aljaz/cyphernode
1
0
Fork 0
mirror of https://github.com/aljazceru/cyphernode.git synced 2025-12-18 13:14:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed hashed msg by openssl in auth.sh, the JS client and the docs

Browse Source
This commit is contained in:
kexkey
2018-10-21 22:35:55 -04:00
parent 4f5ad9a01c
commit 2f3097f4fd
5 changed files with 106 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api_auth_docker/README.md
View File

@@ -127,13 +127,13 @@ curl -v -H "Authorization: Bearer hhh.ppp.sss" localhost
10 seconds request expiration: 10 seconds request expiration:
```shell ```shell
id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+10))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash
``` ```
60 seconds request expiration: 60 seconds request expiration:
```shell ```shell
id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+60))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "{\"id\":\"$id\",\"exp\":$((`date +"%s"`+60))}" | base64);k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36";s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1);token="$h64.$p64.$s";curl -v -H "Authorization: Bearer $token" -k https://localhost/getbestblockhash
``` ```
## Technicalities ## Technicalities
@@ -142,6 +142,6 @@ id="001";h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64);p64=$(echo "
h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64) h64=$(echo "{\"alg\":\"HS256\",\"typ\":\"JWT\"}" | base64)
p64=$(echo "{\"id\":\"001\",\"exp\":$((`date +"%s"`+10))}" | base64) p64=$(echo "{\"id\":\"001\",\"exp\":$((`date +"%s"`+10))}" | base64)
k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36" k="2df1eeea370eacdc5cf7e96c2d82140d1568079a5d4d87006ec8718a98883b36"
s=$(echo "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1) s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$k" -sha256 -r | cut -sd ' ' -f1)
token="$h64.$p64.$s" token="$h64.$p64.$s"
``` ```

33
api_auth_docker/auth.sh
View File

@@ -39,14 +39,14 @@ verify_sign()
if [ ${exp} -gt ${current} ]; then if [ ${exp} -gt ${current} ]; then
trace "[verify_sign] Not expired, let's validate signature" trace "[verify_sign] Not expired, let's validate signature"
local id=$(echo ${payload} | jq ".id" | tr -d '"') local id=$(echo ${payload} | jq ".id" | tr -d '"')
trace "[verify_sign] id=${id}" trace "[verify_sign] id=${id}"
# Check for code injection # Check for code injection
# id will usually be an int, but can be alphanum... nothing else # id will usually be an int, but can be alphanum... nothing else
case $id in (*[![:alnum:]]*|"") case $id in (*[![:alnum:]]*|"")
trace "[verify_sign] Potential code injection, exiting" trace "[verify_sign] Potential code injection, exiting"
return 1 return 1
esac esac
# It is so much faster to include the keys here instead of grep'ing the file for key. # It is so much faster to include the keys here instead of grep'ing the file for key.
. ./keys.properties . ./keys.properties
@@ -54,8 +54,11 @@ verify_sign()
local key local key
eval key='$ukey_'$id eval key='$ukey_'$id
trace "[verify_sign] key=${key}" trace "[verify_sign] key=${key}"
local comp_sign=$(echo "${header64}.${payload64}" | openssl dgst -hmac "${key}" -sha256 -r | cut -sd ' ' -f1)
local msg="${header64}.${payload64}"
trace "[verify_sign] msg=${msg}"
local comp_sign=$(echo -n "${msg}" | openssl dgst -hmac "${key}" -sha256 -r | cut -sd ' ' -f1)
trace "[verify_sign] comp_sign=${comp_sign}" trace "[verify_sign] comp_sign=${comp_sign}"
if [ "${comp_sign}" = "${signature}" ]; then if [ "${comp_sign}" = "${signature}" ]; then
@@ -85,14 +88,14 @@ verify_group()
local id=${1} local id=${1}
local action=${REQUEST_URI:1} local action=${REQUEST_URI:1}
trace "[verify_group] action=${action}" trace "[verify_group] action=${action}"
# Check for code injection # Check for code injection
# action can be alphanum... nothing else # action can be alphanum... nothing else
case $action in (*[![:alnum:]]*|"") case $action in (*[![:alnum:]]*|"")
trace "[verify_group] Potential code injection, exiting" trace "[verify_group] Potential code injection, exiting"
return 1 return 1
esac esac
# It is so much faster to include the keys here instead of grep'ing the file for key. # It is so much faster to include the keys here instead of grep'ing the file for key.
. ./api.properties . ./api.properties

109
clients/javascript/cyphernode-client.js
View File

@@ -1,75 +1,114 @@
//var createHmac = require('create-hmac')
//var crypto = require("crypto");
CyphernodeClient = function(is_prod) { CyphernodeClient = function(is_prod) {
this.baseURL = is_prod ? 'https://cyphernode:443' : 'https://cyphernode-dev:443' this.baseURL = is_prod ? 'https://cyphernode:443' : 'https://cyphernode-dev:443'
this.h64 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9Cg==' this.h64 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9Cg=='
this.api_id = Meteor.settings.CYPHERNODE.api_id
this.api_key = Meteor.settings.CYPHERNODE.api_key this.api_key = Meteor.settings.CYPHERNODE.api_key
}; };
CyphernodeClient.prototype._generateToken = function() {
// console.log("api_id=" + this.api_id)
// console.log("api_key=" + this.api_key)
let current = Math.round(new Date().getTime()/1000) + 10
let p = '{"id":"' + this.api_id + '","exp":' + current + '}'
// console.log("p=" + p)
let p64 = Buffer.from(p).toString('base64')
let msg = this.h64 + '.' + p64
// console.log("msg=" + msg)
let s = CryptoJS.HmacSHA256(msg, this.api_key).toString()
// let s2 = createHmac('sha256', this.api_key).update(msg).digest('hex')
// let s3 = crypto.createHmac('sha256', this.api_key).update(msg).digest('hex');
// console.log("s=" + s)
// console.log("s2=" + s2)
// console.log("s3=" + s3)
let token = msg + '.' + s
// console.log("token=" + token)
return token
}
CyphernodeClient.prototype._post = function(url, postdata, cb) { CyphernodeClient.prototype._post = function(url, postdata, cb) {
let urlr = this.baseURL + url; let urlr = this.baseURL + url;
let current = Math.round(new Date().getTime/1000) + 10 HTTP.post(urlr,
let p64 = btoa('{"id":"${id}","exp":' + current + '}') {
let s = CryptoJS.HmacSHA256(p64, this.api_key).toString()
let token = this.h64 + '.' + p64 + '.' + s
HTTP.post(
urlr,
{
data: postdata, data: postdata,
headers: {'Content-Type': 'application/json', npmRequestOptions: {
'Authorization': 'Bearer ' + token}, strictSSL: false,
agentOptions: {
rejectUnauthorized: false
}
},
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + this._generateToken()
}
}, function (err, resp) { }, function (err, resp) {
cb(err, resp.data) // console.log(err)
} // console.log(resp)
) cb(err, resp.data)
}
)
}; };
CyphernodeClient.prototype._get = function(url, cb) { CyphernodeClient.prototype._get = function(url, cb) {
let urlr = this.baseURL + url; let urlr = this.baseURL + url;
let current = Math.round(new Date().getTime/1000) + 10 HTTP.get(urlr,
let p64 = btoa('{"id":"${id}","exp":' + current + '}') {
let s = CryptoJS.HmacSHA256(p64, this.api_key).toString() npmRequestOptions: {
let token = this.h64 + '.' + p64 + '.' + s strictSSL: false,
agentOptions: {
HTTP.get(urlr, {headers: {'Authorization': 'Bearer ' + token}}, function (err, resp) { rejectUnauthorized: false
cb(err, resp.data) }
}) },
headers: {
'Authorization': 'Bearer ' + this._generateToken()
}
}, function (err, resp) {
// console.log(err)
// console.log(resp)
cb(err, resp.data)
}
)
}; };
CyphernodeClient.prototype.watch = function(btcaddr, cb0conf, cb1conf, cbreply) { CyphernodeClient.prototype.watch = function(btcaddr, cb0conf, cb1conf, cbreply) {
// BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","unconfirmedCallbackURL":"192.168.122.233:1111/callback0conf","confirmedCallbackURL":"192.168.122.233:1111/callback1conf"} // BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","unconfirmedCallbackURL":"192.168.122.233:1111/callback0conf","confirmedCallbackURL":"192.168.122.233:1111/callback1conf"}
let data = { address: btcaddr, unconfirmedCallbackURL: cb0conf, confirmedCallbackURL: cb1conf } let data = { address: btcaddr, unconfirmedCallbackURL: cb0conf, confirmedCallbackURL: cb1conf }
this._post('/watch', data, cbreply); this._post('/watch', data, cbreply);
}; };
CyphernodeClient.prototype.unwatch = function(btcaddr, cbreply) { CyphernodeClient.prototype.unwatch = function(btcaddr, cbreply) {
// 192.168.122.152:8080/unwatch/2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp // 192.168.122.152:8080/unwatch/2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp
this._get('/unwatch/' + btcaddr, cbreply); this._get('/unwatch/' + btcaddr, cbreply);
}; };
CyphernodeClient.prototype.getActiveWatches = function(cbreply) { CyphernodeClient.prototype.getActiveWatches = function(cbreply) {
// 192.168.122.152:8080/getactivewatches // 192.168.122.152:8080/getactivewatches
this._get('/getactivewatches', cbreply); this._get('/getactivewatches', cbreply);
}; };
CyphernodeClient.prototype.getTransaction = function(txid, cbreply) { CyphernodeClient.prototype.getTransaction = function(txid, cbreply) {
// http://192.168.122.152:8080/gettransaction/af867c86000da76df7ddb1054b273ca9e034e8c89d049b5b2795f9f590f67648 // http://192.168.122.152:8080/gettransaction/af867c86000da76df7ddb1054b273ca9e034e8c89d049b5b2795f9f590f67648
this._get('/gettransaction/' + txid, cbreply); this._get('/gettransaction/' + txid, cbreply);
}; };
CyphernodeClient.prototype.spend = function(btcaddr, amnt, cbreply) { CyphernodeClient.prototype.spend = function(btcaddr, amnt, cbreply) {
// BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","amount":0.00233} // BODY {"address":"2N8DcqzfkYi8CkYzvNNS5amoq3SbAcQNXKp","amount":0.00233}
let data = { address: btcaddr, amount: amnt } let data = { address: btcaddr, amount: amnt }
this._post('/spend', data, cbreply); this._post('/spend', data, cbreply);
}; };
CyphernodeClient.prototype.getBalance = function(cbreply) { CyphernodeClient.prototype.getBalance = function(cbreply) {
// http://192.168.122.152:8080/getbalance // http://192.168.122.152:8080/getbalance
this._get('/getbalance', cbreply); this._get('/getbalance', cbreply);
}; };
CyphernodeClient.prototype.getNewAddress = function(cbreply) { CyphernodeClient.prototype.getNewAddress = function(cbreply) {
// http://192.168.122.152:8080/getnewaddress // http://192.168.122.152:8080/getnewaddress
this._get('/getnewaddress', cbreply); this._get('/getnewaddress', cbreply);
}; };

2
clients/shell/cyphernode-client.sh
View File

@@ -8,7 +8,7 @@ invoke_cyphernode()
local post=${2} local post=${2}
local p64=$(echo "{\"id\":\"${id}\",\"exp\":$((`date +"%s"`+10))}" | base64) local p64=$(echo "{\"id\":\"${id}\",\"exp\":$((`date +"%s"`+10))}" | base64)
local s=$(echo "$h64.$p64" | openssl dgst -hmac "$key" -sha256 -r | cut -sd ' ' -f1) local s=$(echo -n "$h64.$p64" | openssl dgst -hmac "$key" -sha256 -r | cut -sd ' ' -f1)
local token="$h64.$p64.$s" local token="$h64.$p64.$s"
if [ -n "${post}" ]; then if [ -n "${post}" ]; then

10
proxy_docker/README.md
View File

@@ -26,6 +26,16 @@ DERIVATION_PATH=0/n
WATCHER_BTC_NODE_PRUNED=false WATCHER_BTC_NODE_PRUNED=false
``` ```
## Choose the right architecture
...by modifying the following line in Dockerfile:
```shell
COPY app/bin/lightning-cli_x86 ${HOME}/lightning-cli
```
...to lightning-cli_arm if running on a RPi.
## Building docker image ## Building docker image
```shell ```shell