service

package
v0.63.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2022 License: MIT Imports: 34 Imported by: 1

README

Wallet API

Authentication

Logging in to a wallet

POST api/v1/auth/token

Logging in to a wallet is done using the wallet name and passphrase. The operation fails if the wallet not exist, or if the passphrase used is incorrect. On success, the wallet is loaded, a session is created and a JWT is returned to the user.

Example
Request
{
  "wallet": "your_wallet_name",
  "passphrase": "super-secret"
}
Command
curl -s -XPOST -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/auth/token
Response
{
  "token": "abcd.efgh.ijkl"
}
Logging out from a wallet

DELETE api/v1/auth/token

Using the JWT returned when logging in, the session is recovered and removed from the service. The wallet can no longer be accessed using the token from this point on.

Example
Command
curl -s -XDELETE -H 'Authorization: Bearer abcd.efgh.ijkl' http://127.0.0.1:1789/api/v1/auth/token
Response
{
  "success": true
}

Network management

Get current network configuration

GET api/v1/network

Example
Command
curl -s -XPOST -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/network
Response
{
  "network": {
    "name": "mainnet"
  }
}

Wallet management

Create a wallet

POST api/v1/wallets

Creating a wallet is done using a name and passphrase. If a wallet with the same name already exists, the action is aborted. The new wallets is encrypted (using the passphrase) and saved to a file on the file system. A session and accompanying JWT is created, and the JWT is returned to the user.

Example
Request
{
  "wallet": "your_wallet_name",
  "passphrase": "super-secret"
}
Command
curl -s -XPOST -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/wallets
Response
{
  "token": "abcd.efgh.ijkl"
}
Import a wallet

POST api/v1/wallets/import

Import a wallet is done using a name, a passphrase, and a recoveryPhrase. If a wallet with the same name already exists, the action is aborted. The imported wallet is encrypted (using the passphrase) and saved to a file on the file system. A session and accompanying JWT is created, and the JWT is returned to the user.

Example
Request
{
  "wallet": "your_wallet_name",
  "passphrase": "super-secret",
  "recoveryPhrase": "my twenty four words recovery phrase"
}
Command
curl -s -XPOST -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/wallets
Response
{
  "token": "abcd.efgh.ijkl"
}

Key management

Generate a key pair

POST api/v1/keys

Authentication required.

It generates a new key pair into the logged wallet, and returns the generated public key.

Example
Request
{
  "passphrase": "super-secret",
  "meta": [
    {
      "key": "somekey",
      "value": "somevalue"
    }
  ]
}
Command
curl -s -XPOST -H 'Authorization: Bearer abcd.efgh.ijkl' -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/keys
Response
{
  "key": {
    "pub": "1122aabb",
    "algo": "ed25519",
    "tainted": false,
    "meta": [
      {
        "key": "somekey",
        "value": "somevalue"
      }
    ]
  }
}
List keys

GET api/v1/keys

Authentication required.

Users can list all the public keys (with taint status, and metadata) of the logged wallet.

Example
Command
curl -s -XGET -H "Authorization: Bearer abcd.efgh.ijkl" http://127.0.0.1:1789/api/v1/keys
Response
{
  "keys": [
    {
      "pub": "1122aabb",
      "algo": "ed25519",
      "tainted": false,
      "meta": [
        {
          "key": "somekey",
          "value": "somevalue"
        }
      ]
    }
  ]
}
Describe a key pair

GET api/v1/keys/:keyid

Authentication required.

Return the information associated the public key :keyid, from the logged wallet. The private key is not returned.

Example
Command
  curl -s -XPUT -H "Authorization: Bearer abcd.efgh.ijkl" -d 'YOUR_REQUEST' http://127.0.0.1:1789api/v1/keys/1122aabb
Response
{
  "key": {
    "index": 1,
    "pub": "1122aabb"
  }
}
Taint a key pair

PUT api/v1/keys/:keyid/taint

Authentication required.

Taint the key pair matching the public key :keyid, from the logged wallet. The key pair must belong to the logged wallet.

Example
Request
{
  "passphrase": "super-secret"
}
Command
  curl -s -XPUT -H "Authorization: Bearer abcd.efgh.ijkl" -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/keys/1122aabb/taint
Response
{
  "success": true
}
Annotate a key pair

PUT api/v1/keys/:keyid/metadata

Authentication required.

Annotating a key pair replace the metadata matching the public key :keyid, from the logged wallet. The key pair must belong to the logged wallet.

Example
Request
{
  "passphrase": "super-secret",
  "meta": [
    {
      "key": "newkey",
      "value": "newvalue"
    }
  ]
}
Command
  curl -s -XPUT -H "Authorization: Bearer abcd.efgh.ijkl" -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/keys/1122aabb/metadata
Response
{
  "success": true
}

Commands

Sign a command

POST api/v1/command

Authentication required.

Sign a Vega command using the specified key pair, and returns the signed transaction. The key pair must belong to the logged wallet.

Example
Request
{
  "pubKey": "1122aabb",
  "propagate": true,
  "orderCancellation": {
    "marketId": "YESYESYES"
  }
}
Command
  curl -s -XPOST -H "Authorization: Bearer abcd.efgh.ijkl" -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/command
Response
{
  "transaction": {
    "inputData": "dGVzdGRhdG9837420b4b3yb23ybc4o1ui23yEK",
    "signature": {
      "value": "7f6g9sf8f8s76dfa867fda",
      "algo": "vega/ed25519",
      "version": 1
    },
    "from": {
      "pubKey": "1122aabb"
    },
    "version": 1
  }
}
Propagate

In the request payload, when the propagate field can be set to true, the wallet service send the transaction on your behalf to the registered nodes after signing it successfully.

Sign data

POST api/v1/sign

Authentication required.

Sign any base64-encoded data using the specified key pair, and returns the signed transaction. The key pair must belong to the logged wallet.

Example
Request
{
  "inputData": "dGVzdGRhdGEK==",
  "pubKey": "1122aabb"
}
Command
  curl -s -XPOST -H "Authorization: Bearer abcd.efgh.ijkl" -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/sign
Response
{
  "hexSignature": "0xhafdsf86df876af",
  "base64Signature": "fad7h34k1jh3g413g=="
}
Verify data

POST api/v1/verify

Verify any base64-encoded data using the specified public key, and returns the confirmation.

Example
Request
{
  "inputData": "dGVzdGRhdGEK==",
  "pubKey": "1122aabb"
}
Command
  curl -s -XPOST -H "Authorization: Bearer abcd.efgh.ijkl" -d 'YOUR_REQUEST' http://127.0.0.1:1789/api/v1/sign
Response
{
  "hexSignature": "0xhafdsf86df876af",
  "base64Signature": "fad7h34k1jh3g413g=="
}

Documentation

Index

Constants

View Source
const (
	TxnValidationFailure   uint32 = 51
	TxnDecodingFailure     uint32 = 60
	TxnInternalError       uint32 = 70
	TxnUnknownCommandError uint32 = 80
	TxnSpamError           uint32 = 89
)
View Source
const (
	LengthForSessionHashSeed = 10
)
View Source
const TXIDLENGTH = 20

Variables

View Source
var (
	ErrInvalidToken              = errors.New("invalid token")
	ErrInvalidClaims             = errors.New("invalid claims")
	ErrInvalidOrMissingToken     = newErrorResponse("invalid or missing token")
	ErrCouldNotReadRequest       = errors.New("couldn't read request")
	ErrCouldNotGetBlockHeight    = errors.New("couldn't get last block height")
	ErrCouldNotGetChainID        = errors.New("couldn't get chain-id")
	ErrShouldBeBase64Encoded     = errors.New("should be base64 encoded")
	ErrRSAKeysAlreadyExists      = errors.New("RSA keys already exist")
	ErrRejectedSignRequest       = errors.New("user rejected sign request")
	ErrInterruptedConsentRequest = errors.New("process to request consent has been interrupted")
)
View Source
var (
	ErrCouldNotReadRequestBody  = errors.New("couldn't read the HTTP request body")
	ErrRequestCannotBeBlank     = errors.New("the request can't be blank")
	ErrNoneOfRequiredHeadersSet = errors.New("the request is expected to specified the Origin or the Referer header")
)
View Source
var ErrSessionNotFound = errors.New("session not found")

Functions

func InitialiseService

func InitialiseService(store Store, overwrite bool) error

func IsInitialised

func IsInitialised(store Store) (bool, error)

func NewAuth

func NewAuth(log *zap.Logger, cfgStore RSAStore, tokenExpiry time.Duration) (*auth, error)

Types

type Auth

type Auth interface {
	NewSession(name string) (string, error)
	VerifyToken(token string) (string, error)
	Revoke(token string) (string, error)
}

Auth ...

type AutomaticConsentPolicy

type AutomaticConsentPolicy struct{}

func (*AutomaticConsentPolicy) Ask

func (*AutomaticConsentPolicy) Report

type Claims

type Claims struct {
	jwt.StandardClaims
	Session string
	Wallet  string
}

type ConsentConfirmation

type ConsentConfirmation struct {
	TxID     string
	Decision bool
}

type ConsentRequest

type ConsentRequest struct {
	TxID         string
	Tx           *v1.SubmitTransactionRequest
	ReceivedAt   time.Time
	Confirmation chan ConsentConfirmation
}

type CreateWalletRequest

type CreateWalletRequest struct {
	Wallet     string `json:"wallet"`
	Passphrase string `json:"passphrase"`
}

CreateWalletRequest describes the request for CreateWallet.

func ParseCreateWalletRequest

func ParseCreateWalletRequest(r *http.Request) (*CreateWalletRequest, commands.Errors)

type CreateWalletResponse

type CreateWalletResponse struct {
	RecoveryPhrase string `json:"recoveryPhrase"`
	Token          string `json:"token"`
}

CreateWalletResponse returns the authentication token and the auto-generated recovery phrase of the created wallet.

type ErrorResponse

type ErrorResponse struct {
	ErrorStr string   `json:"error"`
	Details  []string `json:"details,omitempty"`
}

func (ErrorResponse) Error

func (e ErrorResponse) Error() string

type ErrorsResponse

type ErrorsResponse struct {
	Errors commands.Errors `json:"errors"`
}

type ExplicitConsentPolicy

type ExplicitConsentPolicy struct {
	// contains filtered or unexported fields
}

func (*ExplicitConsentPolicy) Ask

func (p *ExplicitConsentPolicy) Ask(tx *v1.SubmitTransactionRequest, txID string, receivedAt time.Time) (bool, error)

func (*ExplicitConsentPolicy) Report

func (p *ExplicitConsentPolicy) Report(tx SentTransaction)

type GenKeyPairRequest

type GenKeyPairRequest struct {
	Passphrase string            `json:"passphrase"`
	Meta       []wallet.Metadata `json:"meta"`
}

GenKeyPairRequest describes the request for GenerateKeyPair.

func ParseGenKeyPairRequest

func ParseGenKeyPairRequest(r *http.Request) (*GenKeyPairRequest, commands.Errors)

type ImportWalletRequest

type ImportWalletRequest struct {
	Wallet         string `json:"wallet"`
	Passphrase     string `json:"passphrase"`
	RecoveryPhrase string `json:"recoveryPhrase"`
	Version        uint32 `json:"version"`
}

ImportWalletRequest describes the request for ImportWallet.

func ParseImportWalletRequest

func ParseImportWalletRequest(r *http.Request) (*ImportWalletRequest, commands.Errors)

type KeyKeyResponse added in v0.55.0

type KeyKeyResponse struct {
	Idx          uint32            `json:"index"`
	PublicKey    string            `json:"pub"`
	KeyName      string            `json:"name"`
	Algorithm    wallet.Algorithm  `json:"algorithm"`
	Tainted      bool              `json:"tainted"`
	MetadataList []wallet.Metadata `json:"meta"`
}

type KeyResponse

type KeyResponse struct {
	Key KeyKeyResponse `json:"key"`
}

KeyResponse describes the response to a request that returns a single key.

type KeysResponse

type KeysResponse struct {
	Keys []KeyKeyResponse `json:"keys"`
}

KeysResponse describes the response to a request that returns a list of keys.

type ListMethodsV2Response

type ListMethodsV2Response struct {
	RegisteredMethods []string `json:"registeredMethods"`
}

type LoginWalletRequest

type LoginWalletRequest struct {
	Wallet     string `json:"wallet"`
	Passphrase string `json:"passphrase"`
}

LoginWalletRequest describes the request for CreateWallet, LoginWallet.

func ParseLoginWalletRequest

func ParseLoginWalletRequest(r *http.Request) (*LoginWalletRequest, commands.Errors)

type NetworkResponse

type NetworkResponse struct {
	Network network.Network `json:"network"`
}

NetworkResponse describes the response to a request that returns app hosts info.

type Policy

type Policy interface {
	Ask(tx *v1.SubmitTransactionRequest, txID string, receivedAt time.Time) (bool, error)
	Report(tx SentTransaction)
}

func NewAutomaticConsentPolicy

func NewAutomaticConsentPolicy() Policy

func NewExplicitConsentPolicy

func NewExplicitConsentPolicy(ctx context.Context, consentRequests chan ConsentRequest, sentTransactions chan SentTransaction) Policy

type RSAKeys

type RSAKeys struct {
	Pub  []byte
	Priv []byte
}

func GenerateRSAKeys

func GenerateRSAKeys() (*RSAKeys, error)

type RSAStore

type RSAStore interface {
	GetRsaKeys() (*RSAKeys, error)
}

type SentTransaction

type SentTransaction struct {
	TxHash string
	TxID   string
	Tx     *commandspb.Transaction
	Error  error
	SentAt time.Time
}

type Service

type Service struct {
	*httprouter.Router
	// contains filtered or unexported fields
}

func NewService

func NewService(log *zap.Logger, net *network.Network, apiV2 *jsonrpc.API, h WalletHandler, a Auth, n NodeForward, policy Policy) *Service

func (*Service) CheckHealthV2 added in v0.63.0

func (s *Service) CheckHealthV2(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) CheckTx

func (s *Service) CheckTx(token string, w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) CreateWallet

func (s *Service) CreateWallet(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) GenerateKeyPair

func (s *Service) GenerateKeyPair(t string, w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) GetNetwork

func (s *Service) GetNetwork(w http.ResponseWriter, _ *http.Request, _ httprouter.Params)

func (*Service) GetNetworkChainID

func (s *Service) GetNetworkChainID(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) GetPublicKey

func (s *Service) GetPublicKey(t string, w http.ResponseWriter, _ *http.Request, ps httprouter.Params)

func (*Service) HandleRequestV2

func (s *Service) HandleRequestV2(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) Health

func (s *Service) Health(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) ImportWallet

func (s *Service) ImportWallet(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) ListMethodsV2

func (s *Service) ListMethodsV2(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) ListPublicKeys

func (s *Service) ListPublicKeys(t string, w http.ResponseWriter, _ *http.Request, _ httprouter.Params)

func (*Service) Login

func (*Service) Revoke

func (s *Service) Revoke(t string, w http.ResponseWriter, _ *http.Request, _ httprouter.Params)

func (*Service) SignAny

func (s *Service) SignAny(t string, w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) SignTx

func (s *Service) SignTx(token string, w http.ResponseWriter, r *http.Request, p httprouter.Params)

func (*Service) SignTxCommit

func (s *Service) SignTxCommit(token string, w http.ResponseWriter, r *http.Request, p httprouter.Params)

func (*Service) SignTxSync

func (s *Service) SignTxSync(token string, w http.ResponseWriter, r *http.Request, p httprouter.Params)

func (*Service) Start

func (s *Service) Start() error

func (*Service) Stop

func (s *Service) Stop() error

func (*Service) TaintKey

func (s *Service) TaintKey(t string, w http.ResponseWriter, r *http.Request, ps httprouter.Params)

func (*Service) UpdateMeta

func (s *Service) UpdateMeta(t string, w http.ResponseWriter, r *http.Request, ps httprouter.Params)

func (*Service) VerifyAny

func (s *Service) VerifyAny(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Service) Version

func (s *Service) Version(w http.ResponseWriter, _ *http.Request, _ httprouter.Params)

type SignAnyRequest

type SignAnyRequest struct {
	// InputData is the payload to generate a signature from. I should be
	// base 64 encoded.
	InputData string `json:"inputData"`
	// PubKey is used to retrieve the private key to sign the InputDate.
	PubKey string `json:"pubKey"`
	// contains filtered or unexported fields
}

SignAnyRequest describes the request for SignAny.

func ParseSignAnyRequest

func ParseSignAnyRequest(r *http.Request) (*SignAnyRequest, commands.Errors)

type SignAnyResponse

type SignAnyResponse struct {
	HexSignature    string `json:"hexSignature"`
	Base64Signature string `json:"base64Signature"`
}

SignAnyResponse describes the response for SignAny.

type Store

type Store interface {
	RSAKeysExists() (bool, error)
	SaveRSAKeys(*RSAKeys) error
}

type SuccessResponse

type SuccessResponse struct {
	Success bool `json:"success"`
}

SuccessResponse describes the response to a request that returns a simple true/false answer.

type TaintKeyRequest

type TaintKeyRequest struct {
	Passphrase string `json:"passphrase"`
}

TaintKeyRequest describes the request for TaintKey.

func ParseTaintKeyRequest

func ParseTaintKeyRequest(r *http.Request, keyID string) (*TaintKeyRequest, commands.Errors)

type TokenResponse

type TokenResponse struct {
	Token string `json:"token"`
}

TokenResponse describes the response to a request that returns a token.

type TraceIDKey added in v0.55.0

type TraceIDKey struct{}

type UpdateMetaRequest

type UpdateMetaRequest struct {
	Passphrase string            `json:"passphrase"`
	Meta       []wallet.Metadata `json:"meta"`
}

UpdateMetaRequest describes the request for UpdateMetadata.

func ParseUpdateMetaRequest

func ParseUpdateMetaRequest(r *http.Request, keyID string) (*UpdateMetaRequest, commands.Errors)

type VerifyAnyRequest

type VerifyAnyRequest struct {
	// InputData is the payload to be verified. It should be base64 encoded.
	InputData string `json:"inputData"`
	// Signature is the signature to check against the InputData. It should be
	// base64 encoded.
	Signature string `json:"signature"`
	// PubKey is the public key used along the signature to check the InputData.
	PubKey string `json:"pubKey"`
	// contains filtered or unexported fields
}

VerifyAnyRequest describes the request for VerifyAny.

func ParseVerifyAnyRequest

func ParseVerifyAnyRequest(r *http.Request) (*VerifyAnyRequest, commands.Errors)

type VerifyAnyResponse

type VerifyAnyResponse struct {
	Valid bool `json:"success"`
}

VerifyAnyResponse describes the response for VerifyAny.

type VersionResponse

type VersionResponse struct {
	Version     string `json:"version"`
	VersionHash string `json:"versionHash"`
}

VersionResponse describes the response to a request that returns app version info.

type WalletHandler

type WalletHandler interface {
	CreateWallet(name, passphrase string) (string, error)
	ImportWallet(name, passphrase, recoveryPhrase string, version uint32) error
	LoginWallet(name, passphrase string) error
	LogoutWallet(name string)
	SecureGenerateKeyPair(name, passphrase string, meta []wallet.Metadata) (string, error)
	GetPublicKey(name, pubKey string) (wallet.PublicKey, error)
	ListPublicKeys(name string) ([]wallet.PublicKey, error)
	SignTx(name string, req *walletpb.SubmitTransactionRequest, height uint64, chainID string) (*commandspb.Transaction, error)
	SignAny(name string, inputData []byte, pubKey string) ([]byte, error)
	VerifyAny(inputData, sig []byte, pubKey string) (bool, error)
	TaintKey(name, pubKey, passphrase string) error
	UpdateMeta(name, pubKey, passphrase string, meta []wallet.Metadata) error
}

WalletHandler ...

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
store
v1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL