commit 465ca4cd8f1ca8a6ebf5bd99d5b10c6cb54a1869
parent fe03f8afd4fd1eca104edee94dfb140e66158567
Author: Antoine A <>
Date: Wed, 1 Dec 2021 12:42:57 +0100
API: Check payto uri and btc address
Diffstat:
2 files changed, 39 insertions(+), 38 deletions(-)
diff --git a/script/test_bank.sh b/script/test_bank.sh
@@ -49,7 +49,7 @@ echo " OK"
echo "All tests passed"
-# ---- Endpoint & Method Error ----- #
+# ---- Endpoint & Method ----- #
echo -n "Unknown endpoint..."
test `curl -w %{http_code} -s -o /dev/null ${BANK_ENDPOINT}test` -eq 404 && echo " OK" || echo " Failed"
@@ -57,5 +57,18 @@ test `curl -w %{http_code} -s -o /dev/null ${BANK_ENDPOINT}test` -eq 404 && echo
echo -n "Method not allowed..."
test `curl -w %{http_code} -s -o /dev/null ${BANK_ENDPOINT}transfer` -eq 405 && echo " OK" || echo " Failed"
+# ----- Request format ----- #
+echo -n "Bad payto url..."
+COUNT=0
+for bad_payto in http://bitcoin/$ADDRESS payto://btc/$ADDRESS payto://bitcoin/$ADDRESS?id=admin payto://bitcoin/$ADDRESS#admin
+do
+ taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -C $bad_payto -a BTC:0.00042 2>&1 | grep -q "(400/24)" && echo -n " OK" || echo -n " Failed"
+done
+echo ""
+
+echo -n "Bad bitcoin address..."
+taler-exchange-wire-gateway-client -b $BANK_ENDPOINT -C payto://bitcoin/ADDRESS -a BTC:0.00042 2>&1 | grep -q '(400/26)' && echo " OK" || echo " Failed"
+
+#btc-wire-cli nblock
exit 0
diff --git a/wire-gateway/src/main.rs b/wire-gateway/src/main.rs
@@ -6,7 +6,7 @@ use std::{
use api_common::{Amount, SafeUint64, ShortHashCode, Timestamp};
use api_wire::{OutgoingBankTransaction, OutgoingHistory};
-use async_compression::tokio::{bufread::ZlibDecoder, write::ZlibEncoder};
+use async_compression::tokio::bufread::ZlibDecoder;
use btc_wire::{
bitcoincore_rpc::{
bitcoin::{Address, Amount as BtcAmount, BlockHash, Txid},
@@ -19,23 +19,18 @@ use btc_wire::{
};
use error_codes::ErrorCode;
use hyper::{
- body::Buf,
header,
http::request::Parts,
service::{make_service_fn, service_fn},
Body, Error, Method, Request, Response, Server, StatusCode,
};
-use tokio::{
- io::{AsyncReadExt, AsyncWriteExt},
- sync::Mutex,
-};
+use tokio::{io::AsyncReadExt, sync::Mutex};
use url::Url;
use crate::{
api_common::{Base32, ErrorDetail},
api_wire::{
- AddIncomingRequest, AddIncomingResponse, HistoryParams, IncomingBankTransaction,
- IncomingHistory, TransferRequest, TransferResponse,
+ HistoryParams, IncomingBankTransaction, IncomingHistory, TransferRequest, TransferResponse,
},
};
@@ -46,10 +41,19 @@ fn btc_payto_url(addr: &Address) -> Url {
}
fn btc_payto_addr(url: &Url) -> Result<&str, ServerErr> {
- dbg!(url);
- let address = url.path().trim_start_matches('/');
- return Ok(address);
- //if url.origin() != "bitcoin" || url.scheme() != "payto" || url.has_authority()
+ if url.domain() != Some("bitcoin")
+ || url.scheme() != "payto"
+ || url.username() != ""
+ || url.password().is_some()
+ || url.query().is_some()
+ || url.fragment().is_some()
+ {
+ return Err((
+ StatusCode::BAD_REQUEST,
+ ErrorCode::GENERIC_PAYTO_URI_MALFORMED,
+ ));
+ }
+ return Ok(url.path().trim_start_matches('/'));
}
impl Into<Amount> for BtcAmount {
@@ -261,16 +265,11 @@ async fn parse_json<J: serde::de::DeserializeOwned>(parts: &Parts, body: Body) -
async fn json_response<J: serde::Serialize>(status: StatusCode, json: &J) -> Response<Body> {
let json = serde_json::to_vec(json).unwrap();
- let mut encoder = ZlibEncoder::new(Vec::new());
- encoder.write_all(&json).await.unwrap();
- encoder.shutdown().await.unwrap();
-
- let encoded = encoder.into_inner();
+ // TODO investigate why curl do not like my async compression
Response::builder()
.status(status)
.header(header::CONTENT_TYPE, "application/json")
- .header(header::CONTENT_ENCODING, "deflate")
- .body(Body::from(encoded))
+ .body(Body::from(json))
.unwrap()
}
@@ -297,8 +296,13 @@ async fn router(
assert_method(&parts, Method::POST)?;
let request: TransferRequest = parse_json(&parts, body).await;
let client = state.client.lock().await;
- let address = request.credit_account.path().trim_start_matches('/');
- let to = Address::from_str(address).unwrap();
+ let address = btc_payto_addr(&request.credit_account)?;
+ let to = Address::from_str(address).map_err(|_| {
+ (
+ StatusCode::BAD_REQUEST,
+ ErrorCode::GENERIC_PARAMETER_MALFORMED,
+ )
+ })?;
let amount: BtcAmount = request.amount.try_into().unwrap();
client
.send_op_return(&to, amount, request.wtid.as_ref())
@@ -362,22 +366,6 @@ async fn router(
)
.await
}
- "/admin/add-incoming" => {
- assert_method(&parts, Method::POST)?;
- let request: AddIncomingRequest = parse_json(&parts, body).await;
- let mut guard = state.incoming.lock().await;
- let row_id = SafeUint64::try_from(guard.len() as u64 + 1).unwrap();
- let timestamp = Timestamp::now();
- guard.push(IncomingTransaction {
- row_id,
- date: timestamp,
- amount: request.amount,
- reserve_pub: request.reserve_pub,
- debit_account: request.debit_account,
- credit_account: Url::parse("payto://bitcoin").unwrap(),
- });
- json_response(StatusCode::OK, &AddIncomingResponse { timestamp, row_id }).await
- }
_ => return Err((StatusCode::NOT_FOUND, ErrorCode::GENERIC_ENDPOINT_UNKNOWN)),
};
return Ok(response);
