diff --git a/api_auth_docker/README.md b/api_auth_docker/README.md index ddb6a77..8a748f7 100644 --- a/api_auth_docker/README.md +++ b/api_auth_docker/README.md @@ -127,13 +127,13 @@ curl -v -H "Authorization: Bearer hhh.ppp.sss" localhost 10 seconds request expiration: ```shell -id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash +id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash ``` 60 seconds request expiration: ```shell -id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+60))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash +id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+60))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash ``` ## Technicalities @@ -142,6 +142,6 @@ id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo " h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64) p64=$(echo "{\"id\":\"001\",\"exp\":$((`date +"%s"`+10))}" | base64) k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36" -s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1) +s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1) token="$h64.$p64.$s" ``` diff --git a/api_auth_docker/auth.sh b/api_auth_docker/auth.sh index 078fe40..06dc6c5 100644 --- a/api_auth_docker/auth.sh +++ b/api_auth_docker/auth.sh @@ -39,14 +39,14 @@ verify_sign() if [ ${exp} -gt ${current} ]; then trace "[verify_sign] Not expired, let's validate signature" local id=$(echo ${payload} | jq ".id" | tr -d '"') - trace "[verify_sign] id=${id}" + trace "[verify_sign] id=${id}" - # Check for code injection - # id will usually be an int, but can be alphanum... nothing else - case $id in (*[![:alnum:]]*|"") - trace "[verify_sign] Potential code injection, exiting" - return 1 - esac + # Check for code injection + # id will usually be an int, but can be alphanum... nothing else + case $id in (*[![:alnum:]]*|"") + trace "[verify_sign] Potential code injection, exiting" + return 1 + esac # It is so much faster to include the keys here instead of grep'ing the file for key. . ./keys.properties @@ -54,8 +54,11 @@ verify_sign() local key eval key='$ukey_'$id trace "[verify_sign] key=${key}" - local comp_sign=$(echo "${header64}.${payload64}" | openssl dgst -hmac "${key}" -sha256 -r | cut -sd ' ' -f1) + local msg="${header64}.${payload64}" + trace "[verify_sign] msg=${msg}" + + local comp_sign=$(echo -n "${msg}" | openssl dgst -hmac "${key}" -sha256 -r | cut -sd ' ' -f1) trace "[verify_sign] comp_sign=${comp_sign}" if [ "${comp_sign}" = "${signature}" ]; then @@ -85,14 +88,14 @@ verify_group() local id=${1} local action=${REQUEST_URI:1} - trace "[verify_group] action=${action}" + trace "[verify_group] action=${action}" - # Check for code injection - # action can be alphanum... nothing else - case $action in (*[![:alnum:]]*|"") - trace "[verify_group] Potential code injection, exiting" - return 1 - esac + # Check for code injection + # action can be alphanum... nothing else + case $action in (*[![:alnum:]]*|"") + trace "[verify_group] Potential code injection, exiting" + return 1 + esac # It is so much faster to include the keys here instead of grep'ing the file for key. . ./api.properties diff --git a/clients/javascript/cyphernode-client.js b/clients/javascript/cyphernode-client.js index c8a008e..a70ffe5 100644 --- a/clients/javascript/cyphernode-client.js +++ b/clients/javascript/cyphernode-client.js @@ -1,75 +1,114 @@ +//var createHmac = require('create-hmac') +//var crypto = require("crypto"); + CyphernodeClient = function(is_prod) { - this.baseURL = is_prod ? 'https://cyphernode:443' : 'https://cyphernode-dev:443' + this.baseURL = is_prod ? 'https://cyphernode:443' : 'https://cyphernode-dev:443' this.h64 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9Cg==' + this.api_id = Meteor.settings.CYPHERNODE.api_id this.api_key = Meteor.settings.CYPHERNODE.api_key }; +CyphernodeClient.prototype._generateToken = function() { +// console.log("api_id=" + this.api_id) +// console.log("api_key=" + this.api_key) + + let current = Math.round(new Date().getTime()/1000) + 10 + let p = '{"id":"' + this.api_id + '","exp":' + current + '}' +// console.log("p=" + p) + let p64 = Buffer.from(p).toString('base64') + let msg = this.h64 + '.' + p64 +// console.log("msg=" + msg) + let s = CryptoJS.HmacSHA256(msg, this.api_key).toString() +// let s2 = createHmac('sha256', this.api_key).update(msg).digest('hex') +// let s3 = crypto.createHmac('sha256', this.api_key).update(msg).digest('hex'); +// console.log("s=" + s) +// console.log("s2=" + s2) +// console.log("s3=" + s3) + let token = msg + '.' + s +// console.log("token=" + token) + + return token +} + CyphernodeClient.prototype._post = function(url, postdata, cb) { - let urlr = this.baseURL + url; + let urlr = this.baseURL + url; - let current = Math.round(new Date().getTime/1000) + 10 - let p64 = btoa('{"id":"${id}","exp":' + current + '}') - let s = CryptoJS.HmacSHA256(p64, this.api_key).toString() - let token = this.h64 + '.' + p64 + '.' + s - - HTTP.post( - urlr, - { + HTTP.post(urlr, + { data: postdata, - headers: {'Content-Type': 'application/json', - 'Authorization': 'Bearer ' + token}, + npmRequestOptions: { + strictSSL: false, + agentOptions: { + rejectUnauthorized: false + } + }, + headers: { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + this._generateToken() + } }, function (err, resp) { - cb(err, resp.data) - } - ) +// console.log(err) +// console.log(resp) + cb(err, resp.data) + } + ) }; CyphernodeClient.prototype._get = function(url, cb) { - let urlr = this.baseURL + url; + let urlr = this.baseURL + url; - let current = Math.round(new Date().getTime/1000) + 10 - let p64 = btoa('{"id":"${id}","exp":' + current + '}') - let s = CryptoJS.HmacSHA256(p64, this.api_key).toString() - let token = this.h64 + '.' + p64 + '.' + s - - HTTP.get(urlr, {headers: {'Authorization': 'Bearer ' + token}}, function (err, resp) { - cb(err, resp.data) - }) + HTTP.get(urlr, + { + npmRequestOptions: { + strictSSL: false, + agentOptions: { + rejectUnauthorized: false + } + }, + headers: { + 'Authorization': 'Bearer ' + this._generateToken() + } + }, function (err, resp) { +// console.log(err) +// console.log(resp) + cb(err, resp.data) + } + ) }; CyphernodeClient.prototype.watch = function(btcaddr, cb0conf, cb1conf, cbreply) { - // BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","unconfirmedCallbackURL":"192.168.122.233:1111/callback0conf","confirmedCallbackURL":"192.168.122.233:1111/callback1conf"} - let data = { address: btcaddr, unconfirmedCallbackURL: cb0conf, confirmedCallbackURL: cb1conf } - this._post('/watch', data, cbreply); + // BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","unconfirmedCallbackURL":"192.168.122.233:1111/callback0conf","confirmedCallbackURL":"192.168.122.233:1111/callback1conf"} + let data = { address: btcaddr, unconfirmedCallbackURL: cb0conf, confirmedCallbackURL: cb1conf } + this._post('/watch', data, cbreply); }; CyphernodeClient.prototype.unwatch = function(btcaddr, cbreply) { // 192.168.122.152:8080/unwatch/2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp - this._get('/unwatch/' + btcaddr, cbreply); + this._get('/unwatch/' + btcaddr, cbreply); }; CyphernodeClient.prototype.getActiveWatches = function(cbreply) { // 192.168.122.152:8080/getactivewatches - this._get('/getactivewatches', cbreply); + this._get('/getactivewatches', cbreply); }; CyphernodeClient.prototype.getTransaction = function(txid, cbreply) { // http://192.168.122.152:8080/gettransaction/af867c86000da76df7ddb1054b273ca9e034e8c89d049b5b2795f9f590f67648 - this._get('/gettransaction/' + txid, cbreply); + this._get('/gettransaction/' + txid, cbreply); }; CyphernodeClient.prototype.spend = function(btcaddr, amnt, cbreply) { - // BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","amount":0.00233} - let data = { address: btcaddr, amount: amnt } - this._post('/spend', data, cbreply); + // BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","amount":0.00233} + let data = { address: btcaddr, amount: amnt } + this._post('/spend', data, cbreply); }; CyphernodeClient.prototype.getBalance = function(cbreply) { // http://192.168.122.152:8080/getbalance - this._get('/getbalance', cbreply); + this._get('/getbalance', cbreply); }; CyphernodeClient.prototype.getNewAddress = function(cbreply) { // http://192.168.122.152:8080/getnewaddress - this._get('/getnewaddress', cbreply); + this._get('/getnewaddress', cbreply); }; diff --git a/clients/shell/cyphernode-client.sh b/clients/shell/cyphernode-client.sh index e904402..b4458d2 100644 --- a/clients/shell/cyphernode-client.sh +++ b/clients/shell/cyphernode-client.sh @@ -8,7 +8,7 @@ invoke_cyphernode() local post=${2} local p64=$(echo "{\"id\":\"${id}\",\"exp\":$((`date +"%s"`+10))}" | base64) - local s=$(echo "$h64.$p64" | openssl dgst -hmac "$key" -sha256 -r | cut -sd ' ' -f1) + local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$key" -sha256 -r | cut -sd ' ' -f1) local token="$h64.$p64.$s" if [ -n "${post}" ]; then diff --git a/proxy_docker/README.md b/proxy_docker/README.md index fe4d53e..98dea43 100644 --- a/proxy_docker/README.md +++ b/proxy_docker/README.md @@ -26,6 +26,16 @@ DERIVATION_PATH=0/n WATCHER_BTC_NODE_PRUNED=false ``` +## Choose the right architecture + +...by modifying the following line in Dockerfile: + +```shell +COPY app/bin/lightning-cli_x86 ${HOME}/lightning-cli +``` + +...to lightning-cli_arm if running on a RPi. + ## Building docker image ```shell