diff --git a/code/go/0chain.net/blobbercore/handler/handler.go b/code/go/0chain.net/blobbercore/handler/handler.go index 7796a3c39..07c3d2907 100644 --- a/code/go/0chain.net/blobbercore/handler/handler.go +++ b/code/go/0chain.net/blobbercore/handler/handler.go @@ -405,11 +405,8 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) { } sign := r.Header.Get(common.ClientSignatureHeader) - allocation, ok := mux.Vars(r)["allocation"] - if !ok { - return false, common.NewError("invalid_params", "Missing allocation tx") - } - valid, err := verifySignatureFromRequest(allocation, sign, allocationObj.OwnerPublicKey) + + valid, err := verifySignatureFromRequest(allocationID, sign, allocationObj.OwnerPublicKey) if !valid || err != nil { return nil, common.NewError("invalid_signature", "Invalid signature") } @@ -421,10 +418,12 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) { if err != nil { return nil, common.NewError("invalid_parameters", "Invalid file path. "+err.Error()) } + clientID := ctx.Value(constants.ContextKeyClient).(string) if clientID != allocationObj.OwnerID { return nil, common.NewError("invalid_operation", "Operation needs to be performed by the owner of the allocation") } + err = reference.DeleteShareInfo(ctx, &reference.ShareInfo{ ClientID: refereeClientID, FilePathHash: filePathHash, @@ -436,9 +435,11 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) { } return resp, nil } + if err != nil { return nil, err } + resp := map[string]interface{}{ "status": http.StatusNoContent, "message": "Path successfully removed from allocation", @@ -456,11 +457,8 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { } sign := r.Header.Get(common.ClientSignatureHeader) - allocation, ok := mux.Vars(r)["allocation"] - if !ok { - return false, common.NewError("invalid_params", "Missing allocation tx") - } - valid, err := verifySignatureFromRequest(allocation, sign, allocationObj.OwnerPublicKey) + + valid, err := verifySignatureFromRequest(allocationID, sign, allocationObj.OwnerPublicKey) if !valid || err != nil { return nil, common.NewError("invalid_signature", "Invalid signature") } @@ -488,11 +486,6 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { return nil, err } - // dummy, to avoid input and sql error - if len(authTicket.ClientID) != 64 || len(authTicket.OwnerID) != 64 { - return nil, common.NewError("share_info_insert", "Wrong ownerID or clientID") - } - shareInfo := reference.ShareInfo{ OwnerID: authTicket.OwnerID, ClientID: authTicket.ClientID, @@ -509,15 +502,13 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { } else { err = reference.AddShareInfo(ctx, shareInfo) } + if err != nil { + Logger.Info(err.Error()) return nil, common.NewError("share_info_insert", "Unable to save share info") } - resp := map[string]interface{}{ - "message": "Share info added successfully", - } - - return resp, nil + return map[string]interface{}{"message": "Share info added successfully"}, nil } func MarketPlaceShareInfoHandler(ctx context.Context, r *http.Request) (interface{}, error) { diff --git a/code/go/0chain.net/blobbercore/readmarker/entity.go b/code/go/0chain.net/blobbercore/readmarker/entity.go index f0e6a20de..1728344d5 100644 --- a/code/go/0chain.net/blobbercore/readmarker/entity.go +++ b/code/go/0chain.net/blobbercore/readmarker/entity.go @@ -4,16 +4,20 @@ import ( "context" "encoding/json" "fmt" + "time" "github.com/0chain/blobber/code/go/0chain.net/blobbercore/allocation" "github.com/0chain/blobber/code/go/0chain.net/blobbercore/datastore" "github.com/0chain/blobber/code/go/0chain.net/core/common" "github.com/0chain/blobber/code/go/0chain.net/core/encryption" + zLogger "github.com/0chain/blobber/code/go/0chain.net/core/logging" + "go.uber.org/zap" "gorm.io/datatypes" +) - . "github.com/0chain/blobber/code/go/0chain.net/core/logging" - "go.uber.org/zap" +const ( + NinetyDays = common.Timestamp(90 * 24 * time.Hour) ) type AuthTicket struct { @@ -40,11 +44,18 @@ func (authToken *AuthTicket) Verify(allocationObj *allocation.Allocation, client if authToken.AllocationID != allocationObj.ID { return common.NewError("invalid_parameters", "Invalid auth ticket. Allocation id mismatch") } - if authToken.ClientID != clientID && len(authToken.ClientID) > 0 { + if authToken.ClientID != "" && authToken.ClientID != clientID { return common.NewError("invalid_parameters", "Invalid auth ticket. Client ID mismatch") } - if authToken.Expiration > 0 && (authToken.Expiration < authToken.Timestamp || authToken.Expiration < common.Now()) { - return common.NewError("invalid_parameters", "Invalid auth ticket. Expired ticket") + + if authToken.Expiration > 0 { + if authToken.Expiration < authToken.Timestamp || authToken.Expiration <= common.Now() { + return common.NewError("invalid_parameters", "Invalid auth ticket. Expired ticket") + } + } else { // check for default 90 days expiration time + if authToken.Timestamp+NinetyDays <= common.Now() { + return common.NewError("invalid_parameters", "Authticket expired") + } } if authToken.OwnerID != allocationObj.OwnerID { @@ -60,6 +71,7 @@ func (authToken *AuthTicket) Verify(allocationObj *allocation.Allocation, client if err != nil || !sigOK { return common.NewError("invalid_parameters", "Invalid auth ticket. Signature verification failed") } + return nil } @@ -169,7 +181,7 @@ func (rm *ReadMarkerEntity) Sync(ctx context.Context) (err error) { func (rm *ReadMarkerEntity) UpdateStatus(ctx context.Context, rps []*allocation.ReadPool, txOutput, redeemTxn string) (err error) { var redeems []allocation.ReadPoolRedeem if err = json.Unmarshal([]byte(txOutput), &redeems); err != nil { - Logger.Error("update read redeeming status: can't decode transaction"+ + zLogger.Logger.Error("update read redeeming status: can't decode transaction"+ " output", zap.Error(err)) return common.NewErrorf("rme_update_status", "can't decode transaction output: %v", err)