transaction IDs that have been rejected.
|
||||
|
||||
## GET `/v3/target_balance`
|
||||
|
||||
Gets the target balance. This will be `0` if the server's currency is equal to
|
||||
lurkcoin.
|
||||
|
||||
## PUT `/v3/target_balance`
|
||||
|
||||
Sets the server's current balance.
|
||||
|
||||
Target balances are used with calculating exchange rates, if the server's
|
||||
balance is lower than this target balance the currency will be less valuable
|
||||
than lurkcoin.
|
||||
|
||||
**Please do not set ridiculously high/low target balances without a good reason
|
||||
for doing so.** This API endpoint may have a maximum/minimum target balance
|
||||
added in the future.
|
||||
|
||||
Set the target balance to `0` if the server's currency should have a 1:1
|
||||
exchange rate with lurkcoin (or if the server's local currency *is* lurkcoin).
|
||||
|
||||
Parameters:
|
||||
- `target_balance`: The new target balance.
|
||||
|
||||
Errors raised:
|
||||
- `ERR_INVALIDAMOUNT`: Invalid target balance.
|
||||
|
||||
## GET `/v3/webhook_url`
|
||||
|
||||
Gets the server's webhook URL, or `null` if webhooks are not enabled. Every
|
||||
time a transaction gets sent to the server a POST request will be sent to this
|
||||
URL similar to the below example.
|
||||
|
||||
```
|
||||
POST /lurkcoin HTTP/1.1
|
||||
User-Agent: lurkcoin/3.0
|
||||
Content-Length: 14
|
||||
Content-Type: application/json
|
||||
|
||||
{"version": 0}
|
||||
```
|
||||
|
||||
The request does not contain transaction information because there is currently
|
||||
no reliable way to validate that the request has indeed originated from
|
||||
lurkcoin.
|
||||
|
||||
# Alternate API endpoints
|
||||
|
||||
All `GET`-based endpoints also accept `POST`.
|
||||
|
||||
## POST `/v3/set_target_balance`
|
||||
|
||||
Equivalent to sending a PUT to `/v3/target_balance`. Can be used if you can't
|
||||
or don't want to send `PUT` requests.
|
||||
|
||||
# Transaction objects
|
||||
|
||||
[transaction objects]: #transaction-objects
|
||||
|
||||
Transaction objects are defined as follows:
|
||||
|
||||
```js
|
||||
{
|
||||
// The transaction ID
|
||||
"id": "T5E1816DE-9ACB0442",
|
||||
|
||||
// The user who sent this transaction and the server they are on.
|
||||
"source": "sourceuser",
|
||||
"source_server": "sourceserver",
|
||||
|
||||
// The user who has received this transaction and their server.
|
||||
"target": "targetuser",
|
||||
"target_server": "targetserver",
|
||||
|
||||
// The amount sent in lurkcoins.
|
||||
"amount": 851.80,
|
||||
|
||||
// The amount in the sending server's local currency.
|
||||
"sent_amount": 123.45,
|
||||
|
||||
// The amount in the receiving server's local currency.
|
||||
"received_amount": 1650.52
|
||||
|
||||
// The time the transaction was sent in seconds since the UNIX epoch.
|
||||
"time": 1578637022,
|
||||
|
||||
// If this is false, the transaction will not be reverted if it gets
|
||||
// rejected by the receiving server.
|
||||
"revertable": true,
|
||||
}
|
||||
```
|
||||
|
||||
Extra items must be ignored by the client as these may be used in the future
|
||||
to add more features.
|
|
@ -0,0 +1,660 @@
|
|||
### GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
|
||||
Version 3, 19 November 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc.
|
||||
<https://fsf.org/>
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim copies of this
|
||||
license document, but changing it is not allowed.
|
||||
|
||||
### Preamble
|
||||
|
||||
The GNU Affero General Public License is a free, copyleft license for
|
||||
software and other kinds of works, specifically designed to ensure
|
||||
cooperation with the community in the case of network server software.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
our General Public Licenses are intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains
|
||||
free software for all its users.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
Developers that use our General Public Licenses protect your rights
|
||||
with two steps: (1) assert copyright on the software, and (2) offer
|
||||
you this License which gives you legal permission to copy, distribute
|
||||
and/or modify the software.
|
||||
|
||||
A secondary benefit of defending all users' freedom is that
|
||||
improvements made in alternate versions of the program, if they
|
||||
receive widespread use, become available for other developers to
|
||||
incorporate. Many developers of free software are heartened and
|
||||
encouraged by the resulting cooperation. However, in the case of
|
||||
software used on network servers, this result may fail to come about.
|
||||
The GNU General Public License permits making a modified version and
|
||||
letting the public access it on a server without ever releasing its
|
||||
source code to the public.
|
||||
|
||||
The GNU Affero General Public License is designed specifically to
|
||||
ensure that, in such cases, the modified source code becomes available
|
||||
to the community. It requires the operator of a network server to
|
||||
provide the source code of the modified version running there to the
|
||||
users of that server. Therefore, public use of a modified version, on
|
||||
a publicly accessible server, gives the public access to the source
|
||||
code of the modified version.
|
||||
|
||||
An older license, called the Affero General Public License and
|
||||
published by Affero, was designed to accomplish similar goals. This is
|
||||
a different license, not a version of the Affero GPL, but Affero has
|
||||
released a new version of the Affero GPL which permits relicensing
|
||||
under this license.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
### TERMS AND CONDITIONS
|
||||
|
||||
#### 0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU Affero General Public
|
||||
License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds
|
||||
of works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of
|
||||
an exact copy. The resulting work is called a "modified version" of
|
||||
the earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user
|
||||
through a computer network, with no transfer of a copy, is not
|
||||
conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices" to
|
||||
the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
#### 1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work for
|
||||
making modifications to it. "Object code" means any non-source form of
|
||||
a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users can
|
||||
regenerate automatically from other parts of the Corresponding Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that same
|
||||
work.
|
||||
|
||||
#### 2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not convey,
|
||||
without conditions so long as your license otherwise remains in force.
|
||||
You may convey covered works to others for the sole purpose of having
|
||||
them make modifications exclusively for you, or provide you with
|
||||
facilities for running those works, provided that you comply with the
|
||||
terms of this License in conveying all material for which you do not
|
||||
control copyright. Those thus making or running the covered works for
|
||||
you must do so exclusively on your behalf, under your direction and
|
||||
control, on terms that prohibit them from making any copies of your
|
||||
copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under the
|
||||
conditions stated below. Sublicensing is not allowed; section 10 makes
|
||||
it unnecessary.
|
||||
|
||||
#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such
|
||||
circumvention is effected by exercising rights under this License with
|
||||
respect to the covered work, and you disclaim any intention to limit
|
||||
operation or modification of the work as a means of enforcing, against
|
||||
the work's users, your or third parties' legal rights to forbid
|
||||
circumvention of technological measures.
|
||||
|
||||
#### 4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
#### 5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these
|
||||
conditions:
|
||||
|
||||
- a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
- b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under
|
||||
section 7. This requirement modifies the requirement in section 4
|
||||
to "keep intact all notices".
|
||||
- c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
- d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
#### 6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms of
|
||||
sections 4 and 5, provided that you also convey the machine-readable
|
||||
Corresponding Source under the terms of this License, in one of these
|
||||
ways:
|
||||
|
||||
- a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
- b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the Corresponding
|
||||
Source from a network server at no charge.
|
||||
- c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
- d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
- e) Convey the object code using peer-to-peer transmission,
|
||||
provided you inform other peers where the object code and
|
||||
Corresponding Source of the work are being offered to the general
|
||||
public at no charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal,
|
||||
family, or household purposes, or (2) anything designed or sold for
|
||||
incorporation into a dwelling. In determining whether a product is a
|
||||
consumer product, doubtful cases shall be resolved in favor of
|
||||
coverage. For a particular product received by a particular user,
|
||||
"normally used" refers to a typical or common use of that class of
|
||||
product, regardless of the status of the particular user or of the way
|
||||
in which the particular user actually uses, or expects or is expected
|
||||
to use, the product. A product is a consumer product regardless of
|
||||
whether the product has substantial commercial, industrial or
|
||||
non-consumer uses, unless such uses represent the only significant
|
||||
mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to
|
||||
install and execute modified versions of a covered work in that User
|
||||
Product from a modified version of its Corresponding Source. The
|
||||
information must suffice to ensure that the continued functioning of
|
||||
the modified object code is in no case prevented or interfered with
|
||||
solely because modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or
|
||||
updates for a work that has been modified or installed by the
|
||||
recipient, or for the User Product in which it has been modified or
|
||||
installed. Access to a network may be denied when the modification
|
||||
itself materially and adversely affects the operation of the network
|
||||
or violates the rules and protocols for communication across the
|
||||
network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
#### 7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders
|
||||
of that material) supplement the terms of this License with terms:
|
||||
|
||||
- a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
- b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
- c) Prohibiting misrepresentation of the origin of that material,
|
||||
or requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
- d) Limiting the use for publicity purposes of names of licensors
|
||||
or authors of the material; or
|
||||
- e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
- f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions
|
||||
of it) with contractual assumptions of liability to the recipient,
|
||||
for any liability that these contractual assumptions directly
|
||||
impose on those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions; the
|
||||
above requirements apply either way.
|
||||
|
||||
#### 8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your license
|
||||
from a particular copyright holder is reinstated (a) provisionally,
|
||||
unless and until the copyright holder explicitly and finally
|
||||
terminates your license, and (b) permanently, if the copyright holder
|
||||
fails to notify you of the violation by some reasonable means prior to
|
||||
60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
#### 9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or run
|
||||
a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
#### 10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
#### 11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims owned
|
||||
or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within the
|
||||
scope of its coverage, prohibits the exercise of, or is conditioned on
|
||||
the non-exercise of one or more of the rights that are specifically
|
||||
granted under this License. You may not convey a covered work if you
|
||||
are a party to an arrangement with a third party that is in the
|
||||
business of distributing software, under which you make payment to the
|
||||
third party based on the extent of your activity of conveying the
|
||||
work, and under which the third party grants, to any of the parties
|
||||
who would receive the covered work from you, a discriminatory patent
|
||||
license (a) in connection with copies of the covered work conveyed by
|
||||
you (or copies made from those copies), or (b) primarily for and in
|
||||
connection with specific products or compilations that contain the
|
||||
covered work, unless you entered into that arrangement, or that patent
|
||||
license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
#### 12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under
|
||||
this License and any other pertinent obligations, then as a
|
||||
consequence you may not convey it at all. For example, if you agree to
|
||||
terms that obligate you to collect a royalty for further conveying
|
||||
from those to whom you convey the Program, the only way you could
|
||||
satisfy both those terms and this License would be to refrain entirely
|
||||
from conveying the Program.
|
||||
|
||||
#### 13. Remote Network Interaction; Use with the GNU General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, if you modify the
|
||||
Program, your modified version must prominently offer all users
|
||||
interacting with it remotely through a computer network (if your
|
||||
version supports such interaction) an opportunity to receive the
|
||||
Corresponding Source of your version by providing access to the
|
||||
Corresponding Source from a network server at no charge, through some
|
||||
standard or customary means of facilitating copying of software. This
|
||||
Corresponding Source shall include the Corresponding Source for any
|
||||
work covered by version 3 of the GNU General Public License that is
|
||||
incorporated pursuant to the following paragraph.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the work with which it is combined will remain governed by version
|
||||
3 of the GNU General Public License.
|
||||
|
||||
#### 14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions
|
||||
of the GNU Affero General Public License from time to time. Such new
|
||||
versions will be similar in spirit to the present version, but may
|
||||
differ in detail to address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies that a certain numbered version of the GNU Affero General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU Affero General Public License, you may choose any version ever
|
||||
published by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future versions
|
||||
of the GNU Affero General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
#### 15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT
|
||||
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
|
||||
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
|
||||
DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
|
||||
CORRECTION.
|
||||
|
||||
#### 16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
|
||||
CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
|
||||
ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
|
||||
NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
|
||||
LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
|
||||
TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
|
||||
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
#### 17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
### How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these
|
||||
terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest to
|
||||
attach them to the start of each source file to most effectively state
|
||||
the exclusion of warranty; and each file should have at least the
|
||||
"copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper
|
||||
mail.
|
||||
|
||||
If your software can interact with users remotely through a computer
|
||||
network, you should also make sure that it provides a way for users to
|
||||
get its source. For example, if your program is a web application, its
|
||||
interface could display a "Source" link that leads users to an archive
|
||||
of the code. There are many ways you could offer source, and different
|
||||
solutions will be better for different programs; see section 13 for
|
||||
the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. For more information on this, and how to apply and follow
|
||||
the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
|
@ -0,0 +1,46 @@
|
|||
# lurkcoin
|
||||
|
||||
This is the core code of the next major release of
|
||||
[lurkcoin](https://forum.minetest.net/viewtopic.php?f=9&t=22768). This is
|
||||
currently WIP and there will probably be bugs.
|
||||
|
||||
## Dependencies
|
||||
|
||||
- [Go](https://golang.org) 1.10+, Go 1.14 or later recommended.
|
||||
- [bbolt](https://github.com/etcd-io/bbolt)
|
||||
- `go get https://github.com/etcd-io/bbolt`
|
||||
- [httprouter](https://github.com/julienschmidt/httprouter)
|
||||
- `go get https://github.com/julienschmidt/httprouter`
|
||||
- [yaml](https://gopkg.in/yaml.v2)
|
||||
- `go get https://gopkg.in/yaml.v2`
|
||||
|
||||
## Configuration
|
||||
|
||||
See config.yaml for a list of configuration options.
|
||||
|
||||
## Compilation flags
|
||||
|
||||
The following compilation flags are supported:
|
||||
|
||||
- `lurkcoin.disablebbolt`: Disables the bbolt database. If this flag is used,
|
||||
bbolt does not need to be installed.
|
||||
- `lurkcoin.disableplaintextdb`: Disables the plaintext database.
|
||||
- `lurkcoin.disablev2api`: Disables version 2 of the API. This can also be
|
||||
done at runtime in config.yaml.
|
||||
|
||||
## License
|
||||
|
||||
Copyright © 2020 by luk3yx
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
@ -0,0 +1,13 @@
|
|||
# TODO
|
||||
|
||||
- Fix exchange rate calculations.
|
||||
- Make the limits on the size of V2 requests more strict.
|
||||
- Allow a client-provided identifier in `/v3/pay` to prevent double-ups.
|
||||
- Rate limit failed login attempts (on both API endpoints and the admin pages).
|
||||
- Add `/v3/regenerate_token`. To ensure atomicity, lurkcoin will accept both
|
||||
tokens until the new token is used.
|
||||
- Don't use big.Float when converting Currency objects from strings.
|
||||
- Don't escape HTML tags in the returned JSON (possibly).
|
||||
- Add a way to request account creation and webhook URLs.
|
||||
- Add PBKDF2 for admin pages password hashes.
|
||||
- Federation.
|
|
@ -0,0 +1,52 @@
|
|||
# Example lurkcoin configuration file.
|
||||
|
||||
# The name of this lurkcoin instance. This should not be "lurkcoin" to avoid
|
||||
# conflicts.
|
||||
name: Test
|
||||
|
||||
# The address port to bind on.
|
||||
# address: "[::]"
|
||||
port: 5000
|
||||
|
||||
# TLS (optional).
|
||||
tls:
|
||||
enable: false
|
||||
cert_file: /path/to/cert.pem
|
||||
key_file: /path/to/key.pem
|
||||
|
||||
# The database to use.
|
||||
database:
|
||||
# bbolt (recommended)
|
||||
# type: bbolt
|
||||
# location: lurkcoin.db
|
||||
|
||||
# Plaintext
|
||||
type: plaintext
|
||||
location: db.json
|
||||
|
||||
# Admin pages (accessible at /admin)
|
||||
admin_pages:
|
||||
enable: true
|
||||
users:
|
||||
test:
|
||||
password_hash: dccc9b5e6a27bb343a5b859d5bc0b867a8e191161634d8387f6d633580f4f9732219d33076ae709bab765fc8b097b35b52dc5eba1d29f502fc2b2b823736c887
|
||||
password_salt: <salt>
|
||||
hash_algorithm: sha512
|
||||
|
||||
# Allow the creation of servers and the editing of their balances.
|
||||
allow_editing: true
|
||||
|
||||
# Allows database backups to be downloaded. This also requires
|
||||
# allow_editing to be enabled.
|
||||
allow_database_download: true
|
||||
|
||||
# A logfile to redirect standard output to.
|
||||
# logfile: /tmp/logfile
|
||||
|
||||
# URL redirects. Please don't make redirects that conflict with lurkcoin's
|
||||
# admin pages or APIs.
|
||||
redirects:
|
||||
/: /admin
|
||||
|
||||
# The minimum API version to enable.
|
||||
# min_api_version: 2
|
|
@ -0,0 +1,653 @@
|
|||
//
|
||||
// lurkcoin admin pages
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"encoding/hex"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"html/template"
|
||||
"io"
|
||||
"log"
|
||||
"lurkcoin"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const adminPagesHeader = `<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>lurkcoin admin pages</title>
|
||||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/skeleton/2.0.4/skeleton.min.css" />
|
||||
<link rel="stylesheet" href="https://www.xeroxirc.net/style.css" />
|
||||
<style>
|
||||
.button, button, input[type=button], input[type=reset], input[type=submit] {
|
||||
height: 32px;
|
||||
padding: 0 15px;
|
||||
line-height: 32px;
|
||||
margin-right: 0.5rem;
|
||||
}
|
||||
.button:not(.button-primary), button:not(.button-primary), input[type=button]:not(.button-primary), input[type=reset]:not(.button-primary), input[type=submit]:not(.button-primary) {
|
||||
border-color: transparent;
|
||||
}
|
||||
.button.button-primary, button.button-primary, input[type="button"].button-primary, input[type="reset"].button-primary, input[type="submit"].button-primary {
|
||||
background-color: #007FA9;
|
||||
border-color: #007FA9;
|
||||
}
|
||||
.button.button-primary:focus, .button.button-primary:hover, button.button-primary:focus, button.button-primary:hover, input[type="button"].button-primary:focus, input[type="button"].button-primary:hover, input[type="reset"].button-primary:focus, input[type="reset"].button-primary:hover, input[type="submit"].button-primary:focus, input[type="submit"].button-primary:hover {
|
||||
background-color: #006F99;
|
||||
border-color: #006F99;
|
||||
}
|
||||
</style>
|
||||
<meta name="viewport" content="width=device-width" />
|
||||
</head>
|
||||
<body>
|
||||
<main style="padding: 1.5em;">`
|
||||
|
||||
const adminPagesFooter = `</main></body></html>`
|
||||
|
||||
const serverListTemplate = adminPagesHeader + `
|
||||
<h2>Server list</h2>
|
||||
<i>Total: {{len .Summaries}} server(s).</i>
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>Balance</th>
|
||||
<th>Target balance</th>
|
||||
<th>Pending transactions</th>
|
||||
<th>...</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{{range $summary := .Summaries}}
|
||||
<tr>
|
||||
<td>{{$summary.Name}}</td>
|
||||
<td>{{$summary.Balance}}</td>
|
||||
<td>{{$summary.TargetBalance}}</td>
|
||||
<td>{{$summary.PendingTransactionCount}}</td>
|
||||
<td><a href="/admin/edit/{{$summary.UID}}">Edit</a></td>
|
||||
</tr>
|
||||
{{end}}
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
{{if .AllowEditing}}
|
||||
<noscript>
|
||||
<h4>JavaScript is required to edit database entries.</h4>
|
||||
</noscript>
|
||||
|
||||
<button id="new-server" class="button-primary">New server</button>
|
||||
{{if .AllowDatabaseDownload}}
|
||||
<a href="/admin/backup" class="button">Download database backup</a>
|
||||
{{end}}
|
||||
|
||||
<style>
|
||||
html {
|
||||
scroll-behavior: smooth;
|
||||
}
|
||||
#new-server {
|
||||
display: none;
|
||||
transition: ease-in-out 250ms;
|
||||
}
|
||||
#create-server {
|
||||
padding-top: 2em;
|
||||
display: none;
|
||||
transform: scaleY(0);
|
||||
transform-origin: top center;
|
||||
max-height: 0;
|
||||
}
|
||||
#username-field {
|
||||
width: 100%;
|
||||
}
|
||||
</style>
|
||||
|
||||
<form autocomplete="off" method="post" action="/admin/create-server"
|
||||
id="create-server">
|
||||
<h3>Create new server</h3>
|
||||
<input type="hidden" name="csrfToken" value={{.CSRFToken}} />
|
||||
<div style="display: inline-block;">
|
||||
Username<br/>
|
||||
<input type="text" name="username" minlength="3" maxlength="32"
|
||||
required="required" id="username-field" /><br/>
|
||||
<input type="submit" name="submit" class="button-primary"
|
||||
value="Create" />
|
||||
<button type="button" onclick="hideForm()">Cancel</button>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<script>
|
||||
"use strict";
|
||||
let btn = document.getElementById("new-server");
|
||||
let form = document.getElementById("create-server");
|
||||
btn.style.display = "inline";
|
||||
btn.addEventListener("click", () => {
|
||||
form.style.display = "block";
|
||||
form.style.transition = "ease-in-out 250ms transform";
|
||||
window.setTimeout(() => {
|
||||
form.style.transform = "scaleY(1)";
|
||||
form.style.maxHeight = form.scrollHeight.toString() + "px";
|
||||
btn.style.opacity = "0.5";
|
||||
btn.style.pointerEvents = "none";
|
||||
window.location.hash = "#create-server";
|
||||
}, 25);
|
||||
btn.blur();
|
||||
});
|
||||
function hideForm() {
|
||||
form.style.transition = "ease-in-out 250ms";
|
||||
form.style.transform = "scaleY(0)";
|
||||
form.style.maxHeight = "0";
|
||||
btn.style.opacity = "1";
|
||||
btn.style.pointerEvents = "";
|
||||
}
|
||||
</script>
|
||||
{{else}}
|
||||
<i>You may not edit the database.</i>
|
||||
{{end}}
|
||||
` + adminPagesFooter
|
||||
|
||||
const currencyInput = `type="text" pattern="¤?[0-9,_]+(\.[0-9,_]+)?"`
|
||||
const infoTemplate = adminPagesHeader + `
|
||||
<style>
|
||||
#form-inner input, #message {
|
||||
transition: ease-in-out 200ms;
|
||||
text-overflow: ellipsis;
|
||||
}
|
||||
#form-inner input[disabled="disabled"] {
|
||||
border-color: transparent;
|
||||
background: none;
|
||||
color: inherit;
|
||||
}
|
||||
{{if .AllowEditing}}
|
||||
#edit-btn, #edit-btn ~ .button {
|
||||
display: none;
|
||||
}
|
||||
{{end}}
|
||||
</style>
|
||||
|
||||
<a href="/admin">Go back</a>
|
||||
<h3>Server: {{.Server.Name}}</h3>
|
||||
{{if .Message}}
|
||||
<h5 id="message" style="white-space: pre-line;">{{.Message}}</h5>
|
||||
{{end}}
|
||||
<h4>Basic information</h4>
|
||||
<form autocomplete="off" method="post" action="{{.Server.UID}}">
|
||||
{{if .AllowEditing}}
|
||||
<input type="hidden" name="csrfToken" value="{{.CSRFToken}}" />
|
||||
<input type="hidden" name="oldBalance"
|
||||
value="{{.Server.GetBalance.RawString}}" />
|
||||
<input type="hidden" name="oldTargetBalance"
|
||||
value="{{.Server.GetTargetBalance.RawString}}" />
|
||||
<input type="hidden" name="oldWebhookURL"
|
||||
value="{{.Server.WebhookURL}}" />
|
||||
{{end}}
|
||||
<p id="form-inner">
|
||||
Balance<br/>
|
||||
<input ` + currencyInput + ` name="balance"
|
||||
value="{{.Server.GetBalance}}" disabled="disabled" />
|
||||
<br/>
|
||||
Target balance
|
||||
<br/>
|
||||
<input ` + currencyInput + ` name="targetBalance"
|
||||
value="{{.Server.GetTargetBalance}}" disabled="disabled" />
|
||||
<br/>
|
||||
Webhook URL<br/>
|
||||
<input type="url" value="{{.Server.WebhookURL}}" placeholder="(none)"
|
||||
disabled="disabled" name="webhookURL" />
|
||||
|
||||
{{if .AllowEditing}}
|
||||
<br/>
|
||||
<button type="button" id="edit-btn"
|
||||
class="button-primary">Edit</button>
|
||||
<script>
|
||||
document.getElementById("edit-btn").style.display = "inline";
|
||||
</script>
|
||||
<input type="submit" value="Save" class="button button-primary"
|
||||
disabled="disabled" />
|
||||
<a href="{{.Server.UID}}" class="button">Cancel</a>
|
||||
{{end}}
|
||||
</p>
|
||||
</form>
|
||||
|
||||
{{if .AllowEditing}}
|
||||
<script>
|
||||
let p = document.getElementById("form-inner");
|
||||
let btn = document.getElementById("edit-btn");
|
||||
btn.addEventListener("click", () => {
|
||||
let msg = document.getElementById("message");
|
||||
if (msg) {
|
||||
msg.style.fontSize = "0";
|
||||
msg.style.margin = "0";
|
||||
msg.style.padding = "0";
|
||||
}
|
||||
p.removeChild(btn);
|
||||
for (let elem of p.children) {
|
||||
if (elem.tagName.toLowerCase() === "input")
|
||||
elem.removeAttribute("disabled");
|
||||
}
|
||||
});
|
||||
window.history.replaceState(null, null, "/admin/edit/{{.Server.UID}}");
|
||||
</script>
|
||||
{{end}}
|
||||
|
||||
<h4>History</h4>
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>ID</th>
|
||||
<th>Source</th>
|
||||
<th>Source server</th>
|
||||
<th>Target</th>
|
||||
<th>Target server</th>
|
||||
<th>Sent amount</th>
|
||||
<th>Amount</th>
|
||||
<th>Received amount</th>
|
||||
<th>Time</th>
|
||||
<th>Revertable</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{{range $transaction := .Server.GetHistory}}
|
||||
<tr>
|
||||
<td>{{$transaction.ID}}</td>
|
||||
<td>{{$transaction.Source}}</td>
|
||||
<td>{{$transaction.SourceServer}}</td>
|
||||
<td>{{$transaction.Target}}</td>
|
||||
<td>{{$transaction.TargetServer}}</td>
|
||||
<td>{{$transaction.SentAmount.RawString}}</td>
|
||||
<td>{{$transaction.Amount}}</td>
|
||||
<td>{{$transaction.ReceivedAmount.RawString}}</td>
|
||||
<td>{{$transaction.GetTime}}</td>
|
||||
<td>{{$transaction.Revertable | YesNo}}</td>
|
||||
</tr>
|
||||
{{end}}
|
||||
</tbody>
|
||||
</table>
|
||||
` + adminPagesFooter
|
||||
|
||||
type adminPagesSummary struct {
|
||||
UID string
|
||||
Name string
|
||||
Balance lurkcoin.Currency
|
||||
TargetBalance lurkcoin.Currency
|
||||
PendingTransactionCount int
|
||||
}
|
||||
|
||||
func parseNumbers(n1, n2 string) (lurkcoin.Currency, lurkcoin.Currency, bool) {
|
||||
n1 = strings.Replace(n1, ",", "", -1)
|
||||
n2 = strings.Replace(n2, ",", "", -1)
|
||||
|
||||
var res1, res2 lurkcoin.Currency
|
||||
var err error
|
||||
res1, err = lurkcoin.ParseCurrency(n1)
|
||||
if err != nil {
|
||||
return c0, c0, false
|
||||
}
|
||||
res2, err = lurkcoin.ParseCurrency(n2)
|
||||
if err != nil {
|
||||
return c0, c0, false
|
||||
}
|
||||
return res1, res2, true
|
||||
}
|
||||
|
||||
type AdminLoginDetails map[string]struct {
|
||||
PasswordHash string `yaml:"password_hash"`
|
||||
HashAlgorithm string `yaml:"hash_algorithm"`
|
||||
PasswordSalt string `yaml:"password_salt"`
|
||||
AllowEditing bool `yaml:"allow_editing"`
|
||||
AllowDatabaseDownload bool `yaml:"allow_database_download"`
|
||||
}
|
||||
|
||||
// TODO: Provide a more secure hashing function.
|
||||
func (self AdminLoginDetails) Validate(username, password string) bool {
|
||||
account, exists := self[username]
|
||||
if !exists {
|
||||
return false
|
||||
}
|
||||
|
||||
password += account.PasswordSalt
|
||||
switch account.HashAlgorithm {
|
||||
case "sha512", "":
|
||||
rawHash := sha512.Sum512([]byte(password))
|
||||
return lurkcoin.ConstantTimeCompare(
|
||||
hex.EncodeToString(rawHash[:]),
|
||||
account.PasswordHash,
|
||||
)
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
type csrfTokenManager map[string]string
|
||||
|
||||
// Generate one CSRF token per user
|
||||
// TODO: Expiry
|
||||
func (self csrfTokenManager) Get(username string) string {
|
||||
token, ok := self[username]
|
||||
if !ok {
|
||||
token = lurkcoin.GenerateToken()
|
||||
self[username] = token
|
||||
}
|
||||
return token
|
||||
}
|
||||
|
||||
func addAdminPages(router *httprouter.Router, db lurkcoin.Database,
|
||||
loginDetails AdminLoginDetails) {
|
||||
// TODO: Regenerate this often
|
||||
csrfTokens := make(csrfTokenManager)
|
||||
|
||||
re, _ := regexp.Compile(`\s+`)
|
||||
var summaryTmpl, infoTmpl *template.Template
|
||||
var err error
|
||||
summaryTmpl, err = template.New("summary").Parse(
|
||||
re.ReplaceAllLiteralString(serverListTemplate, " "),
|
||||
)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
infoTmpl, err = template.New("info").Funcs(template.FuncMap{
|
||||
"YesNo": func(boolean bool) string {
|
||||
if boolean {
|
||||
return "Yes"
|
||||
} else {
|
||||
return "No"
|
||||
}
|
||||
},
|
||||
}).Parse(re.ReplaceAllLiteralString(infoTemplate, " "))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
accessDeniedPage := re.ReplaceAllLiteralString(
|
||||
adminPagesHeader+
|
||||
`<h1>`+
|
||||
`Sorry, you do not have access to this resource at `+
|
||||
`this time.`+
|
||||
`</h1>`+
|
||||
adminPagesFooter,
|
||||
" ",
|
||||
)
|
||||
authenticate := func(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
w.Header().Set("Cache-Control", "no-store")
|
||||
username, password, ok := r.BasicAuth()
|
||||
if ok && loginDetails.Validate(username, password) {
|
||||
return username, true
|
||||
}
|
||||
w.Header().Set(
|
||||
"WWW-Authenticate",
|
||||
`Basic realm="lurkcoin admin pages", charset="UTF-8"`,
|
||||
)
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(401)
|
||||
io.WriteString(w, accessDeniedPage)
|
||||
return "", false
|
||||
}
|
||||
authenticateWithCSRF := func(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
username, ok := authenticate(w, r)
|
||||
if !ok {
|
||||
return username, ok
|
||||
}
|
||||
if !loginDetails[username].AllowEditing {
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(401)
|
||||
io.WriteString(w, accessDeniedPage)
|
||||
return username, false
|
||||
}
|
||||
r.ParseForm()
|
||||
t, ok := csrfTokens[username]
|
||||
if !ok || !lurkcoin.ConstantTimeCompare(r.Form.Get("csrfToken"), t) {
|
||||
w.WriteHeader(500)
|
||||
io.WriteString(w, "Please try again.")
|
||||
return username, false
|
||||
}
|
||||
return username, true
|
||||
}
|
||||
|
||||
router.GET("/admin", func(w http.ResponseWriter, r *http.Request,
|
||||
_ httprouter.Params) {
|
||||
username, ok := authenticate(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
||||
var summaries []*adminPagesSummary
|
||||
var totalPendingTransactions int
|
||||
|
||||
lurkcoin.ForEach(db, func(server *lurkcoin.Server) error {
|
||||
pendingTransactionCount := len(server.GetPendingTransactions())
|
||||
totalPendingTransactions += pendingTransactionCount
|
||||
summaries = append(summaries, &adminPagesSummary{
|
||||
server.UID,
|
||||
server.Name,
|
||||
server.GetBalance(),
|
||||
server.GetTargetBalance(),
|
||||
pendingTransactionCount,
|
||||
})
|
||||
return nil
|
||||
}, false)
|
||||
|
||||
var data struct {
|
||||
Summaries []*adminPagesSummary
|
||||
AllowEditing bool
|
||||
AllowDatabaseDownload bool
|
||||
CSRFToken string
|
||||
}
|
||||
data.Summaries = summaries
|
||||
d := loginDetails[username]
|
||||
data.AllowEditing = d.AllowEditing
|
||||
data.AllowDatabaseDownload = d.AllowDatabaseDownload
|
||||
if d.AllowEditing {
|
||||
data.CSRFToken = csrfTokens.Get(username)
|
||||
}
|
||||
|
||||
err := summaryTmpl.Execute(w, data)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
})
|
||||
|
||||
serverInfo := func(w http.ResponseWriter, r *http.Request,
|
||||
serverName, username, msg string) {
|
||||
servers, ok, _ := db.GetServers([]string{serverName})
|
||||
if !ok {
|
||||
w.WriteHeader(404)
|
||||
return
|
||||
}
|
||||
server := servers[0]
|
||||
defer db.FreeServers([]*lurkcoin.Server{server}, false)
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
||||
var data struct {
|
||||
Server *lurkcoin.Server
|
||||
CSRFToken string
|
||||
Message string
|
||||
AllowEditing bool
|
||||
}
|
||||
data.Server = server
|
||||
data.CSRFToken = csrfTokens.Get(username)
|
||||
data.Message = msg
|
||||
data.AllowEditing = loginDetails[username].AllowEditing
|
||||
err := infoTmpl.Execute(w, data)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
router.GET("/admin/edit/:server", func(w http.ResponseWriter,
|
||||
r *http.Request, params httprouter.Params) {
|
||||
username, ok := authenticate(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
serverInfo(w, r, params.ByName("server"), username, "")
|
||||
})
|
||||
|
||||
router.POST("/admin/edit/:server", func(w http.ResponseWriter,
|
||||
r *http.Request, params httprouter.Params) {
|
||||
adminUser, authenticated := authenticateWithCSRF(w, r)
|
||||
if !authenticated {
|
||||
return
|
||||
}
|
||||
|
||||
// Get the server
|
||||
tr := lurkcoin.BeginDbTransaction(db)
|
||||
defer tr.Abort()
|
||||
servers, ok, _ := tr.GetServers(params.ByName("server"))
|
||||
if !ok {
|
||||
w.WriteHeader(404)
|
||||
return
|
||||
}
|
||||
server := servers[0]
|
||||
|
||||
var msgs []string
|
||||
|
||||
// Update the balance
|
||||
// This preserves any transactions after the initial page load.
|
||||
balance, oldBalance, ok := parseNumbers(
|
||||
r.Form.Get("balance"),
|
||||
r.Form.Get("oldBalance"),
|
||||
)
|
||||
if !ok {
|
||||
msgs = append(msgs, "Invalid balance specified!")
|
||||
} else if !balance.Eq(oldBalance) {
|
||||
if !server.ChangeBal(balance.Sub(oldBalance)) {
|
||||
server.ChangeBal(server.GetBalance())
|
||||
}
|
||||
msgs = append(msgs, "Balance updated!")
|
||||
log.Printf(
|
||||
"[Admin] User %#v changes balance of server %#v to %s",
|
||||
adminUser,
|
||||
server.Name,
|
||||
server.GetBalance(),
|
||||
)
|
||||
}
|
||||
|
||||
// Update the target balance
|
||||
targetBalance, oldTargetBalance, ok := parseNumbers(
|
||||
r.Form.Get("targetBalance"),
|
||||
r.Form.Get("oldTargetBalance"),
|
||||
)
|
||||
if !ok {
|
||||
msgs = append(msgs, "Invalid target balance specified!")
|
||||
} else if !targetBalance.Eq(oldTargetBalance) {
|
||||
server.SetTargetBalance(targetBalance)
|
||||
msgs = append(msgs, "Target balance updated!")
|
||||
log.Printf(
|
||||
"[Admin] User %#v changes target balance of server %#v to %s",
|
||||
adminUser,
|
||||
server.Name,
|
||||
targetBalance,
|
||||
)
|
||||
}
|
||||
|
||||
// Update the webhook URL
|
||||
webhookURL := r.Form.Get("webhookURL")
|
||||
if webhookURL != r.Form.Get("oldWebhookURL") {
|
||||
ok := server.SetWebhookURL(webhookURL)
|
||||
if ok {
|
||||
msgs = append(msgs, "Webhook URL updated!")
|
||||
} else {
|
||||
msgs = append(msgs, "Invalid webhook URL!")
|
||||
}
|
||||
log.Printf(
|
||||
"[Admin] User %#v changes webhook URL of server %#v to %#v",
|
||||
adminUser,
|
||||
server.Name,
|
||||
server.WebhookURL,
|
||||
)
|
||||
}
|
||||
|
||||
// Finish the transaction
|
||||
uid := server.UID
|
||||
tr.Finish()
|
||||
|
||||
serverInfo(w, r, uid, adminUser, strings.Join(msgs, "\n"))
|
||||
})
|
||||
|
||||
router.POST("/admin/create-server", func(w http.ResponseWriter,
|
||||
r *http.Request, params httprouter.Params) {
|
||||
adminUser, authenticated := authenticateWithCSRF(w, r)
|
||||
if !authenticated {
|
||||
return
|
||||
}
|
||||
serverName := strings.TrimSpace(r.Form.Get("username"))
|
||||
var msg string
|
||||
if len(serverName) < 3 || len(serverName) > 32 {
|
||||
msg = "The server name must be between 3 and 32 characters."
|
||||
} else {
|
||||
tr := lurkcoin.BeginDbTransaction(db)
|
||||
defer tr.Abort()
|
||||
server, ok := tr.CreateServer(serverName)
|
||||
if ok {
|
||||
log.Printf(
|
||||
"[Admin] User %#v created server %#v",
|
||||
adminUser,
|
||||
server.Name,
|
||||
)
|
||||
msg = "Token: " + server.Encode().Token
|
||||
tr.Finish()
|
||||
serverInfo(w, r, serverName, adminUser, msg)
|
||||
return
|
||||
}
|
||||
msg = "The specified server already exists!"
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(500)
|
||||
io.WriteString(w, adminPagesHeader+
|
||||
`<h2>An error has occurred!</h2>`+
|
||||
`<h5>`+msg+`</h5>`+
|
||||
`<i>You can hurry back to the previous page, or learn to like `+
|
||||
` this error and then eventually grow old and die.</i>`+
|
||||
`<br/><br/>`+
|
||||
`<a class="button button-primary" href="/admin">Go back</a>`+
|
||||
adminPagesFooter)
|
||||
})
|
||||
|
||||
router.GET("/admin/backup", func(w http.ResponseWriter,
|
||||
r *http.Request, params httprouter.Params) {
|
||||
username, ok := authenticate(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
d := loginDetails[username]
|
||||
if !d.AllowEditing || !d.AllowDatabaseDownload {
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.WriteHeader(401)
|
||||
io.WriteString(w, accessDeniedPage)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||
w.Header().Set(
|
||||
"Content-Disposition",
|
||||
`attachment; filename="lurkcoin backup.json"`,
|
||||
)
|
||||
w.WriteHeader(http.StatusOK)
|
||||
err := lurkcoin.BackupDatabase(db, w)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
})
|
||||
}
|
|
@ -0,0 +1,148 @@
|
|||
//
|
||||
// lurkcoin configuration
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"gopkg.in/yaml.v2"
|
||||
"log"
|
||||
"lurkcoin"
|
||||
"lurkcoin/databases"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
// The name of this service (for example "lurkcoin"). This is also used as
|
||||
// the default server name for the v2 API.
|
||||
Name string `yaml:"name"`
|
||||
|
||||
// The address to bind to (optional) and port.
|
||||
Address string `yaml:"address"`
|
||||
Port uint16 `yaml:"port"`
|
||||
|
||||
// An optional logfile
|
||||
Logfile string `yaml:"logfile"`
|
||||
|
||||
Database struct {
|
||||
Type string `yaml:"type"`
|
||||
Location string `yaml:"location"`
|
||||
Options map[string]string `yaml:"options"`
|
||||
} `yaml:"database"`
|
||||
|
||||
// TLS
|
||||
TLS struct {
|
||||
Enable bool `yaml:"enable"`
|
||||
CertFile string `yaml:"cert_file"`
|
||||
KeyFile string `yaml:"key_file"`
|
||||
} `yaml:"tls"`
|
||||
|
||||
// Admin pages
|
||||
AdminPages struct {
|
||||
Enable bool `yaml:"enable"`
|
||||
Users AdminLoginDetails `yaml:"users"`
|
||||
} `yaml:"admin_pages"`
|
||||
|
||||
// HTTP redirects
|
||||
Redirects map[string]string `yaml:"redirects"`
|
||||
|
||||
// The minimum HTTPS API version to support.
|
||||
MinAPIVersion uint8 `yaml:"min_api_version"`
|
||||
}
|
||||
|
||||
func LoadConfig(filename string) (*Config, error) {
|
||||
f, err := os.OpenFile(filename, os.O_RDONLY, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer f.Close()
|
||||
|
||||
var config Config
|
||||
decoder := yaml.NewDecoder(f)
|
||||
decoder.SetStrict(true)
|
||||
err = decoder.Decode(&config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if config.Name == "lurkcoin" {
|
||||
log.Println("Warning: The selected server name already exists!")
|
||||
}
|
||||
return &config, nil
|
||||
}
|
||||
|
||||
func OpenDatabase(config *Config) (lurkcoin.Database, error) {
|
||||
return databases.OpenDatabase(
|
||||
config.Database.Type,
|
||||
config.Database.Location,
|
||||
config.Database.Options,
|
||||
)
|
||||
}
|
||||
|
||||
func StartServer(config *Config) {
|
||||
lurkcoin.SeedPRNG()
|
||||
lurkcoin.PrintASCIIArt()
|
||||
log.Printf("Supported database types: %s",
|
||||
strings.Join(databases.GetSupportedDatabaseTypes(), ", "))
|
||||
db, err := OpenDatabase(config)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
router := MakeHTTPRouter(db, config)
|
||||
|
||||
address := fmt.Sprintf("%s:%d", config.Address, config.Port)
|
||||
urlAddress := address
|
||||
if config.Address == "" {
|
||||
urlAddress = "[::]" + urlAddress
|
||||
}
|
||||
if config.TLS.Enable {
|
||||
log.Printf("Starting server on https://%s/", urlAddress)
|
||||
} else {
|
||||
log.Printf("Starting server on http://%s/", urlAddress)
|
||||
}
|
||||
|
||||
if config.Logfile != "" {
|
||||
f, err := os.OpenFile(
|
||||
config.Logfile,
|
||||
os.O_WRONLY|os.O_APPEND|os.O_CREATE,
|
||||
0600,
|
||||
)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer f.Close()
|
||||
log.Printf("Using logfile %#v.", config.Logfile)
|
||||
log.SetOutput(f)
|
||||
}
|
||||
|
||||
server := &http.Server{Addr: address, Handler: router}
|
||||
|
||||
// My laptop doesn't work nicely with Keep-Alive.
|
||||
server.SetKeepAlivesEnabled(false)
|
||||
|
||||
if config.TLS.Enable {
|
||||
err = server.ListenAndServeTLS(config.TLS.CertFile, config.TLS.KeyFile)
|
||||
} else {
|
||||
err = server.ListenAndServe()
|
||||
}
|
||||
|
||||
log.Fatal(err)
|
||||
}
|
|
@ -0,0 +1,174 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"io"
|
||||
"lurkcoin"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
var c0 = lurkcoin.CurrencyFromInt64(0)
|
||||
|
||||
// A HTTP server wrapper
|
||||
type HTTPRequest struct {
|
||||
Server *lurkcoin.Server
|
||||
Database lurkcoin.Database
|
||||
DbTransaction *lurkcoin.DatabaseTransaction
|
||||
Request *http.Request
|
||||
Params httprouter.Params
|
||||
}
|
||||
|
||||
func MakeHTTPRequest(db lurkcoin.Database, request *http.Request, params httprouter.Params) *HTTPRequest {
|
||||
return &HTTPRequest{nil, db, nil, request, params}
|
||||
}
|
||||
|
||||
type HTTPHandler func(*HTTPRequest) (interface{}, error)
|
||||
|
||||
// Unmarshals JSON sent in the HTTP request into v.
|
||||
func (self *HTTPRequest) Unmarshal(v interface{}) error {
|
||||
// Ensure the Content-Type header is correct.
|
||||
contentType := self.Request.Header.Get("Content-Type")
|
||||
if i := strings.IndexByte(contentType, ';'); i >= 0 {
|
||||
contentType = contentType[:i]
|
||||
}
|
||||
if contentType != "" && contentType != "application/json" &&
|
||||
!(strings.HasPrefix(contentType, "application/") &&
|
||||
strings.HasSuffix(contentType, "+json")) {
|
||||
return errors.New("ERR_INVALIDREQUEST")
|
||||
}
|
||||
|
||||
length := self.Request.ContentLength
|
||||
|
||||
// Default to the maximum length plus one.
|
||||
if length < 0 {
|
||||
length = 4097
|
||||
} else if length > 4096 {
|
||||
return errors.New("ERR_PAYLOADTOOLARGE")
|
||||
}
|
||||
|
||||
raw := make([]byte, length)
|
||||
actual_length, _ := self.Request.Body.Read(raw)
|
||||
|
||||
if actual_length < 3 {
|
||||
return errors.New("ERR_INVALIDREQUEST")
|
||||
} else if actual_length > 4096 {
|
||||
return errors.New("ERR_PAYLOADTOOLARGE")
|
||||
}
|
||||
|
||||
json_err := json.Unmarshal(raw[:actual_length], v)
|
||||
if json_err != nil {
|
||||
return errors.New("ERR_INVALIDREQUEST")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (self *HTTPRequest) AbortTransaction() {
|
||||
if self.DbTransaction != nil {
|
||||
self.DbTransaction.Abort()
|
||||
self.DbTransaction = nil
|
||||
}
|
||||
}
|
||||
|
||||
func (self *HTTPRequest) FinishTransaction() {
|
||||
if self.DbTransaction != nil {
|
||||
self.DbTransaction.Finish()
|
||||
self.DbTransaction = nil
|
||||
}
|
||||
}
|
||||
|
||||
func authenticateRequest(r *http.Request, db lurkcoin.Database, otherServers ...string) (bool, *lurkcoin.DatabaseTransaction, *lurkcoin.Server) {
|
||||
// Get the username and token
|
||||
username, token, ok := r.BasicAuth()
|
||||
if !ok {
|
||||
return false, nil, nil
|
||||
}
|
||||
|
||||
return lurkcoin.AuthenticateRequest(db, username, token, otherServers)
|
||||
}
|
||||
|
||||
func (self *HTTPRequest) Authenticate(otherServers ...string) error {
|
||||
// Get the username and token
|
||||
username, token, ok := self.Request.BasicAuth()
|
||||
if !ok {
|
||||
return errors.New("ERR_INVALIDREQUEST")
|
||||
}
|
||||
|
||||
authed, tr, server := lurkcoin.AuthenticateRequest(
|
||||
self.Database,
|
||||
username,
|
||||
token,
|
||||
otherServers,
|
||||
)
|
||||
|
||||
if !authed {
|
||||
return errors.New("ERR_INVALIDLOGIN")
|
||||
}
|
||||
|
||||
self.Server = server
|
||||
self.DbTransaction = tr
|
||||
return nil
|
||||
}
|
||||
|
||||
func securityTxt(w http.ResponseWriter, r *http.Request,
|
||||
_ httprouter.Params) {
|
||||
io.WriteString(w, "# lurkcoin version: "+lurkcoin.VERSION+"\n")
|
||||
io.WriteString(w, "# Source: "+lurkcoin.SOURCE_URL+"\n")
|
||||
io.WriteString(w, "Contact: "+lurkcoin.REPORT_SECURITY+"\n")
|
||||
}
|
||||
|
||||
func makeRedirect(router *httprouter.Router, source, target string) {
|
||||
f := func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||
http.Redirect(w, r, target, http.StatusFound)
|
||||
}
|
||||
router.GET(source, f)
|
||||
}
|
||||
|
||||
func MakeHTTPRouter(db lurkcoin.Database, config *Config) *httprouter.Router {
|
||||
router := httprouter.New()
|
||||
router.GET("/.well-known/security.txt", securityTxt)
|
||||
|
||||
// Add custom redirects
|
||||
for source, target := range config.Redirects {
|
||||
makeRedirect(router, source, target)
|
||||
}
|
||||
|
||||
// Don't give up (or let down) bots
|
||||
if _, exists := config.Redirects["/wp-login.php"]; !exists {
|
||||
makeRedirect(router, "/wp-login.php",
|
||||
"https://www.youtube.com/watch?v=dQw4w9WgXcQ")
|
||||
}
|
||||
|
||||
if config.AdminPages.Enable && config.AdminPages.Users != nil {
|
||||
addAdminPages(router, db, config.AdminPages.Users)
|
||||
}
|
||||
if config.MinAPIVersion > 3 {
|
||||
return router
|
||||
}
|
||||
addV3API(router, db)
|
||||
if config.MinAPIVersion > 2 {
|
||||
return router
|
||||
}
|
||||
addV2API(router, db, config.Name)
|
||||
return router
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
// +build lurkcoin.disablev2api
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"log"
|
||||
"lurkcoin"
|
||||
)
|
||||
|
||||
func addV2API(_ *httprouter.Router, _ lurkcoin.Database, _ string) {
|
||||
log.Print("lurkcoinV2 API enabled at runtime but disabled " +
|
||||
"during compilation.")
|
||||
}
|
|
@ -0,0 +1,325 @@
|
|||
//
|
||||
// lurkcoin HTTPS API (version 2)
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
// API documentation:
|
||||
// https://gist.github.com/luk3yx/8028cedb3bfb282d9ba3f2d1c7871231
|
||||
|
||||
// +build !lurkcoin.disablev2api
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"lurkcoin"
|
||||
"math/big"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type v2Form interface {
|
||||
Get(string) string
|
||||
}
|
||||
|
||||
type v2MapForm struct {
|
||||
form map[string]json.Number
|
||||
}
|
||||
|
||||
func (self *v2MapForm) Get(key string) string {
|
||||
res, ok := self.form[key]
|
||||
if ok {
|
||||
return string(res)
|
||||
} else {
|
||||
return ""
|
||||
}
|
||||
}
|
||||
|
||||
var c1 = lurkcoin.CurrencyFromInt64(1)
|
||||
var f0 = big.NewFloat(0)
|
||||
var f500k = big.NewFloat(500000)
|
||||
|
||||
func v2GetQuery(r *http.Request) v2Form {
|
||||
err := r.ParseForm()
|
||||
if err == nil && len(r.Form) > 0 {
|
||||
return r.Form
|
||||
}
|
||||
|
||||
// Because json.Number extends string it can be used for strings.
|
||||
form := make(map[string]json.Number)
|
||||
(&HTTPRequest{Request: r}).Unmarshal(&form)
|
||||
return &v2MapForm{form}
|
||||
}
|
||||
|
||||
func (self *HTTPRequest) AuthenticateV2(query v2Form, otherServers ...string) error {
|
||||
// Get the username and token
|
||||
username := query.Get("name")
|
||||
token := query.Get("token")
|
||||
|
||||
authed, tr, server := lurkcoin.AuthenticateRequest(
|
||||
self.Database,
|
||||
username,
|
||||
token,
|
||||
otherServers,
|
||||
)
|
||||
|
||||
if !authed {
|
||||
return errors.New("ERR_INVALIDLOGIN")
|
||||
}
|
||||
|
||||
self.Server = server
|
||||
self.DbTransaction = tr
|
||||
return nil
|
||||
}
|
||||
|
||||
type v2HTTPHandler func(*HTTPRequest, v2Form) (interface{}, error)
|
||||
|
||||
func v2WrapHTTPHandler(db lurkcoin.Database, autoLogin bool,
|
||||
handlerFunc v2HTTPHandler) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request,
|
||||
params httprouter.Params) {
|
||||
req := MakeHTTPRequest(db, r, params)
|
||||
defer req.AbortTransaction()
|
||||
query := v2GetQuery(r)
|
||||
|
||||
var result interface{}
|
||||
var err error
|
||||
if !autoLogin || req.AuthenticateV2(query) == nil {
|
||||
result, err = handlerFunc(req, query)
|
||||
} else {
|
||||
err = errors.New("ERR_INVALIDLOGIN")
|
||||
}
|
||||
|
||||
var res []byte
|
||||
if err == nil {
|
||||
req.FinishTransaction()
|
||||
if s, ok := result.(string); ok {
|
||||
res = []byte(s)
|
||||
} else {
|
||||
var enc_err error
|
||||
res, enc_err = json.Marshal(result)
|
||||
if enc_err == nil {
|
||||
w.Header().Set("Content-Type",
|
||||
"application/json; charset=utf-8")
|
||||
} else {
|
||||
res = []byte("ERROR: Internal error!")
|
||||
}
|
||||
}
|
||||
w.WriteHeader(http.StatusOK)
|
||||
} else {
|
||||
req.AbortTransaction()
|
||||
var c int
|
||||
var msg string
|
||||
_, msg, c = lurkcoin.LookupError(err.Error())
|
||||
res = []byte("ERROR: " + msg)
|
||||
if c != 401 && query.Get("force_200") == "200" {
|
||||
c = 200
|
||||
}
|
||||
w.WriteHeader(c)
|
||||
}
|
||||
|
||||
w.Write(res)
|
||||
}
|
||||
}
|
||||
|
||||
func v2Post(router *httprouter.Router, db lurkcoin.Database, url string,
|
||||
autoLogin bool, f v2HTTPHandler) {
|
||||
url = "/v2/" + url
|
||||
f2 := v2WrapHTTPHandler(db, autoLogin, f)
|
||||
router.GET(url, f2)
|
||||
router.POST(url, f2)
|
||||
}
|
||||
|
||||
func v2IsYes(s string) bool {
|
||||
switch strings.ToLower(s) {
|
||||
case "true", "yes", "y", "1":
|
||||
return true
|
||||
default:
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
func addV2API(router *httprouter.Router, db lurkcoin.Database,
|
||||
lurkcoinName string) {
|
||||
|
||||
v2Post(router, db, "summary", true,
|
||||
func(r *HTTPRequest, _ v2Form) (interface{}, error) {
|
||||
summary := r.Server.GetSummary()
|
||||
return map[string]interface{}{
|
||||
"uid": summary.UID,
|
||||
"bal": summary.Bal,
|
||||
"balance": summary.Balance,
|
||||
"history": lurkcoin.GetV2History(summary, false),
|
||||
"server": true,
|
||||
"interest_rate": summary.InterestRate,
|
||||
}, nil
|
||||
})
|
||||
|
||||
v2Post(router, db, "pay", false,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
amount, err := lurkcoin.ParseCurrency(f.Get("amount"))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
targetServerName := f.Get("server")
|
||||
if targetServerName == "" {
|
||||
targetServerName = lurkcoinName
|
||||
}
|
||||
err = r.AuthenticateV2(f, targetServerName)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
target := f.Get("target")
|
||||
targetServer, ok := r.DbTransaction.GetCachedServer(targetServerName)
|
||||
if !ok {
|
||||
return nil, errors.New("ERR_SERVERNOTFOUND")
|
||||
}
|
||||
|
||||
_, err = r.Server.Pay("", target, targetServer,
|
||||
amount, v2IsYes(f.Get("local_currency")), true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return "Transaction sent!", nil
|
||||
})
|
||||
|
||||
v2Post(router, db, "bal", true,
|
||||
func(r *HTTPRequest, _ v2Form) (interface{}, error) {
|
||||
return r.Server.GetBalance(), nil
|
||||
})
|
||||
|
||||
v2Post(router, db, "history", true,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
history := lurkcoin.GetV2History(r.Server.GetSummary(), false)
|
||||
if f.Get("json") == "" {
|
||||
return strings.Join(history, "\n"), nil
|
||||
} else {
|
||||
return history, nil
|
||||
}
|
||||
})
|
||||
|
||||
v2Post(router, db, "exchange_rates", false,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
amount, err := lurkcoin.ParseCurrency(f.Get("amount"))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return lurkcoin.GetExchangeRate(r.Database, f.Get("from"),
|
||||
f.Get("to"), amount)
|
||||
})
|
||||
|
||||
// A near duplicate of the above endpoint.
|
||||
// This doesn't check for authentication
|
||||
v2Post(router, db, "get_exchange_rate", false,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
amount, err := lurkcoin.ParseCurrency(f.Get("amount"))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return lurkcoin.GetExchangeRate(r.Database, f.Get("name"),
|
||||
f.Get("to"), amount)
|
||||
})
|
||||
|
||||
//
|
||||
v2Post(router, db, "get_transactions", true,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
transactions := r.Server.GetPendingTransactions()
|
||||
if f.Get("simple") != "" {
|
||||
if len(transactions) == 0 {
|
||||
_, exc := r.Server.GetExchangeRate(c1, false)
|
||||
return exc, nil
|
||||
}
|
||||
s := func(n string) string {
|
||||
return strings.Replace(n, "|", "/", -1)
|
||||
}
|
||||
transaction := transactions[0]
|
||||
// To support fragile clients (such as versions of the lurkcoin
|
||||
// mod that use the /v2 API), "¤" is replaced with "_".
|
||||
return fmt.Sprintf("%d|%s|%s|%s",
|
||||
transaction.GetLegacyID(),
|
||||
s(strings.Replace(transaction.Target, "¤", "_", -1)),
|
||||
transaction.ReceivedAmount.RawString(),
|
||||
s(transaction.String()),
|
||||
), nil
|
||||
}
|
||||
res := make([][4]interface{}, len(transactions))
|
||||
for i, transaction := range transactions {
|
||||
res[i] = [4]interface{}{
|
||||
transaction.GetLegacyID(),
|
||||
strings.Replace(transaction.Target, "¤", "_", -1),
|
||||
transaction.ReceivedAmount,
|
||||
transaction.String(),
|
||||
}
|
||||
}
|
||||
if v2IsYes(f.Get("as_object")) {
|
||||
_, exc := r.Server.GetExchangeRate(c1, false)
|
||||
return map[string]interface{}{
|
||||
"exchange_rate": json.RawMessage(exc.String()),
|
||||
"transactions": res,
|
||||
}, nil
|
||||
} else {
|
||||
return res, nil
|
||||
}
|
||||
})
|
||||
|
||||
// lurkcoinV2 silently ignored invalid "amount" values.
|
||||
v2Post(router, db, "remove_transactions", true,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
amount, err := strconv.Atoi(f.Get("amount"))
|
||||
if err != nil || amount < 1 {
|
||||
amount = 1
|
||||
}
|
||||
r.Server.RemoveFirstPendingTransactions(amount)
|
||||
return "Done!", nil
|
||||
})
|
||||
|
||||
// Exchange rate multipliers don't exist in lurkcoinV3, however something
|
||||
// similar can be approximated with target balances.
|
||||
v2Post(router, db, "get_exchange_multiplier", true,
|
||||
func(r *HTTPRequest, _ v2Form) (interface{}, error) {
|
||||
// Fixed exchange rates didn't exist in lurkcoinV2.
|
||||
targetBalance := r.Server.GetTargetBalance()
|
||||
if targetBalance.IsZero() {
|
||||
return 1, nil
|
||||
}
|
||||
multiplier := new(big.Float).Quo(targetBalance.Float(),
|
||||
f500k)
|
||||
return json.RawMessage(multiplier.String()), nil
|
||||
})
|
||||
|
||||
v2Post(router, db, "set_exchange_multiplier", true,
|
||||
func(r *HTTPRequest, f v2Form) (interface{}, error) {
|
||||
multiplier, ok := new(big.Float).SetString(f.Get("multiplier"))
|
||||
if !ok || multiplier.Cmp(f0) != 1 {
|
||||
return nil, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
targetBalanceF := new(big.Float).Mul(multiplier, f500k)
|
||||
targetBalance := lurkcoin.CurrencyFromFloat(targetBalanceF)
|
||||
ok = r.Server.SetTargetBalance(targetBalance)
|
||||
if !ok {
|
||||
return nil, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
return "Exchange rate multiplier updated!", nil
|
||||
})
|
||||
}
|
|
@ -0,0 +1,222 @@
|
|||
//
|
||||
// lurkcoin HTTPS API (version 3)
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
// API documentation:
|
||||
// https://gist.github.com/luk3yx/7a07f8b307c9afbcf94cf47d7f41d9cb
|
||||
|
||||
package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"lurkcoin"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func v3WrapHTTPHandler(db lurkcoin.Database, autoLogin bool,
|
||||
handlerFunc HTTPHandler) httprouter.Handle {
|
||||
return func(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
|
||||
req := MakeHTTPRequest(db, r, params)
|
||||
defer req.AbortTransaction()
|
||||
|
||||
var result interface{}
|
||||
var err error
|
||||
if !autoLogin || req.Authenticate() == nil {
|
||||
result, err = handlerFunc(req)
|
||||
} else {
|
||||
err = errors.New("ERR_INVALIDLOGIN")
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||
res := make(map[string]interface{})
|
||||
if err == nil {
|
||||
req.FinishTransaction()
|
||||
res["success"] = true
|
||||
res["result"] = result
|
||||
w.WriteHeader(http.StatusOK)
|
||||
} else {
|
||||
req.AbortTransaction()
|
||||
var c int
|
||||
res["success"] = false
|
||||
res["error"], res["message"], c = lurkcoin.LookupError(err.Error())
|
||||
w.WriteHeader(c)
|
||||
}
|
||||
|
||||
// TODO: Possibly write JSON directly to the ResponseWriter.
|
||||
raw, enc_err := json.Marshal(res)
|
||||
if enc_err != nil {
|
||||
raw = []byte(`{"success":false,"error":"ERR_INTERNALERROR","message":"Internal error!"}`)
|
||||
}
|
||||
w.Write(raw)
|
||||
}
|
||||
}
|
||||
|
||||
func v3Get(router *httprouter.Router, db lurkcoin.Database, url string,
|
||||
requireLogin bool, f HTTPHandler) {
|
||||
f2 := v3WrapHTTPHandler(db, requireLogin, f)
|
||||
url = "/v3/" + url
|
||||
router.GET(url, f2)
|
||||
router.POST(url, f2)
|
||||
}
|
||||
|
||||
func v3Post(router *httprouter.Router, db lurkcoin.Database, url string,
|
||||
requireLogin bool, f HTTPHandler) {
|
||||
router.POST("/v3/"+url, v3WrapHTTPHandler(db, requireLogin, f))
|
||||
}
|
||||
|
||||
func v3Put(router *httprouter.Router, db lurkcoin.Database, url string,
|
||||
requireLogin bool, f HTTPHandler) {
|
||||
f2 := v3WrapHTTPHandler(db, requireLogin, f)
|
||||
router.PUT("/v3/"+url, f2)
|
||||
router.POST("/v3/set_"+url, f2)
|
||||
}
|
||||
|
||||
func addV3API(router *httprouter.Router, db lurkcoin.Database) {
|
||||
v3Get(router, db, "summary", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
return r.Server.GetSummary(), nil
|
||||
})
|
||||
|
||||
v3Post(router, db, "pay", false,
|
||||
func(r *HTTPRequest) (transaction interface{}, err error) {
|
||||
var p struct {
|
||||
Source string `json:"source"`
|
||||
Target string `json:"target"`
|
||||
TargetServer string `json:"target_server"`
|
||||
Amount lurkcoin.Currency `json:"amount"`
|
||||
LocalCurrency bool `json:"local_currency"`
|
||||
}
|
||||
err = r.Unmarshal(&p)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
err = r.Authenticate(p.TargetServer)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if p.Amount.IsNil() {
|
||||
err = errors.New("ERR_INVALIDAMOUNT")
|
||||
return
|
||||
}
|
||||
targetServer, ok := r.DbTransaction.GetCachedServer(p.TargetServer)
|
||||
if !ok {
|
||||
err = errors.New("ERR_SERVERNOTFOUND")
|
||||
return
|
||||
}
|
||||
transaction, err = r.Server.Pay(p.Source, p.Target, targetServer,
|
||||
p.Amount, p.LocalCurrency, true)
|
||||
return
|
||||
})
|
||||
|
||||
v3Get(router, db, "balance", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
return r.Server.GetBalance(), nil
|
||||
})
|
||||
|
||||
v3Get(router, db, "history", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
return r.Server.GetHistory(), nil
|
||||
})
|
||||
|
||||
v3Post(router, db, "exchange_rates", false,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
var p struct {
|
||||
Source string `json:"source"`
|
||||
Target string `json:"target"`
|
||||
Amount lurkcoin.Currency
|
||||
}
|
||||
r.Unmarshal(&p)
|
||||
if p.Amount.IsNil() {
|
||||
return nil, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
return lurkcoin.GetExchangeRate(r.Database, p.Source, p.Target,
|
||||
p.Amount)
|
||||
})
|
||||
|
||||
v3Get(router, db, "pending_transactions", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
return r.Server.GetPendingTransactions(), nil
|
||||
})
|
||||
|
||||
type transactionList struct {
|
||||
TransactionIDs []string `json:"transactions"`
|
||||
}
|
||||
v3Post(router, db, "acknowledge_transactions", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
var p transactionList
|
||||
r.Unmarshal(&p)
|
||||
for _, id := range p.TransactionIDs {
|
||||
r.Server.RemovePendingTransaction(id)
|
||||
}
|
||||
return nil, nil
|
||||
})
|
||||
|
||||
v3Post(router, db, "reject_transactions", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
var p transactionList
|
||||
r.Unmarshal(&p)
|
||||
for _, id := range p.TransactionIDs {
|
||||
r.Server.RejectPendingTransaction(id, r.DbTransaction)
|
||||
}
|
||||
return nil, nil
|
||||
})
|
||||
|
||||
v3Get(router, db, "target_balance", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
return r.Server.GetTargetBalance(), nil
|
||||
})
|
||||
|
||||
v3Put(router, db, "target_balance", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
var p struct {
|
||||
TargetBalance lurkcoin.Currency `json:"target_balance"`
|
||||
}
|
||||
err := r.Unmarshal(&p)
|
||||
if err != nil {
|
||||
return nil, errors.New("ERR_INVALIDREQUEST")
|
||||
}
|
||||
if p.TargetBalance.IsNil() {
|
||||
return nil, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
ok := r.Server.SetTargetBalance(p.TargetBalance)
|
||||
if !ok {
|
||||
return nil, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
return nil, nil
|
||||
})
|
||||
|
||||
v3Get(router, db, "webhook_url", true,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
if r.Server.WebhookURL == "" {
|
||||
return nil, nil
|
||||
}
|
||||
return r.Server.WebhookURL, nil
|
||||
})
|
||||
|
||||
v3Get(router, db, "version", false,
|
||||
func(r *HTTPRequest) (interface{}, error) {
|
||||
return map[string]interface{}{
|
||||
"version": lurkcoin.VERSION,
|
||||
"copyright": strings.Split(lurkcoin.COPYRIGHT, "\n"),
|
||||
"license": "AGPLv3",
|
||||
"source": lurkcoin.SOURCE_URL,
|
||||
}, nil
|
||||
})
|
||||
}
|
|
@ -0,0 +1,256 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"math/big"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// Create a custom Currency type that stores read-only currency values.
|
||||
type Currency struct {
|
||||
raw *big.Int
|
||||
}
|
||||
|
||||
var i0 = big.NewInt(0)
|
||||
var i10 = big.NewInt(10)
|
||||
var i100 = big.NewInt(100)
|
||||
|
||||
// A method to convert currency to a string.
|
||||
func (self Currency) RawString() string {
|
||||
// This should probably be improved.
|
||||
whole := new(big.Int)
|
||||
frac := new(big.Int)
|
||||
|
||||
var res string
|
||||
if self.raw.Cmp(i0) >= 0 {
|
||||
whole.DivMod(self.raw, i100, frac)
|
||||
res = whole.String()
|
||||
} else {
|
||||
whole.DivMod(new(big.Int).Abs(self.raw), i100, frac)
|
||||
res = "-" + whole.String()
|
||||
}
|
||||
|
||||
res += "."
|
||||
if frac.Cmp(i10) < 0 {
|
||||
res += "0"
|
||||
} else if frac.Cmp(i100) >= 0 {
|
||||
panic("Unreachable code (big.Int DivMod did something it shouldn't).")
|
||||
}
|
||||
return res + frac.String()
|
||||
}
|
||||
|
||||
// Returns the currency as a human-readable string.
|
||||
func (self Currency) String() string {
|
||||
raw := self.RawString()
|
||||
var builder strings.Builder
|
||||
|
||||
// Add the leading ¤.
|
||||
s := 0
|
||||
if raw[0] == '-' {
|
||||
s = 1
|
||||
builder.WriteByte('-')
|
||||
}
|
||||
builder.WriteString(SYMBOL)
|
||||
|
||||
// Insert a comma when required
|
||||
// 123456.78 → 123,456.78
|
||||
l := len(raw) - 3
|
||||
for i := s; i < len(raw); i++ {
|
||||
if l > i && i > s && (l-i)%3 == 0 {
|
||||
builder.WriteByte(',')
|
||||
}
|
||||
builder.WriteByte(raw[i])
|
||||
}
|
||||
|
||||
// Return the result
|
||||
return builder.String()
|
||||
}
|
||||
|
||||
// Returns the currency as a human-readable string. Positive numbers are
|
||||
// prefixed with +.
|
||||
func (self Currency) DeltaString() string {
|
||||
s := self.String()
|
||||
if self.GtZero() {
|
||||
return "+" + s
|
||||
}
|
||||
return s
|
||||
}
|
||||
|
||||
// Addition/division
|
||||
func (self Currency) Add(num Currency) Currency {
|
||||
raw := new(big.Int)
|
||||
raw.Add(self.raw, num.raw)
|
||||
return Currency{raw}
|
||||
}
|
||||
|
||||
func (self Currency) Sub(num Currency) Currency {
|
||||
raw := new(big.Int)
|
||||
raw.Sub(self.raw, num.raw)
|
||||
return Currency{raw}
|
||||
}
|
||||
|
||||
func (self Currency) Div(num Currency) *big.Float {
|
||||
return new(big.Float).Quo(self.Float(), num.Float())
|
||||
}
|
||||
|
||||
func (self Currency) Neg() Currency {
|
||||
return Currency{new(big.Int).Sub(i0, self.raw)}
|
||||
}
|
||||
|
||||
// Comparisons
|
||||
func (self Currency) Cmp(num Currency) int {
|
||||
return self.raw.Cmp(num.raw)
|
||||
}
|
||||
|
||||
func (self Currency) Eq(num Currency) bool {
|
||||
return self.Cmp(num) == 0
|
||||
}
|
||||
|
||||
func (self Currency) Gt(num Currency) bool {
|
||||
return self.Cmp(num) == 1
|
||||
}
|
||||
|
||||
func (self Currency) Lt(num Currency) bool {
|
||||
return self.Cmp(num) == -1
|
||||
}
|
||||
|
||||
func (self Currency) LtZero() bool {
|
||||
return self.raw.Cmp(i0) == -1
|
||||
}
|
||||
|
||||
func (self Currency) IsZero() bool {
|
||||
return self.raw.Cmp(i0) == 0
|
||||
}
|
||||
|
||||
func (self Currency) GtZero() bool {
|
||||
return self.raw.Cmp(i0) == 1
|
||||
}
|
||||
|
||||
func (self Currency) IsNil() bool {
|
||||
return self.raw == nil
|
||||
}
|
||||
|
||||
// Conversions
|
||||
var f100 *big.Float = big.NewFloat(100)
|
||||
|
||||
func (self Currency) Float() *big.Float {
|
||||
raw := new(big.Float).SetInt(self.raw)
|
||||
return new(big.Float).Quo(raw, f100)
|
||||
}
|
||||
|
||||
func (self Currency) Int() *big.Int {
|
||||
return new(big.Int).Set(self.raw)
|
||||
}
|
||||
|
||||
// JSON
|
||||
func (self Currency) MarshalJSON() ([]byte, error) {
|
||||
res := []byte(self.RawString())
|
||||
// Remove a single trailing zero (if any). If all trailing zeroes were
|
||||
// removed, Python would interpret the value as an integer instead.
|
||||
if res[len(res)-1] == '0' {
|
||||
res = res[:len(res)-1]
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (self *Currency) setString(data string) bool {
|
||||
if self.raw != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if strings.HasPrefix(data, SYMBOL) {
|
||||
data = data[2:]
|
||||
}
|
||||
|
||||
f, success := new(big.Float).SetString(data)
|
||||
if success {
|
||||
res := new(big.Int)
|
||||
new(big.Float).Mul(f, f100).Int(res)
|
||||
self.raw = res
|
||||
}
|
||||
return success
|
||||
}
|
||||
|
||||
func (self *Currency) UnmarshalJSON(data []byte) error {
|
||||
// Accept quoted values
|
||||
var s string
|
||||
if data[0] == '"' && data[len(data)-1] == '"' {
|
||||
s = string(data[1 : len(data)-1])
|
||||
} else {
|
||||
s = string(data)
|
||||
}
|
||||
if self.setString(s) {
|
||||
return nil
|
||||
} else {
|
||||
return errors.New("Invalid currency value.")
|
||||
}
|
||||
}
|
||||
|
||||
func (self *Currency) GobEncode() ([]byte, error) {
|
||||
return self.raw.GobEncode()
|
||||
}
|
||||
|
||||
func (self *Currency) GobDecode(data []byte) error {
|
||||
if self.raw != nil {
|
||||
return errors.New("GobDecode() on already initialised Currency.")
|
||||
}
|
||||
self.raw = new(big.Int)
|
||||
return self.raw.GobDecode(data)
|
||||
}
|
||||
|
||||
// Create new currency values
|
||||
func CurrencyFromFloat(num *big.Float) Currency {
|
||||
f := new(big.Float)
|
||||
f.Mul(num, f100)
|
||||
raw := new(big.Int)
|
||||
f.Int(raw)
|
||||
return Currency{raw}
|
||||
}
|
||||
|
||||
func CurrencyFromInt(num *big.Int) Currency {
|
||||
return Currency{new(big.Int).Set(num)}
|
||||
}
|
||||
|
||||
func CurrencyFromInt64(num int64) Currency {
|
||||
return Currency{new(big.Int).SetInt64(num * 100)}
|
||||
}
|
||||
|
||||
func CurrencyFromFloat64(num float64) Currency {
|
||||
return CurrencyFromFloat(new(big.Float).SetFloat64(num))
|
||||
}
|
||||
|
||||
func CurrencyFromString(num string) Currency {
|
||||
var res Currency
|
||||
if res.setString(strings.Replace(num, "_", "", -1)) {
|
||||
return res
|
||||
} else {
|
||||
return Currency{i0}
|
||||
}
|
||||
}
|
||||
|
||||
func ParseCurrency(num string) (Currency, error) {
|
||||
var res Currency
|
||||
if res.setString(strings.Replace(num, "_", "", -1)) {
|
||||
return res, nil
|
||||
} else {
|
||||
return Currency{i0}, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
}
|
|
@ -0,0 +1,157 @@
|
|||
//
|
||||
// lurkcoin database using bbolt: https://github.com/etcd-io/bbolt.
|
||||
// This is the recommended database format for lurkcoin.
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
// +build !lurkcoin.disablebbolt,!wasm lurkcoin.enablebbolt
|
||||
|
||||
package databases
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/gob"
|
||||
"errors"
|
||||
"lurkcoin"
|
||||
|
||||
bolt "github.com/etcd-io/bbolt"
|
||||
)
|
||||
|
||||
type boltDatabase struct {
|
||||
db *bolt.DB
|
||||
dblock genericDbLock
|
||||
}
|
||||
|
||||
func (self *boltDatabase) GetServers(names []string) ([]*lurkcoin.Server, bool, string) {
|
||||
// Acquire locks
|
||||
names = self.dblock.Lock(names)
|
||||
|
||||
// Unlock if there is an error
|
||||
ok := false
|
||||
defer func() {
|
||||
if !ok {
|
||||
self.dblock.UnlockIDs(names)
|
||||
}
|
||||
}()
|
||||
|
||||
res := make([]*lurkcoin.Server, len(names))
|
||||
var serverName string
|
||||
err := self.db.View(func(tx *bolt.Tx) error {
|
||||
bucket := tx.Bucket([]byte("lurkcoin"))
|
||||
if bucket == nil {
|
||||
if len(names) > 0 {
|
||||
serverName = names[0]
|
||||
}
|
||||
return errors.New("Bucket does not exist")
|
||||
}
|
||||
|
||||
for i, name := range names {
|
||||
raw := bucket.Get([]byte(name))
|
||||
if len(raw) == 0 {
|
||||
serverName = name
|
||||
return errors.New("ERR_SERVERNOTFOUND")
|
||||
}
|
||||
decoder := gob.NewDecoder(bytes.NewBuffer(raw))
|
||||
var encodedServer lurkcoin.EncodedServer
|
||||
if err := decoder.Decode(&encodedServer); err != nil {
|
||||
return err
|
||||
}
|
||||
res[i] = encodedServer.Decode()
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
if err == nil {
|
||||
ok = true
|
||||
return res, true, serverName
|
||||
} else {
|
||||
return nil, false, serverName
|
||||
}
|
||||
}
|
||||
|
||||
func (self *boltDatabase) FreeServers(servers []*lurkcoin.Server, save bool) {
|
||||
defer self.dblock.Unlock(servers)
|
||||
if !save {
|
||||
return
|
||||
}
|
||||
err := self.db.Update(func(tx *bolt.Tx) error {
|
||||
bucket, err := tx.CreateBucketIfNotExists([]byte("lurkcoin"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, server := range servers {
|
||||
if !server.IsModified() {
|
||||
continue
|
||||
}
|
||||
var buf bytes.Buffer
|
||||
encoder := gob.NewEncoder(&buf)
|
||||
encoder.Encode(server.Encode())
|
||||
bucket.Put([]byte(server.UID), buf.Bytes())
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
// Creates a server. The server is not saved until FreeServer() is called.
|
||||
func (self *boltDatabase) CreateServer(name string) (*lurkcoin.Server, bool) {
|
||||
ids := self.dblock.Lock([]string{name})
|
||||
|
||||
err := self.db.View(func(tx *bolt.Tx) error {
|
||||
bucket := tx.Bucket([]byte("lurkcoin"))
|
||||
if bucket != nil && len(bucket.Get([]byte(ids[0]))) != 0 {
|
||||
return errors.New("")
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
self.dblock.UnlockIDs(ids)
|
||||
return nil, false
|
||||
}
|
||||
|
||||
server := lurkcoin.NewServer(name)
|
||||
return server, true
|
||||
}
|
||||
|
||||
func (self *boltDatabase) ListServers() (res []string) {
|
||||
self.db.View(func(tx *bolt.Tx) error {
|
||||
bucket := tx.Bucket([]byte("lurkcoin"))
|
||||
if bucket == nil {
|
||||
return nil
|
||||
}
|
||||
return bucket.ForEach(func(k, v []byte) error {
|
||||
res = append(res, string(k))
|
||||
return nil
|
||||
})
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
func BoltDatabase(file string, _ map[string]string) (lurkcoin.Database, error) {
|
||||
db, err := bolt.Open(file, 0600, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &boltDatabase{db, newGenericDbLock()}, nil
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterDatabaseType("bolt", BoltDatabase)
|
||||
RegisterDatabaseType("bbolt", BoltDatabase)
|
||||
}
|
|
@ -0,0 +1,165 @@
|
|||
//
|
||||
// lurkcoin plaintext database
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
// +build !lurkcoin.disableplaintextdb
|
||||
|
||||
package databases
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"lurkcoin"
|
||||
"os"
|
||||
"path"
|
||||
"sync"
|
||||
)
|
||||
|
||||
type plaintextDatabase struct {
|
||||
db map[string]*lurkcoin.EncodedServer
|
||||
location string
|
||||
dblock genericDbLock
|
||||
lock *sync.RWMutex
|
||||
}
|
||||
|
||||
func (self *plaintextDatabase) GetServers(names []string) ([]*lurkcoin.Server, bool, string) {
|
||||
// Acquire locks
|
||||
names = self.dblock.Lock(names)
|
||||
|
||||
// Unlock if there is an error
|
||||
ok := false
|
||||
defer func() {
|
||||
if !ok {
|
||||
self.dblock.UnlockIDs(names)
|
||||
}
|
||||
}()
|
||||
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
|
||||
servers := make([]*lurkcoin.Server, 0, len(names))
|
||||
for _, name := range names {
|
||||
encodedServer, exists := self.db[name]
|
||||
if !exists {
|
||||
return nil, false, name
|
||||
}
|
||||
servers = append(servers, encodedServer.Decode())
|
||||
}
|
||||
|
||||
ok = true
|
||||
return servers, ok, ""
|
||||
}
|
||||
|
||||
func (self *plaintextDatabase) FreeServers(servers []*lurkcoin.Server, save bool) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
self.dblock.Unlock(servers)
|
||||
|
||||
if !save {
|
||||
return
|
||||
}
|
||||
|
||||
modified := false
|
||||
for _, server := range servers {
|
||||
if server.IsModified() {
|
||||
modified = true
|
||||
encodedServer := server.Encode()
|
||||
self.db[server.UID] = &encodedServer
|
||||
}
|
||||
}
|
||||
|
||||
if !modified {
|
||||
return
|
||||
}
|
||||
|
||||
f, err := ioutil.TempFile(path.Dir(self.location), ".tmp")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fn := f.Name()
|
||||
defer func() {
|
||||
if fn != "" {
|
||||
f.Close()
|
||||
os.Remove(fn)
|
||||
}
|
||||
}()
|
||||
|
||||
encodedServers := make([]*lurkcoin.EncodedServer, 0, len(self.db))
|
||||
for _, encodedServer := range self.db {
|
||||
encodedServers = append(encodedServers, encodedServer)
|
||||
}
|
||||
encoder := json.NewEncoder(f)
|
||||
err = encoder.Encode(encodedServers)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
f.Close()
|
||||
err = os.Rename(fn, self.location)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fn = ""
|
||||
}
|
||||
|
||||
func (self *plaintextDatabase) CreateServer(name string) (*lurkcoin.Server, bool) {
|
||||
ids := self.dblock.Lock([]string{name})
|
||||
id := ids[0]
|
||||
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
_, exists := self.db[id]
|
||||
if exists {
|
||||
self.dblock.UnlockIDs(ids)
|
||||
return nil, false
|
||||
}
|
||||
|
||||
return lurkcoin.NewServer(name), true
|
||||
}
|
||||
|
||||
func (self *plaintextDatabase) ListServers() []string {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
res := make([]string, len(self.db))
|
||||
i := 0
|
||||
for k := range self.db {
|
||||
res[i] = k
|
||||
i++
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
func PlaintextDatabase(location string, _ map[string]string) (lurkcoin.Database, error) {
|
||||
db := &plaintextDatabase{
|
||||
make(map[string]*lurkcoin.EncodedServer),
|
||||
location,
|
||||
newGenericDbLock(),
|
||||
new(sync.RWMutex),
|
||||
}
|
||||
f, err := os.OpenFile(location, os.O_RDONLY, 0)
|
||||
if err == nil {
|
||||
err = lurkcoin.RestoreDatabase(db, f)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return db, nil
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterDatabaseType("plaintext", PlaintextDatabase)
|
||||
}
|
|
@ -0,0 +1,125 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package databases
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"lurkcoin"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
|
||||
type databaseFactory func(location string, options map[string]string) (lurkcoin.Database, error)
|
||||
|
||||
var databaseTypes = make(map[string]databaseFactory)
|
||||
|
||||
// Registers a new database type.
|
||||
// WARNING: This function is not goroutine-safe and should probably only be
|
||||
// called from init().
|
||||
func RegisterDatabaseType(name string, f databaseFactory) {
|
||||
databaseTypes[strings.ToLower(name)] = f
|
||||
}
|
||||
|
||||
// Opens a database. The options parameter can be nil.
|
||||
func OpenDatabase(dbType, location string, options map[string]string) (lurkcoin.Database, error) {
|
||||
f, exists := databaseTypes[strings.ToLower(dbType)]
|
||||
if exists {
|
||||
return f(location, options)
|
||||
}
|
||||
return nil, fmt.Errorf("Unknown database type: %v.", dbType)
|
||||
}
|
||||
|
||||
func GetSupportedDatabaseTypes() []string {
|
||||
res := make([]string, 0, len(databaseTypes))
|
||||
for dbType := range databaseTypes {
|
||||
res = append(res, dbType)
|
||||
}
|
||||
sort.Strings(res)
|
||||
return res
|
||||
}
|
||||
|
||||
// Generic database lock
|
||||
type genericDbLock struct {
|
||||
lock *sync.Mutex
|
||||
locks map[string]*sync.Mutex
|
||||
}
|
||||
|
||||
// Locks servers and returns a list of homogenised server names.
|
||||
// It would probably be more efficient to just use one larger lock.
|
||||
func (self *genericDbLock) Lock(names []string) []string {
|
||||
ids := make([]string, len(names))
|
||||
for i, name := range names {
|
||||
ids[i] = lurkcoin.HomogeniseUsername(name)
|
||||
}
|
||||
|
||||
// Ensure none of the servers are locked.
|
||||
self.lock.Lock()
|
||||
ok := false
|
||||
for !ok {
|
||||
ok = true
|
||||
for _, name := range ids {
|
||||
cachedServerLock, exists := self.locks[name]
|
||||
if !exists {
|
||||
continue
|
||||
}
|
||||
|
||||
ok = false
|
||||
self.lock.Unlock()
|
||||
cachedServerLock.Lock()
|
||||
cachedServerLock.Unlock()
|
||||
self.lock.Lock()
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
defer self.lock.Unlock()
|
||||
|
||||
// Create locks so the above code does not have to make use of polling.
|
||||
for _, name := range ids {
|
||||
var lock sync.Mutex
|
||||
lock.Lock()
|
||||
self.locks[name] = &lock
|
||||
}
|
||||
|
||||
return ids
|
||||
}
|
||||
|
||||
// Unlocks
|
||||
func (self *genericDbLock) UnlockIDs(ids []string) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
for _, id := range ids {
|
||||
self.locks[id].Unlock()
|
||||
delete(self.locks, id)
|
||||
}
|
||||
}
|
||||
|
||||
func (self *genericDbLock) Unlock(servers []*lurkcoin.Server) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
for _, server := range servers {
|
||||
self.locks[server.UID].Unlock()
|
||||
delete(self.locks, server.UID)
|
||||
}
|
||||
}
|
||||
|
||||
func newGenericDbLock() genericDbLock {
|
||||
return genericDbLock{new(sync.Mutex), make(map[string]*sync.Mutex)}
|
||||
}
|
|
@ -0,0 +1,329 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"io"
|
||||
"sort"
|
||||
"sync"
|
||||
)
|
||||
|
||||
type Database interface {
|
||||
// GetServers(serverNames) (servers, ok, badServer)
|
||||
// This must atomically get all servers specified, and if one fails free
|
||||
// the previous ones and return nil, false, <failed server UID>.
|
||||
// NOTE THAT THIS WILL DEADLOCK IF DUPLICATE SERVERs ARE PROVIDED! Use
|
||||
// a DatabaseTransaction object to mitigate this issue.
|
||||
GetServers([]string) ([]*Server, bool, string)
|
||||
|
||||
// FreeServers(servers, saveChanges)
|
||||
// This must atomically free all servers in servers, and if saveChanges is
|
||||
// true write any changes to the database.
|
||||
FreeServers([]*Server, bool)
|
||||
|
||||
CreateServer(string) (*Server, bool)
|
||||
ListServers() []string
|
||||
}
|
||||
|
||||
// An atomic database transaction.
|
||||
type DatabaseTransaction struct {
|
||||
db Database
|
||||
lock *sync.Mutex
|
||||
servers map[string]*Server
|
||||
}
|
||||
|
||||
// Attempt to use the cache to get servers. Not goroutine-safe.
|
||||
func (self *DatabaseTransaction) getFromCache(names []string) ([]*Server, bool, string) {
|
||||
servers := make([]*Server, len(names))
|
||||
for i, name := range names {
|
||||
server, exists := self.servers[name]
|
||||
if !exists {
|
||||
return nil, false, ""
|
||||
}
|
||||
servers[i] = server
|
||||
}
|
||||
|
||||
return servers, true, ""
|
||||
}
|
||||
|
||||
// Get a server. The server will be freed once Finish() or Abort() is called.
|
||||
func (self *DatabaseTransaction) GetServers(names ...string) ([]*Server, bool, string) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
|
||||
// Ensure that this is the first GetServers() call.
|
||||
if self.servers != nil {
|
||||
// If GetServers() has been called previously, attempt to use cache.
|
||||
servers, ok, badServer := self.getFromCache(names)
|
||||
if !ok {
|
||||
panic("Multiple calls to GetServers() on DatabaseTransaction.")
|
||||
}
|
||||
return servers, ok, badServer
|
||||
}
|
||||
self.servers = make(map[string]*Server)
|
||||
|
||||
// Deduplicate the list
|
||||
deduplicated := false
|
||||
rawNames := names
|
||||
if len(names) > 1 {
|
||||
// Search for duplicates
|
||||
known := make(map[string]bool, len(names))
|
||||
i := 0
|
||||
for _, name := range names {
|
||||
name = HomogeniseUsername(name)
|
||||
if known[name] {
|
||||
deduplicated = true
|
||||
continue
|
||||
}
|
||||
names[i] = name
|
||||
known[name] = true
|
||||
i++
|
||||
}
|
||||
|
||||
names = names[:i]
|
||||
}
|
||||
|
||||
// Otherwise call GetServer
|
||||
servers, ok, badServer := self.db.GetServers(names)
|
||||
if ok {
|
||||
for _, server := range servers {
|
||||
self.servers[server.UID] = server
|
||||
}
|
||||
}
|
||||
|
||||
// If the list has been deduplicated, call getFromCache().
|
||||
if deduplicated && ok {
|
||||
return self.getFromCache(rawNames)
|
||||
}
|
||||
|
||||
return servers, ok, badServer
|
||||
}
|
||||
|
||||
func (self *DatabaseTransaction) GetOneServer(name string) (server *Server, ok bool) {
|
||||
var servers []*Server
|
||||
servers, ok, _ = self.GetServers(name)
|
||||
if ok {
|
||||
server = servers[0]
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Get a server already in the cache
|
||||
func (self *DatabaseTransaction) GetCachedServer(name string) (server *Server, ok bool) {
|
||||
name = HomogeniseUsername(name)
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
server, ok = self.servers[name]
|
||||
return
|
||||
}
|
||||
|
||||
// Creates a server. This may or may not be able to be reverted with Abort().
|
||||
func (self *DatabaseTransaction) CreateServer(name string) (*Server, bool) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
|
||||
if self.servers == nil {
|
||||
self.servers = make(map[string]*Server)
|
||||
}
|
||||
|
||||
name, _ = PasteuriseUsername(name)
|
||||
server, ok := self.db.CreateServer(name)
|
||||
if ok {
|
||||
self.servers[HomogeniseUsername(name)] = server
|
||||
}
|
||||
return server, ok
|
||||
}
|
||||
|
||||
// Gets a server or creates one if it doesn't exist.
|
||||
func (self *DatabaseTransaction) GetOrCreateServer(name string) (*Server, bool) {
|
||||
servers, ok, _ := self.GetServers(name)
|
||||
if !ok {
|
||||
return self.CreateServer(name)
|
||||
}
|
||||
return servers[0], ok
|
||||
}
|
||||
|
||||
// Calls the underlying database's ListServers().
|
||||
func (self *DatabaseTransaction) ListServers() []string {
|
||||
return self.db.ListServers()
|
||||
}
|
||||
|
||||
// Iterate over the database. Server objects are freed after f() returns.
|
||||
func (self *DatabaseTransaction) ForEach(f func(*Server) error, saveChanges bool) error {
|
||||
serverNames := self.ListServers()
|
||||
sort.Strings(serverNames)
|
||||
|
||||
// Abort if f() panics.
|
||||
defer self.Abort()
|
||||
|
||||
for _, name := range serverNames {
|
||||
server, ok := self.GetOneServer(name)
|
||||
|
||||
// If the server has been deleted in the meantime, ignore it.
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
// If f(server) returns an error then stop iterating.
|
||||
err := f(server)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Unlock the server (this is the same as calling Finish/Abort).
|
||||
self.free(saveChanges)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ForEach(db Database, f func(*Server) error, saveChanges bool) error {
|
||||
return BeginDbTransaction(db).ForEach(f, saveChanges)
|
||||
}
|
||||
|
||||
func (self *DatabaseTransaction) free(save bool) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
|
||||
if self.servers == nil {
|
||||
return
|
||||
}
|
||||
|
||||
servers := make([]*Server, 0, len(self.servers))
|
||||
for _, server := range self.servers {
|
||||
servers = append(servers, server)
|
||||
}
|
||||
self.db.FreeServers(servers, save)
|
||||
|
||||
self.servers = nil
|
||||
}
|
||||
|
||||
// Commits the changes made to the database.
|
||||
func (self *DatabaseTransaction) Finish() {
|
||||
self.free(true)
|
||||
}
|
||||
|
||||
// Aborts the transaction and discards any changes made. This is a no-op if
|
||||
// Finish() or Abort() have already been called.
|
||||
func (self *DatabaseTransaction) Abort() {
|
||||
self.free(false)
|
||||
}
|
||||
|
||||
func (self *DatabaseTransaction) GetRawDatabase() Database {
|
||||
return self.db
|
||||
}
|
||||
|
||||
// Creates a new DatabaseTransaction object for a database.
|
||||
func BeginDbTransaction(db Database) *DatabaseTransaction {
|
||||
var mutex sync.Mutex
|
||||
return &DatabaseTransaction{db, &mutex, nil}
|
||||
}
|
||||
|
||||
func AuthenticateRequest(db Database, username, token string,
|
||||
otherServers []string) (bool, *DatabaseTransaction, *Server) {
|
||||
// Begin a database transaction.
|
||||
tr := BeginDbTransaction(db)
|
||||
|
||||
// Calling tr.GetServers(username, otherServers...) doesn't work
|
||||
serverNames := make([]string, len(otherServers)+1)
|
||||
serverNames[0] = username
|
||||
copy(serverNames[1:], otherServers)
|
||||
|
||||
// Attempt to authenticate the request.
|
||||
servers, exists, badServer := tr.GetServers(serverNames...)
|
||||
|
||||
// Get servers before any non-existent server.
|
||||
if !exists {
|
||||
for i, serverName := range serverNames {
|
||||
if badServer == HomogeniseUsername(serverName) {
|
||||
serverNames = serverNames[:i]
|
||||
break
|
||||
}
|
||||
}
|
||||
if len(serverNames) > 0 {
|
||||
tr.Abort()
|
||||
servers, exists, _ = tr.GetServers(serverNames...)
|
||||
}
|
||||
}
|
||||
|
||||
// Check the token.
|
||||
if exists && servers[0].CheckToken(token) {
|
||||
return true, tr, servers[0]
|
||||
}
|
||||
|
||||
// If the authentication failed, abort the transaction and return.
|
||||
tr.Abort()
|
||||
return false, nil, nil
|
||||
}
|
||||
|
||||
// Backup a database.
|
||||
func BackupDatabase(db Database, writer io.Writer) error {
|
||||
tr := BeginDbTransaction(db)
|
||||
defer tr.Abort()
|
||||
|
||||
// Make a list of encoded servers. This uses pointers to reduce copying.
|
||||
var encodedServers []*EncodedServer
|
||||
tr.ForEach(func(server *Server) error {
|
||||
encodedServer := server.Encode()
|
||||
encodedServers = append(encodedServers, &encodedServer)
|
||||
return nil
|
||||
}, false)
|
||||
|
||||
// Nothing was changed, abort the transaction.
|
||||
tr.Abort()
|
||||
|
||||
// Save the encoded servers with JSON.
|
||||
encoder := json.NewEncoder(writer)
|
||||
return encoder.Encode(encodedServers)
|
||||
}
|
||||
|
||||
// Restore a database. This is not atomic and may result in a partially
|
||||
// restored database.
|
||||
// TODO: Delete servers that exist in the database but do not exist in the
|
||||
// backup.
|
||||
func RestoreDatabase(db Database, reader io.Reader) error {
|
||||
var encodedServers []EncodedServer
|
||||
decoder := json.NewDecoder(reader)
|
||||
err := decoder.Decode(&encodedServers)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if decoder.More() {
|
||||
return errors.New("Extra JSON value")
|
||||
}
|
||||
|
||||
tr := BeginDbTransaction(db)
|
||||
defer tr.Abort()
|
||||
|
||||
for _, encodedServer := range encodedServers {
|
||||
server, ok := tr.GetOrCreateServer(encodedServer.Name)
|
||||
if !ok {
|
||||
return errors.New("Could not create server.")
|
||||
}
|
||||
|
||||
// Overwrite the server
|
||||
*server = *encodedServer.Decode()
|
||||
server.SetModified()
|
||||
|
||||
// Save
|
||||
tr.Finish()
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
// Error codes
|
||||
var errorCodes = map[string]string{
|
||||
"ERR_INVALIDLOGIN": `Invalid login!`,
|
||||
"ERR_INVALIDREQUEST": `Invalid request.`,
|
||||
"ERR_PAYLOADTOOLARGE": `Request body too large. You may send a maximum ` +
|
||||
`of 4096 bytes.`,
|
||||
|
||||
"ERR_SERVERNOTFOUND": `Server not found!`,
|
||||
"ERR_INVALIDAMOUNT": `Invalid number!`,
|
||||
"ERR_CANNOTPAYNOTHING": `You cannot pay someone ` + SYMBOL + `0.00!`,
|
||||
"ERR_CANNOTAFFORD": `You cannot afford to do that!`,
|
||||
|
||||
`ERR_SOURCEUSERNAMETOOLONG`: `The source username is too long!`,
|
||||
`ERR_USERNAMETOOLONG`: `The target username is too long!`,
|
||||
|
||||
// It might be possible to reword these descriptions without breaking things
|
||||
"ERR_SOURCESERVERNOTFOUND": `The "from" server does not exist!`,
|
||||
"ERR_TARGETSERVERNOTFOUND": `The "to" server does not exist!`,
|
||||
"ERR_TRANSACTIONLIMIT": `The amount you specified exceeds the max spend!`,
|
||||
}
|
||||
|
||||
func LookupError(code string) (string, string, int) {
|
||||
msg, exists := errorCodes[code]
|
||||
if exists {
|
||||
var httpCode int
|
||||
switch code {
|
||||
case "ERR_INVALIDLOGIN":
|
||||
httpCode = 401
|
||||
case "ERR_PAYLOADTOOLARGE":
|
||||
httpCode = 413
|
||||
default:
|
||||
httpCode = 400
|
||||
}
|
||||
return code, msg, httpCode
|
||||
} else {
|
||||
return "ERR_INTERNALERROR", "Internal error!", 500
|
||||
}
|
||||
}
|
|
@ -0,0 +1,228 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
import (
|
||||
crypto_rand "crypto/rand"
|
||||
"crypto/subtle"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"math"
|
||||
"math/big"
|
||||
"math/rand"
|
||||
"net/url"
|
||||
"regexp"
|
||||
"strings"
|
||||
"unicode"
|
||||
)
|
||||
|
||||
// Changing the symbol will break the legacy database (not compiled by default)
|
||||
const SYMBOL = "¤"
|
||||
const VERSION = "3.0.0 alpha 0"
|
||||
|
||||
// Note that public source code is required by the AGPL
|
||||
const SOURCE_URL = "https://github.com/luk3yx/lurkcoin"
|
||||
const REPORT_SECURITY = "https://gitlab.com/luk3yx/lurkcoin/-/issues/new"
|
||||
|
||||
// Copyrights should be separated by newlines
|
||||
const COPYRIGHT = "Copyright © 2020 by luk3yx"
|
||||
|
||||
func PrintASCIIArt() {
|
||||
log.Print(`/\___/\ _ _ _`)
|
||||
log.Print(`\ _ / | |_ _ _ __| | _____ ___ (_)_ __`)
|
||||
log.Print(`| (_) | | | | | | '__| |/ / __/ _ \| | '_ \`)
|
||||
log.Print(`/ ___ \ | | |_| | | | < (_| (_) | | | | |`)
|
||||
log.Print(`\/ \/ |_|\__,_|_| |_|\_\___\___/|_|_| |_|`)
|
||||
log.Print()
|
||||
log.Printf("Version %s", VERSION)
|
||||
}
|
||||
|
||||
var c0 Currency = CurrencyFromInt64(0)
|
||||
var invalid_uid = regexp.MustCompile(`[^a-z0-9\_]`)
|
||||
|
||||
func HomogeniseUsername(username string) string {
|
||||
username = strings.ToLower(username)
|
||||
username = strings.Replace(username, " ", "", -1)
|
||||
return invalid_uid.ReplaceAllLiteralString(username, "_")
|
||||
}
|
||||
|
||||
// Remove control characters and leading+trailing whitespace from a username.
|
||||
// HomogeniseUsername(PasteuriseUsername(username)) should always equal
|
||||
// HomogeniseUsername(username).
|
||||
func PasteuriseUsername(username string) (res string, runeCount int) {
|
||||
res = strings.Map(func(r rune) rune {
|
||||
runeCount += 1
|
||||
if unicode.IsGraphic(r) {
|
||||
return r
|
||||
}
|
||||
return '<27>'
|
||||
}, strings.Trim(username, " "))
|
||||
return
|
||||
}
|
||||
|
||||
// Gets a random uint64 with crypto/rand, casts it to an int64 and feeds it to
|
||||
// rand.Seed().
|
||||
func SeedPRNG() {
|
||||
max := new(big.Int).SetUint64(math.MaxUint64)
|
||||
res, err := crypto_rand.Int(crypto_rand.Reader, max)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
rand.Seed(int64(res.Uint64()))
|
||||
}
|
||||
|
||||
// Generate a secure random API token. This will probably be around 171
|
||||
// characters long.
|
||||
func GenerateToken() string {
|
||||
// Get 128 random bytes (1024 bits).
|
||||
raw := make([]byte, 128)
|
||||
_, err := crypto_rand.Read(raw)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
// Encode it with base64.RawURLEncoding
|
||||
var builder strings.Builder
|
||||
encoder := base64.NewEncoder(base64.RawURLEncoding, &builder)
|
||||
encoder.Write(raw)
|
||||
encoder.Close()
|
||||
|
||||
// Return the string
|
||||
return builder.String()
|
||||
}
|
||||
|
||||
// Validate a webhook URL, returns the actual URL that should be used and a
|
||||
// boolean indicating success.
|
||||
func ValidateWebhookURL(rawURL string) (string, bool) {
|
||||
u, err := url.Parse(rawURL)
|
||||
if err != nil || (u.Scheme != "http" && u.Scheme != "https") {
|
||||
return "", false
|
||||
}
|
||||
path := u.Path
|
||||
|
||||
// Paths always end in /lurkcoin currently.
|
||||
if !strings.HasSuffix(path, "/lurkcoin") {
|
||||
if !strings.HasSuffix(path, "/") {
|
||||
path += "/"
|
||||
}
|
||||
path += "lurkcoin"
|
||||
}
|
||||
|
||||
// Create a new URL object without extra parameters.
|
||||
safeURL := &url.URL{Scheme: u.Scheme, Host: u.Host, Path: path}
|
||||
return safeURL.String(), true
|
||||
}
|
||||
|
||||
// Get an exchange rate between two servers
|
||||
func GetExchangeRate(db Database, source, target string, amount Currency) (Currency, error) {
|
||||
tr := BeginDbTransaction(db)
|
||||
defer tr.Abort()
|
||||
|
||||
source = HomogeniseUsername(source)
|
||||
target = HomogeniseUsername(target)
|
||||
if source == target {
|
||||
return amount, nil
|
||||
}
|
||||
|
||||
if source != "" {
|
||||
sourceServer, ok := tr.GetOneServer(source)
|
||||
if !ok {
|
||||
return c0, errors.New("ERR_SOURCESERVERNOTFOUND")
|
||||
}
|
||||
amount, _ = sourceServer.GetExchangeRate(amount, true)
|
||||
|
||||
// Abort the transaction now to get the target server
|
||||
tr.Abort()
|
||||
}
|
||||
if target != "" {
|
||||
targetServer, ok := tr.GetOneServer(target)
|
||||
if !ok {
|
||||
return c0, errors.New("ERR_TARGETSERVERNOTFOUND")
|
||||
}
|
||||
amount, _ = targetServer.GetExchangeRate(amount, false)
|
||||
}
|
||||
return amount, nil
|
||||
}
|
||||
|
||||
// A Python-ish repr()
|
||||
func repr(raw string) string {
|
||||
res := fmt.Sprintf("%q", raw)
|
||||
if strings.Count(res, `"`) == 2 && !strings.Contains(res, "'") {
|
||||
return "'" + res[1:len(res)-1] + "'"
|
||||
}
|
||||
return res
|
||||
}
|
||||
|
||||
// A helper used by both lurkcoin/api and lurkcoin/databases.
|
||||
func GetV2History(summary Summary, appendID bool) (h []string) {
|
||||
balance := summary.Bal
|
||||
// This intentionally adds transactions the server sends to itself twice.
|
||||
for _, transaction := range summary.History {
|
||||
var suffix string
|
||||
if appendID {
|
||||
suffix = " [" + transaction.ID + "]"
|
||||
}
|
||||
if transaction.TargetServer == summary.Name {
|
||||
amount_s := transaction.Amount.DeltaString()
|
||||
if transaction.SourceServer == "" && transaction.Target == "" {
|
||||
h = append(h, fmt.Sprintf("%s: %s - %s%s", balance.String(),
|
||||
amount_s, transaction.Source, suffix))
|
||||
} else {
|
||||
h = append(h, fmt.Sprintf(
|
||||
"%s: %s - Transaction from %s to %s.%s",
|
||||
balance.String(),
|
||||
amount_s,
|
||||
repr(transaction.SourceServer),
|
||||
repr(transaction.Target),
|
||||
suffix,
|
||||
))
|
||||
}
|
||||
|
||||
// Addition and subtraction are swapped because most recent
|
||||
// transactions are first and we start with the current balance.
|
||||
balance = balance.Sub(transaction.Amount)
|
||||
}
|
||||
if transaction.SourceServer == summary.Name {
|
||||
amount_s := transaction.Amount.Neg().DeltaString()
|
||||
h = append(h, fmt.Sprintf("%s: %s - Transaction to %s on %s.%s",
|
||||
balance.String(), amount_s, repr(transaction.Target),
|
||||
repr(transaction.TargetServer), suffix))
|
||||
balance = balance.Add(transaction.Amount)
|
||||
}
|
||||
}
|
||||
if len(h) < 10 {
|
||||
h = append(h, c0.String()+": Account created")
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Returns true if a == b in a constant time. Note that this will however leak
|
||||
// string lengths.
|
||||
func ConstantTimeCompare(a string, b string) bool {
|
||||
first := []byte(a)
|
||||
second := []byte(b)
|
||||
// Comparing the length isn't strictly necessary in Go 1.4+, however is
|
||||
// done anyway.
|
||||
if len(first) != len(second) {
|
||||
return false
|
||||
}
|
||||
return subtle.ConstantTimeCompare(first, second) != 0
|
||||
}
|
|
@ -0,0 +1,104 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log"
|
||||
)
|
||||
|
||||
// The transaction limit, currently 1e+11 so clients that parse JSON numbers as
|
||||
// 64-bit floats won't run into issues.
|
||||
var transactionLimit Currency = CurrencyFromInt64(100000000000)
|
||||
|
||||
// Sends a payment.
|
||||
func (sourceServer *Server) Pay(source, target string,
|
||||
targetServer *Server, sentAmount Currency, localCurrency bool,
|
||||
revertable bool) (*Transaction, error) {
|
||||
|
||||
// Ensure the source and target usernames aren't too long.
|
||||
var length int
|
||||
source, length = PasteuriseUsername(source)
|
||||
if length > 48 {
|
||||
return nil, errors.New("ERR_SOURCEUSERNAMETOOLONG")
|
||||
}
|
||||
target, length = PasteuriseUsername(target)
|
||||
if length > 48 {
|
||||
return nil, errors.New("ERR_USERNAMETOOLONG")
|
||||
}
|
||||
|
||||
// Get the amount being sent in lurkcoins
|
||||
var amount Currency
|
||||
if localCurrency {
|
||||
amount, _ = sourceServer.GetExchangeRate(sentAmount, true)
|
||||
} else {
|
||||
amount = sentAmount
|
||||
}
|
||||
|
||||
// No stealing
|
||||
if !sentAmount.GtZero() || !amount.GtZero() {
|
||||
return nil, errors.New("ERR_INVALIDAMOUNT")
|
||||
}
|
||||
|
||||
if sentAmount.Gt(transactionLimit) || amount.Gt(transactionLimit) {
|
||||
return nil, errors.New("ERR_TRANSACTIONLIMIT")
|
||||
}
|
||||
|
||||
// Remove the amount
|
||||
success := sourceServer.ChangeBal(amount.Neg())
|
||||
if !success {
|
||||
return nil, errors.New("ERR_CANNOTAFFORD")
|
||||
}
|
||||
|
||||
receivedAmount, _ := targetServer.GetExchangeRate(amount, false)
|
||||
|
||||
if !receivedAmount.GtZero() {
|
||||
return nil, errors.New("ERR_CANNOTPAYNOTHING")
|
||||
}
|
||||
|
||||
if receivedAmount.Gt(transactionLimit) {
|
||||
return nil, errors.New("ERR_TRANSACTIONLIMIT")
|
||||
}
|
||||
|
||||
success = targetServer.ChangeBal(amount)
|
||||
|
||||
// This should always be true
|
||||
if !success {
|
||||
// Revert the previous balance change before returning
|
||||
sourceServer.ChangeBal(amount)
|
||||
return nil, errors.New("ERR_INTERNALERROR")
|
||||
}
|
||||
|
||||
transaction := MakeTransaction(source, sourceServer.Name, target,
|
||||
targetServer.Name, amount, sentAmount, receivedAmount)
|
||||
if revertable {
|
||||
transaction.Revertable = true
|
||||
}
|
||||
|
||||
// Add the transaction to the history
|
||||
if sourceServer != targetServer {
|
||||
sourceServer.AddToHistory(transaction)
|
||||
}
|
||||
targetServer.AddToHistory(transaction)
|
||||
|
||||
// Log the transaction
|
||||
log.Print(transaction)
|
||||
|
||||
return &transaction, nil
|
||||
}
|
|
@ -0,0 +1,440 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
import (
|
||||
"math/big"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Most mutable fields in Server are private to prevent race conditions.
|
||||
// Note that pendingTransactions has to be ordered to retain lurkcoinV2
|
||||
// compatibility. If compatibiltiy is ever dropped, it could possibly become a
|
||||
// map[string]Transaction to improve the efficiency of delete operations.
|
||||
type Server struct {
|
||||
UID string
|
||||
Name string
|
||||
balance Currency
|
||||
targetBalance Currency
|
||||
history []Transaction
|
||||
pendingTransactions []Transaction
|
||||
token string
|
||||
WebhookURL string
|
||||
lock *sync.RWMutex
|
||||
modified bool
|
||||
}
|
||||
|
||||
type ServerCollection interface {
|
||||
GetServer(name string) *Server
|
||||
}
|
||||
|
||||
var MaxTargetBalance = CurrencyFromInt64(500000000)
|
||||
|
||||
func (self *Server) GetBalance() Currency {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
return self.balance
|
||||
}
|
||||
|
||||
func (self *Server) GetTargetBalance() Currency {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
return self.targetBalance
|
||||
}
|
||||
|
||||
// Changes the user's balance, returns false if the user does not have enough
|
||||
// money. This is an atomic operation, changing the balance manually is not
|
||||
// recommended.
|
||||
func (self *Server) ChangeBal(num Currency) bool {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
new_balance := self.balance.Add(num)
|
||||
if new_balance.LtZero() {
|
||||
return false
|
||||
}
|
||||
self.balance = new_balance
|
||||
self.modified = true
|
||||
return true
|
||||
}
|
||||
|
||||
// Gets the server's history. The slice returned can be modified, however the
|
||||
// transaction objects should not be.
|
||||
func (self *Server) GetHistory() []Transaction {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
res := make([]Transaction, len(self.history))
|
||||
copy(res, self.history)
|
||||
return res
|
||||
}
|
||||
|
||||
var webhookClient = &http.Client{Timeout: time.Second * 5}
|
||||
|
||||
func (self *Server) AddToHistory(transaction Transaction) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
self.modified = true
|
||||
|
||||
// Prepend transaction to self.history
|
||||
// https://stackoverflow.com/a/53737602
|
||||
if len(self.history) < 10 {
|
||||
// Only increase the length of the slice if it is shorter than 10
|
||||
// elements long, meaning the transaction history cannot be longer
|
||||
// than 10 elements.
|
||||
self.history = append(self.history, Transaction{})
|
||||
}
|
||||
copy(self.history[1:], self.history)
|
||||
self.history[0] = transaction
|
||||
|
||||
if self.Name != transaction.TargetServer || transaction.Target == "" {
|
||||
return
|
||||
}
|
||||
|
||||
// Add to pending transactions.
|
||||
self.pendingTransactions = append(self.pendingTransactions, transaction)
|
||||
|
||||
// Validate the webhook URL (if any).
|
||||
if self.WebhookURL == "" {
|
||||
return
|
||||
}
|
||||
|
||||
// Send a request to the webhook (in a separate goroutine so it doesn't
|
||||
// block anything).
|
||||
go func(webhookURL string) {
|
||||
url, ok := ValidateWebhookURL(webhookURL)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
reader := strings.NewReader(`{"version": 0}`)
|
||||
req, err := http.NewRequest("POST", url, reader)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("User-Agent", "lurkcoin/3.0")
|
||||
res, err := webhookClient.Do(req)
|
||||
if err == nil {
|
||||
res.Body.Close()
|
||||
}
|
||||
}(self.WebhookURL)
|
||||
}
|
||||
|
||||
// Get a list of pending transactions, similar to GetHistory().
|
||||
func (self *Server) GetPendingTransactions() []Transaction {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
res := make([]Transaction, len(self.pendingTransactions))
|
||||
copy(res, self.pendingTransactions)
|
||||
return res
|
||||
}
|
||||
|
||||
// Returns true if the server has pending transactions.
|
||||
func (self *Server) HasPendingTransactions() bool {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
return len(self.pendingTransactions) > 0
|
||||
}
|
||||
|
||||
func (self *Server) removeAndReturnPendingTransaction(id string) *Transaction {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
for i, transaction := range self.pendingTransactions {
|
||||
if transaction.ID == id {
|
||||
// Although Currency objects are not themselves pointers, they
|
||||
// contain a pointer to a big.Int object.
|
||||
l := len(self.pendingTransactions) - 1
|
||||
if i < l {
|
||||
copy(self.pendingTransactions[i:],
|
||||
self.pendingTransactions[i+1:])
|
||||
}
|
||||
self.pendingTransactions[l] = Transaction{}
|
||||
self.pendingTransactions = self.pendingTransactions[:l]
|
||||
self.modified = true
|
||||
return &transaction
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Remove a pending transaction given its ID.
|
||||
func (self *Server) RemovePendingTransaction(id string) {
|
||||
self.removeAndReturnPendingTransaction(id)
|
||||
}
|
||||
|
||||
// Reject (and possibly revert) a pending transaction.
|
||||
func (self *Server) RejectPendingTransaction(id string,
|
||||
tr *DatabaseTransaction) {
|
||||
if tr == nil {
|
||||
panic("nil *DatabaseTransaction passed to RejectPendingTransaction().")
|
||||
}
|
||||
|
||||
// Get the transaction and ensure
|
||||
transaction := self.removeAndReturnPendingTransaction(id)
|
||||
if transaction == nil || !transaction.Revertable {
|
||||
return
|
||||
}
|
||||
|
||||
// Defer to a goroutine to prevent deadlocks
|
||||
// TODO: Do this in the current goroutine
|
||||
db := tr.GetRawDatabase()
|
||||
currentUID := self.UID
|
||||
go func() {
|
||||
// Get the current server (the existing object is now invalid) and the
|
||||
// source server.
|
||||
tr := BeginDbTransaction(db)
|
||||
defer tr.Abort()
|
||||
|
||||
servers, ok, _ := tr.GetServers(currentUID, transaction.SourceServer)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
// To try and prevent exploits, the received amount is used and exchange
|
||||
// rates are re-calculated.
|
||||
// Note that the source and target get flipped here.
|
||||
servers[0].Pay(transaction.Target, transaction.Source, servers[1],
|
||||
transaction.ReceivedAmount, true, false)
|
||||
tr.Finish()
|
||||
}()
|
||||
}
|
||||
|
||||
// Remove the first <amount> pending transactions.
|
||||
// This is here to support lurkcoinV2 and probably shouldn't be used outside of
|
||||
// that.
|
||||
func (self *Server) RemoveFirstPendingTransactions(amount int) {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
|
||||
if amount < 1 {
|
||||
return
|
||||
}
|
||||
|
||||
self.modified = true
|
||||
l := len(self.pendingTransactions)
|
||||
copy(self.pendingTransactions, self.pendingTransactions[amount:])
|
||||
for i := l - amount; i < l; i++ {
|
||||
self.pendingTransactions[i] = Transaction{}
|
||||
}
|
||||
self.pendingTransactions = self.pendingTransactions[:l-amount]
|
||||
}
|
||||
|
||||
// Sets the target balance.
|
||||
func (self *Server) SetTargetBalance(targetBalance Currency) bool {
|
||||
if targetBalance.LtZero() || targetBalance.Gt(MaxTargetBalance) {
|
||||
return false
|
||||
}
|
||||
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
self.modified = true
|
||||
self.targetBalance = targetBalance
|
||||
return true
|
||||
}
|
||||
|
||||
// Validates and sets a webhook URL.
|
||||
func (self *Server) SetWebhookURL(webhookURL string) (ok bool) {
|
||||
var safeURL string
|
||||
if webhookURL == "" {
|
||||
// Allow clearing the webhook URL
|
||||
safeURL, ok = "", true
|
||||
} else {
|
||||
// This calls ValidateWebhookURL() so that the URL does not change if
|
||||
// the rules are relaxed in the future.
|
||||
safeURL, ok = ValidateWebhookURL(webhookURL)
|
||||
}
|
||||
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
self.modified = true
|
||||
self.WebhookURL = safeURL
|
||||
return
|
||||
}
|
||||
|
||||
// Gets the exchange rate.
|
||||
// GetExchangeRate(<lurkcoins>, false) → <local currency>
|
||||
// GetExchangeRate(<local currency>, true) → <lurkcoins>
|
||||
var f2 = big.NewFloat(2)
|
||||
|
||||
// Exchange rate calculations are horrible at the moment, however they work
|
||||
// (at least I think they work).
|
||||
func (self *Server) GetExchangeRate(amount Currency, toLurkcoin bool) (Currency,
|
||||
*big.Float) {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
|
||||
// Do nothing if the amount is 0 or fixed exchange rates are enabled.
|
||||
if amount.IsZero() || self.targetBalance.IsZero() {
|
||||
return amount, big.NewFloat(1)
|
||||
}
|
||||
|
||||
// bal = max(self.balance, 0.01)
|
||||
bal := self.balance
|
||||
if !bal.GtZero() {
|
||||
bal = CurrencyFromString("0.01")
|
||||
}
|
||||
|
||||
// base_exchange = self.TargetBal / bal
|
||||
base_exchange := self.targetBalance.Div(bal)
|
||||
|
||||
// To lurkcoin: adj_bal = bal - amount / base_exchange
|
||||
// From lurkcoin: adj_bal = bal + amount
|
||||
var adj_bal Currency
|
||||
if toLurkcoin {
|
||||
adj_bal = bal.Sub(CurrencyFromFloat(new(big.Float).Quo(amount.Float(),
|
||||
base_exchange)))
|
||||
} else {
|
||||
adj_bal = bal.Add(amount)
|
||||
}
|
||||
|
||||
// Calculate the "pre-emptive" exchange rate and average the two.
|
||||
preemptive := new(big.Float).Add(base_exchange,
|
||||
self.targetBalance.Div(adj_bal))
|
||||
exchange := new(big.Float).Quo(preemptive, f2)
|
||||
|
||||
// Multiply (or divide) the exchange rate and the amount
|
||||
res := new(big.Float)
|
||||
if toLurkcoin {
|
||||
res.Quo(amount.Float(), exchange)
|
||||
} else {
|
||||
res.Mul(amount.Float(), exchange)
|
||||
}
|
||||
return CurrencyFromFloat(res), exchange
|
||||
}
|
||||
|
||||
// "Encoded" servers that have all their values public
|
||||
type EncodedServer struct {
|
||||
// A version number for breaking changes, because of the way gob works this
|
||||
// can be upgraded to a uint16/uint32 at a later time.
|
||||
Version uint8 `json:"version"`
|
||||
|
||||
// The server name (not passed through HomogeniseUsername)
|
||||
Name string `json:"name"`
|
||||
|
||||
// The balance in integer form where 1234 is ¤12.34.
|
||||
Balance *big.Int `json:"balance"`
|
||||
|
||||
// The target balance in the same format as the above balance.
|
||||
TargetBalance *big.Int `json:"target_balance"`
|
||||
|
||||
// Other values
|
||||
History []Transaction `json:"history"`
|
||||
PendingTransactions []Transaction `json:"pending_transactions"`
|
||||
Token string `json:"token"`
|
||||
WebhookURL string `json:"webhook_url"`
|
||||
}
|
||||
|
||||
func (self *Server) IsModified() bool {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
return self.modified
|
||||
}
|
||||
|
||||
func (self *Server) SetModified() {
|
||||
self.lock.Lock()
|
||||
defer self.lock.Unlock()
|
||||
self.modified = true
|
||||
}
|
||||
|
||||
func (self *Server) Encode() EncodedServer {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
|
||||
history := make([]Transaction, len(self.history))
|
||||
copy(history, self.history)
|
||||
pendingTransactions := make([]Transaction, len(self.pendingTransactions))
|
||||
copy(pendingTransactions, self.pendingTransactions)
|
||||
return EncodedServer{0, self.Name, self.balance.Int(),
|
||||
self.targetBalance.Int(), history, pendingTransactions, self.token,
|
||||
self.WebhookURL}
|
||||
}
|
||||
|
||||
func (self *EncodedServer) Decode() *Server {
|
||||
if self.Version > 0 {
|
||||
panic("Unrecognised EncodedServer version!")
|
||||
}
|
||||
if self.Balance == nil || self.TargetBalance == nil {
|
||||
panic("Invalid EncodedServer passed to EncodedServer.Decode()!")
|
||||
}
|
||||
|
||||
// Convert Balance and TargetBalance to Currency.
|
||||
balance := CurrencyFromInt(self.Balance)
|
||||
targetBalance := CurrencyFromInt(self.TargetBalance)
|
||||
|
||||
// Copy History and PendingTransactions.
|
||||
history := make([]Transaction, len(self.History))
|
||||
copy(history, self.History)
|
||||
pendingTransactions := make([]Transaction, len(self.PendingTransactions))
|
||||
copy(pendingTransactions, self.PendingTransactions)
|
||||
|
||||
return &Server{HomogeniseUsername(self.Name), self.Name, balance,
|
||||
targetBalance, history, pendingTransactions, self.Token,
|
||||
self.WebhookURL, new(sync.RWMutex), false}
|
||||
}
|
||||
|
||||
// Summaries
|
||||
type Summary struct {
|
||||
UID string `json:"uid"`
|
||||
Name string `json:"name"`
|
||||
Bal Currency `json:"bal"`
|
||||
Balance string `json:"balance"`
|
||||
History []Transaction `json:"history"`
|
||||
InterestRate float64 `json:"interest_rate"`
|
||||
TargetBalance Currency `json:"target_balance"`
|
||||
}
|
||||
|
||||
func (self *Server) GetSummary() Summary {
|
||||
self.lock.RLock()
|
||||
defer self.lock.RUnlock()
|
||||
return Summary{self.UID, self.Name, self.balance, self.balance.String(),
|
||||
self.GetHistory(), 0, self.targetBalance}
|
||||
}
|
||||
|
||||
// Check an API token.
|
||||
// WARNING: This may leak the length of the stored token, however that is
|
||||
// probably already deducible by inspecting GenerateToken().
|
||||
func (self *Server) CheckToken(token string) bool {
|
||||
if self.token == "" {
|
||||
return false
|
||||
}
|
||||
|
||||
return ConstantTimeCompare(self.token, token)
|
||||
}
|
||||
|
||||
// Make a new server
|
||||
// The default target balance is currently ¤500,000.
|
||||
const DefaultTargetBalance int64 = 500000
|
||||
|
||||
func NewServer(name string) *Server {
|
||||
var server EncodedServer
|
||||
server.Version = 0
|
||||
server.Name = name
|
||||
server.Balance = new(big.Int).SetInt64(0)
|
||||
server.TargetBalance = new(big.Int).SetInt64(DefaultTargetBalance * 100)
|
||||
server.Token = GenerateToken()
|
||||
|
||||
res := server.Decode()
|
||||
res.SetModified()
|
||||
return res
|
||||
}
|
|
@ -0,0 +1,105 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package lurkcoin
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"math/big"
|
||||
"math/rand"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
type Transaction struct {
|
||||
ID string `json:"id"`
|
||||
Source string `json:"source"`
|
||||
SourceServer string `json:"source_server"`
|
||||
Target string `json:"target"`
|
||||
TargetServer string `json:"target_server"`
|
||||
Amount Currency `json:"amount"`
|
||||
SentAmount Currency `json:"sent_amount"`
|
||||
ReceivedAmount Currency `json:"received_amount"`
|
||||
Time int64 `json:"time"`
|
||||
|
||||
// If true lurkcoin will attempt to revert the transaction if it is
|
||||
// rejected. The transaction can still be rejected if this is false.
|
||||
Revertable bool `json:"revertable"`
|
||||
}
|
||||
|
||||
func (self Transaction) String() string {
|
||||
return fmt.Sprintf("[%s] %s (sent %s, received %s) - Transaction from %q"+
|
||||
" on %q to %q on %q.", self.ID, self.Amount,
|
||||
self.SentAmount.RawString(), self.ReceivedAmount.RawString(),
|
||||
self.Source, self.SourceServer, self.Target, self.TargetServer)
|
||||
}
|
||||
|
||||
// Get a time.Time object from the transaction's Time attribute.
|
||||
func (self Transaction) GetTime() time.Time {
|
||||
return time.Unix(self.Time, 0)
|
||||
}
|
||||
|
||||
// Get the legacy ID
|
||||
var max_legacy_id *big.Int = big.NewInt(9999999)
|
||||
|
||||
func (self *Transaction) GetLegacyID() int32 {
|
||||
raw := new(big.Int)
|
||||
raw.Mod(new(big.Int).SetBytes([]byte(self.ID)), max_legacy_id)
|
||||
|
||||
// Because 10,000,000 (max_legacy_id + 1) can fit into int64/int32,
|
||||
// overflows are not an issue here.
|
||||
return int32(raw.Int64()) + 1
|
||||
}
|
||||
|
||||
// Generate transaction IDs
|
||||
var mutex = new(sync.Mutex)
|
||||
var lastTime int64 = -1
|
||||
var previouslyGenerated map[uint32]bool
|
||||
|
||||
func GenerateTransactionID() (string, int64) {
|
||||
mutex.Lock()
|
||||
defer mutex.Unlock()
|
||||
|
||||
// Ensure too many transaction IDs haven't been generated.
|
||||
if len(previouslyGenerated) > 1048576 {
|
||||
// Uh-oh (more than 1 million transactions in a single second)
|
||||
time.Sleep(1 * time.Second)
|
||||
}
|
||||
|
||||
t := time.Now().Unix()
|
||||
if t > lastTime {
|
||||
previouslyGenerated = make(map[uint32]bool)
|
||||
}
|
||||
|
||||
var id uint32
|
||||
var exists bool = true
|
||||
for exists {
|
||||
id = rand.Uint32()
|
||||
_, exists = previouslyGenerated[id]
|
||||
}
|
||||
previouslyGenerated[id] = true
|
||||
|
||||
return fmt.Sprintf("T%X-%08X", t, id), t
|
||||
}
|
||||
|
||||
func MakeTransaction(source, sourceServer, target, targetServer string,
|
||||
amount, sentAmount, receivedAmount Currency) Transaction {
|
||||
id, time := GenerateTransactionID()
|
||||
return Transaction{id, source, sourceServer, target, targetServer, amount,
|
||||
sentAmount, receivedAmount, time, false}
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
//
|
||||
// lurkcoin
|
||||
// Copyright © 2020 by luk3yx
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as
|
||||
// published by the Free Software Foundation, either version 3 of the
|
||||
// License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"lurkcoin/api"
|
||||
"os"
|
||||
)
|
||||
|
||||
func main() {
|
||||
if len(os.Args) != 2 {
|
||||
fmt.Println("This command takes exactly one argument.")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
config, err := api.LoadConfig(os.Args[1])
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
api.StartServer(config)
|
||||
}
|
Loading…
Reference in New Issue