Permalink
Browse files

Timestamping nano blocks as they are received

  • Loading branch information...
jaimehgb committed Mar 23, 2018
1 parent 551b032 commit 77d9b189e2aee1719a654e01748b3d80a1b8c6ba
@@ -31,3 +31,6 @@ PUSHER_APP_CLUSTER=mt1
REDUNDANT_NODES=0.0.0.0:7076|0.0.0.1:7077|0.0.0.2:7080
ALIAS_JSON_FILE=/path/to/a/file/with/aliases/:P.json
CALLBACK_ALLOWED_IPS=127.0.0.1|127.0.0.2|::1
CALLBACK_KEY=false
@@ -2,7 +2,7 @@
<h3>Overview</h3>
<p>
This is a web based wallet for <a href="https://raiblocks.net" target="_blank">RaiBlocks</a><br/><br/>
This is a web based wallet for <a href="https://nano.org" target="_blank">Nano</a><br/><br/>
The wallet itself is at <a href="https://github.com/chriscohoat/rai-wallet" target="_blank">rai-wallet</a>. If you want to verify how blocks are created, signed and verified, how accounts are generated, etc ... you should look there. With it you can build your own private and homemade RaiBlocks wallet :D
<br/><br/>
At <code>js/custom.js</code> you can find like the "Middleware" between the Wallet and the GUI. It also contains all the queries made to the server to request PoW, info about accounts and transactions, etc ...
@@ -13,9 +13,9 @@
<hr/>
<h3>How is it built into RaiWallet.com</h3>
<h3>How is it built into Nanowallet.io</h3>
<p>
At <a href="http://raiwallet.com/" target="_blank">RaiWallet</a> the server is only used to store the users' wallets (ciphered), to provide information about the network to them, and to generate PoW. When a user signs up, a random identifier is generated to store the user wallet under it, but the wallet is created at the browser (seeds, keys, accounts, transactions, signatures, everything ... ). Once the user is done with the wallet, it is ciphered (AES256) with his password, still at the browser, and then the ciphered wallet is sent to the server to store it. Someone with access to the database wouldn't be able to find users' keys (if passwords are strong enough and haven't been leaked by their owners).
At <a href="http://nanowallet.io/" target="_blank">NanoWallet</a> the server is only used to store the users' wallets (ciphered), to provide information about the network to them, and to generate PoW. When a user signs up, a random identifier is generated to store the user wallet under it, but the wallet is created at the browser (seeds, keys, accounts, transactions, signatures, everything ... ). Once the user is done with the wallet, it is ciphered (AES256) with his password, still at the browser, and then the ciphered wallet is sent to the server to store it. Someone with access to the database wouldn't be able to find users' keys (if passwords are strong enough and haven't been leaked by their owners).
</p>
<hr/>
@@ -35,7 +35,7 @@ If you need more info, just ask. If you find a vulnerability and it is worth it
<pre>
Wallet Identifier: 2964ae96e92370aee570aa92419bc3698dd611172acc2fc85781a43c29bcc9aa
Account: xrb_3haojq7ntgd45qe1wde4bkqqruazt4sspw6r3ceshfqjnnrzaof63qhhehmf
Bounty: 2000 XRB ---> 0.07 BTC --> 300$ (at time of writing, 2000 XRB will always stay the same)
Bounty: 2000 Nano ---> 0.07 BTC --> 300$ (at time of writing, 2000 Nano will always stay the same)
Wallet Ciphertext Hex-encoded:
9b003185af74621c71ef70276fe27c8d7a25b6d519c2605ea936c690bb0c9b65d18261d8cd255bea010f4f874b6736bb8b1f73c1528eb3a97050c939033b24712f83f283a93e594540bfd5c4ba81eada2fb1fe7ad713f42e727e53c622a154ce5845f864d51776a905a77e2cf479406af8f9465779af8fd2429d3d154eecd44c4f15240f0bad7274e57aebf82df2014370a988d979e555497e1a9d13601d9ff2ae0878e9b42ea24b307664f9ca5fdd212eb7e7f12ca254fefbdb77ab6a91f905f858836bf61f549d3ceaf489e3bf60d013bcb3a7371dbefe6b5ba1f113906286606ccbd42801813be1e0507a26ac73afd3cd454f0fb4bb2565baf0dff13fabbe3e38edea58bd4a733e1d76d84c1e63736ee8e756152eb9e9bab053ce952174f08b1506867a623d06f6e3e073d9fc2450937996e7214b99e6423f4ed5b3e690e4dd833851cfe82f9ca76cfacca186bb81f88eea840ae56e87c6026172338ed2d066f62e5aea1a548dcec46fb2d4834b45721f293aab16d6a754ca3fc9a2378011869ac9575306f23bc68269ddb5288a7ef42b65a3095e0e83e268327d6d3257240392b11fe8ae1d16c2519b107b1e228357e7b5ea7560e9457a1d57d40eb245c3c0612f28eef19f02e41f7fdfa0d041e89ff1a3808ff63a990872f0374dffb1600e0780edcb812dc75350cbd9fdb0524f0a1894ee85aa204af3c0e815b163a99600d9902637797ea2d4a0dc31d687595310ca4e03d5018aa40657c46ec0bdedd6a16921c5ce5bfced36d2dc98d303fdd8cfe1b00ed1182c32a564fa0604f20edc8427abea3305c584672c3de2c0e44cda397a0d4c35ca6d27aeab79e7852965bcfbaedcd6e84c429e222de7a36edde252d877fe4f6968f3f5c477a1ecd7ab9c80e0ef599550fc8d45bdf9ae6dea52a86d237f09a3663387896249fb51c83c61b32428785dec413448813b1836638bdf67ca4271d28d9fafe824309259bc7576fc57fc78c2f8c5cdc1750139c11e25132ddb0126f4fd7c1a2deb5c07f99ee15be7ed2356e177a9fadbd57c91ca99b94e98c0e12074f2c752a290e0b388ee66439cc03dc9430b3d3683207014643f812fe2996984defc022efeab93d0f39469d1531dbca82da5a018b0cc8fbc37d604a557fd4fe8a0537f64db15722a6de5f65b0c5b6633979f22dfbbcb542193d518f0ca147eafd47e3f12cb37644ad68edf841f41e8cbd6ac0ccc9fcac194f3a15ea6a4be251fa047af2a5fbf49d46d2778130a8f7bfaafc3f7deeb1968b177ef1c179a5674fa86116b481d55f0eafc523698c4dc985831d87a0ba3467cda5a1970f1cad68a065e8e8ed3f05a4c2ae8caada3d1f0b43b383a0f856e8d5ddad1dbcbed58b27928e589e09d9840176de1bd2501a1f0670c9348f6e474dbe3b65a599d69c5466e3bf68c195edee21a848e1dba7a14643d80072366ffa1ef854ebb86a271d0520909671ad8b4b54dcc088b70fd4b3eec32929def173472a226d3df0638358ecd7ae4f988beafdfab91e2ca7557019a286273cf5063817ef78e8f3faca5bf07f58385297929f3a8ad1130d0ba510eb0376859067b96964de393179e6587e22abcd213f0c50b61f02d3df06215ccec84680c6a7e095d9a4cf44968ed4ba700ed1335e99f5acca4062a7fc0c455a97f962ba2b70a28019273282a96847e1a14e0719de5327865f9651c873cd0c06d29f783e87eb73f2aa1679282d65e395138000624d648987e12ec0e08630ed95c11b7d559bb5c2e902fafe11e03a369416a9ba054daa301210bddfef850f2ab5ba2a3709ccb483a60f4514d4a79f805201955684a49d896bbf1b983274354191447a7
</pre>
@@ -51,13 +51,18 @@ Check Laravel system requirements: <br/>
Clone the repo somewhere and cd into it. Then:<br/>
<pre>
composer install
composer update
npm install --global gulp-cli
npm shrinkwrap
npm install
cp .env-example .env
</pre>
<p>
Then edit the .env file. Basically you need to add the DB settings. <a href="https://laravel.com/docs/5.5/database" target="_blank">Info here</a>
Then edit the .env file. Basically you need to add the DB settings. <a href="https://laravel.com/docs/5.5/database" target="_blank">Info here</a>. Also, you need a nano node with rpc enabled running on the same machine, or change <a href="https://github.com/jaimehgb/RaiWalletV2/blob/master/app/Custom/RaiNode.php#L101">this</a> to match your requirements.
<br/><br/>
Also, you might want to configure the rpc callback to have your table with a list of timestamps and block hashes. It all works without it though.
<br/> <br/>
And server side PoW ... it's not included in this repo but the way it works is having something pulling all PoW requests from the PoW table, solving them, and then updating them in the database. When developing, you can still test using client side PoW so ... But yeah.
<br/>
Then:
</p>
@@ -69,4 +74,4 @@ gulp
And run it with:
<pre>
php artisan serve
</pre>
</pre>
@@ -5,10 +5,11 @@
use Illuminate\Http\Request;
use App\Custom\RaiNode;
use App\TxTimestamp;
class ApiController extends Controller
{
protected function validateBlockHash($hash)
protected function validateBlockHash($hash)
{
if(strlen($hash) != 64)
return false;
@@ -33,19 +34,32 @@ protected function error($msg)
public function publicRebroadcast (Request $request)
{
$block = $request->block;
$hash = $request->hash;
$block = json_decode($block);
if(!$block)
return $this->error('Invalid block data');
if(!$this->validateBlockHash($hash))
return $this->error('Invalid block hash');
$node = new RaiNode();
$res = $node->republish(['hash' => $hash]);
if(isset($res['error']))
$res = $node->process(['block' => $block]);
return $this->success();
$block = $request->block;
$hash = $request->hash;
$block = json_decode($block);
if(!$block)
return $this->error('Invalid block data');
if(!$this->validateBlockHash($hash))
return $this->error('Invalid block hash');
$node = new RaiNode();
$res = $node->republish(['hash' => $hash]);
if(isset($res['error']))
$res = $node->process(['block' => $block]);
return $this->success();
}
public function callbackHandle (Request $request)
{
$data = json_decode($request->getContent(), true);
if(!$data)
return $this->error('Invalid json data');
$hash = $data['hash'];
$timestamp = new TxTimestamp();
$timestamp->hash = $hash;
$timestamp->save();
return $this->success();
}
}
}
@@ -57,5 +57,6 @@ class Kernel extends HttpKernel
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'callback-filter' => \App\Http\Middleware\CallbackFilter::class,
];
}
@@ -0,0 +1,25 @@
<?php
namespace App\Http\Middleware;
use Closure;
class CallbackFilter
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if(env('CALLBACK_KEY') !== false)
if(env('CALLBACK_KEY') != $request->route('callback_key'))
return response()->json(['Unauthorized!'],400);
if(!in_array($request->ip(), explode('|', env('CALLBACK_ALLOWED_IPS'))))
return response()->json(['Unauthorized!'],400);
return $next($request);
}
}
@@ -0,0 +1,22 @@
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class TxTimestamp extends Model
{
public $timestamps = false;
protected static function boot()
{
parent::boot();
static::saving(function()
{
static::creating( function ($model) {
$model->setCreatedAt($model->freshTimestamp());
});
});
}
}
@@ -0,0 +1,32 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateTxTimestampsTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('tx_timestamps', function (Blueprint $table) {
$table->increments('id');
$table->dateTime('created_at');
$table->string('hash', 64)->unique();
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::dropIfExists('tx_timestamps');
}
}
@@ -13,6 +13,4 @@
|
*/
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::post('/callbackHandler/{callback_key}', 'ApiController@callbackHandle')->middleware('callback-filter');

0 comments on commit 77d9b18

Please sign in to comment.