lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Feat: implement per operator settings cache

Browse source 
Fix: fix linter-found issues

Chore: move findOperatorId to own middleware file

Chore: delete old routes.js file and rename new-routes.js to routes.js

Fix: PR fixes
This commit is contained in:
Cesar 2021-01-13 19:04:40 +00:00 committed by Josh Harvey
parent 85235eaa13
commit 558317e9f3
30 changed files with 232 additions and 860 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/app.js
View file

@ -3,7 +3,7 @@ const http = require('http')
const https = require('https')
const argv = require('minimist')(process.argv.slice(2))
const routes = require('./new-routes')
const routes = require('./routes')
const logger = require('./logger')
const poller = require('./poller')
const settingsLoader = require('./new-settings-loader')

9
lib/cash-out/cash-out-tx.js
View file

@ -9,6 +9,7 @@ const T = require('../time')
const logger = require('../logger')
const plugins = require('../plugins')
const httpError = require('../route-helpers').httpError
const helper = require('./cash-out-helper')
const cashOutAtomic = require('./cash-out-atomic')
const cashOutActions = require('./cash-out-actions')
@ -31,14 +32,6 @@ const INSUFFICIENT_FUNDS_CODE = 570
const toObj = helper.toObj
function httpError (msg, code) {
const err = new Error(msg)
err.name = 'HTTPError'
err.code = code || 500
return err
}
function selfPost (tx, pi) {
return post(tx, pi, false)
}

1
lib/middlewares/ca.js
View file

@ -1,7 +1,6 @@
const pairing = require('../pairing')
function ca (req, res) {
console.log("ca")
const token = req.query.token
return pairing.authorizeCaDownload(token)

30
lib/middlewares/operatorId.js Normal file
View file

@ -0,0 +1,30 @@
const pify = require('pify')
const fs = pify(require('fs'))
const hkdf = require('futoin-hkdf')
const state = require('./state')
const mnemonicHelpers = require('../mnemonic-helpers')
const options = require('../options')
function computeOperatorId (masterSeed) {
return hkdf(masterSeed, 16, { salt: 'lamassu-server-salt', info: 'operator-id' }).toString('hex')
}
function getMnemonic () {
if (state.mnemonic) return Promise.resolve(state.mnemonic)
return fs.readFile(options.mnemonicPath, 'utf8').then(mnemonic => {
state.mnemonic = mnemonic
return mnemonic
})
}
function findOperatorId (req, res, next) {
getMnemonic().then(mnemonic => {
return computeOperatorId(mnemonicHelpers.toEntropyBuffer(mnemonic))
}).then(id => {
res.locals.operatorId = id
}).catch(e => console.error('Error while computing operator id\n' + e))
next()
}
module.exports = findOperatorId

20
lib/middlewares/pair.js
View file

@ -1,20 +0,0 @@
const pairing = require('../pairing')
function pair (req, res, next) {
console.log("pair")
const token = req.query.token
const deviceId = req.deviceId
const model = req.query.model
return pairing.pair(token, deviceId, model)
.then(valid => {
if (valid) {
return res.json({ status: 'paired' })
}
throw httpError('Pairing failed')
})
.catch(next)
}
module.exports = pair

2
lib/middlewares/populateDeviceId.js
View file

@ -1,7 +1,7 @@
const _ = require('lodash/fp')
const crypto = require('crypto')
function sha256 (buf) {
const crypto = require('crypto')
const hash = crypto.createHash('sha256')
hash.update(buf)

15
lib/middlewares/populateSettings.js
View file

@ -6,26 +6,27 @@ const helpers = require('../route-helpers')
const SETTINGS_CACHE_REFRESH = 60 * 60 * 1000
const populateSettings = function (req, res, next) {
const operatorId = res.locals.operatorId
const versionId = req.headers['config-version']
if (versionId !== state.oldVersionId) {
state.oldVersionId = versionId
}
// Clear cache every hour
if (Date.now() - settingsCache.getTimestamp() > SETTINGS_CACHE_REFRESH) {
settingsCache.clearCache()
if (Date.now() - settingsCache.getTimestamp(operatorId) > SETTINGS_CACHE_REFRESH) {
settingsCache.clear(operatorId)
}
if (!versionId && settingsCache.getCache()) {
req.settings = settingsCache.getCache()
if (!versionId && settingsCache.getCache(operatorId)) {
req.settings = settingsCache.getCache(operatorId)
return next()
}
if (!versionId && !settingsCache.getCache()) {
if (!versionId && !settingsCache.getCache(operatorId)) {
return newSettingsLoader.loadLatest()
.then(settings => {
settingsCache.setCache(settings)
settingsCache.setTimestamp(Date.now())
settingsCache.setCache(operatorId, settings)
settingsCache.setTimestamp(operatorId, Date.now())
req.settings = settings
})
.then(() => next())

19
lib/middlewares/settingsCache.js
View file

@ -1,19 +1,26 @@
const _ = require('lodash/fp')
const state = require('./state')
const getTimestamp = () => state.settingsCache.timestamp
const getTimestamp = (operatorId) => state.settingsCache[operatorId] ? state.settingsCache[operatorId].timestamp : null
const getCache = () => state.settingsCache.cache
const getCache = (operatorId) => state.settingsCache[operatorId] ? state.settingsCache[operatorId].cache : null
const setTimestamp = (newTimestamp) => state.settingsCache.timestamp = newTimestamp
const setTimestamp = (operatorId, newTimestamp) => {
state.settingsCache = _.set([operatorId, 'timestamp'], newTimestamp, state.settingsCache)
}
const setCache = (newCache) => state.settingsCache.cache = newCache
const setCache = (operatorId, newCache) => {
state.settingsCache = _.set([operatorId, 'cache'], newCache, state.settingsCache)
}
const clearCache = () => state.settingsCache.cache = null
const clear = (operatorId) => {
state.settingsCache = _.set([operatorId], null, state.settingsCache)
}
module.exports = {
getTimestamp,
getCache,
setTimestamp,
setCache,
clearCache
clear
}

9
lib/middlewares/state.js
View file

@ -1,12 +1,13 @@
module.exports = function () {
module.exports = (function () {
return {
oldVersionId: "unset",
oldVersionId: 'unset',
settingsCache: {},
canLogClockSkewMap: {},
canGetLastSeenMap: {},
pids: {},
reboots: {},
shutdowns: {},
restartServicesMap: {}
restartServicesMap: {},
mnemonic: null
}
}()
}())

80
lib/new-routes.js
View file

@ -1,80 +0,0 @@
const express = require('express')
const argv = require('minimist')(process.argv.slice(2))
const bodyParser = require('body-parser')
const compression = require('compression')
const helmet = require('helmet')
const morgan = require('morgan')
const nocache = require('nocache')
const authorize = require('./middlewares/authorize')
const errorHandler = require('./middlewares/errorHandler')
const filterOldRequests = require('./middlewares/filterOldRequests')
const logger = require('./logger')
const options = require('./options')
const populateDeviceId = require('./middlewares/populateDeviceId')
const populateSettings = require('./middlewares/populateSettings')
const customerRoutes = require('./routes/customerRoutes')
const logsRoutes = require('./routes/logsRoutes')
const ownAuthorizationRoutes = require('./routes/ownAuthorizationRoutes')
const phoneCodeRoutes = require('./routes/phoneCodeRoutes')
const pollingRoutes = require('./routes/pollingRoutes')
const stateRoutes = require('./routes/stateRoutes')
const termsAndConditionsRoutes = require('./routes/termsAndConditionsRoutes')
const txRoutes = require('./routes/txRoutes')
const verifyUserRoutes = require('./routes/verifyUserRoutes')
const verifyTxRoutes = require('./routes/verifyTxRoutes')
const localAppRoutes = require('./routes/localAppRoutes')
const app = express()
const localApp = express()
const configRequiredRoutes = [
'/poll',
'/terms_conditions',
'/event',
'/phone_code',
'/customer',
'/tx'
]
const devMode = argv.dev || options.http
// middleware setup
app.use(compression({ threshold: 500 }))
app.use(helmet())
app.use(nocache())
app.use(bodyParser.json({ limit: '2mb' }))
app.use(morgan(':method :url :status :response-time ms - :res[content-length]', { stream: logger.stream }))
// app /pair and /ca routes
app.use('/', ownAuthorizationRoutes)
app.use(populateDeviceId)
if (!devMode) app.use(authorize)
app.use(configRequiredRoutes, populateSettings)
app.use(filterOldRequests)
// other app routes
app.use('/poll', pollingRoutes)
app.use('/terms_conditions', termsAndConditionsRoutes)
app.use('/state', stateRoutes)
app.use('/verify_user', verifyUserRoutes)
app.use('/verify_transaction', verifyTxRoutes)
app.use('/phone_code', phoneCodeRoutes)
app.use('/customer', customerRoutes)
app.use('/tx', txRoutes)
app.use('/logs', logsRoutes)
app.use(errorHandler)
app.use((req, res) => {
res.status(404).json({ error: 'No such route' })
})
// localapp routes
localApp.use('/', localAppRoutes)
module.exports = { app, localApp }

3
lib/route-helpers.js
View file

@ -93,5 +93,6 @@ module.exports = {
stateChange,
fetchPhoneTx,
fetchStatusTx,
updateDeviceConfigVersion
updateDeviceConfigVersion,
httpError
}

674
lib/routes.js
View file

@ -1,488 +1,36 @@
'use strict'
const compression = require('compression')
const morgan = require('morgan')
const helmet = require('helmet')
const nocache = require('nocache')
const bodyParser = require('body-parser')
const _ = require('lodash/fp')
const express = require('express')
const nmd = require('nano-markdown')
const semver = require('semver')
const dbErrorCodes = require('./db-error-codes')
const options = require('./options')
const logger = require('./logger')
const configManager = require('./new-config-manager')
const complianceTriggers = require('./compliance-triggers')
const pairing = require('./pairing')
const newSettingsLoader = require('./new-settings-loader')
const plugins = require('./plugins')
const helpers = require('./route-helpers')
const poller = require('./poller')
const Tx = require('./tx')
const E = require('./error')
const customers = require('./customers')
const logs = require('./logs')
const compliance = require('./compliance')
const promoCodes = require('./promo-codes')
const BN = require('./bn')
const commissionMath = require('./commission-math')
const notifier = require('./notifier')
const version = require('../package.json').version
const argv = require('minimist')(process.argv.slice(2))
const CLOCK_SKEW = 60 * 1000
const REQUEST_TTL = 3 * 60 * 1000
const THROTTLE_LOGS_QUERY = 30 * 1000
const THROTTLE_CLOCK_SKEW = 60 * 1000
const SETTINGS_CACHE_REFRESH = 60 * 60 * 1000
const pids = {}
const reboots = {}
const shutdowns = {}
const restartServicesMap = {}
const canGetLastSeenMap = {}
const canLogClockSkewMap = {}
const settingsCache = {}
const devMode = argv.dev || options.http
function checkHasLightning (settings) {
return configManager.getWalletSettings('BTC', settings.config).layer2 !== 'no-layer2'
}
function poll (req, res, next) {
const machineVersion = req.query.version
const machineModel = req.query.model
const deviceId = req.deviceId
const deviceTime = req.deviceTime
const serialNumber = req.query.sn
const pid = req.query.pid
const settings = req.settings
const localeConfig = configManager.getLocale(deviceId, settings.config)
const pi = plugins(settings, deviceId)
const hasLightning = checkHasLightning(settings)
const triggers = configManager.getTriggers(settings.config)
const operatorInfo = configManager.getOperatorInfo(settings.config)
const machineInfo = { deviceId: req.deviceId, deviceName: req.deviceName }
const cashOutConfig = configManager.getCashOut(deviceId, settings.config)
const receipt = configManager.getReceipt(settings.config)
const terms = configManager.getTermsConditions(settings.config)
pids[deviceId] = { pid, ts: Date.now() }
return pi.pollQueries(serialNumber, deviceTime, req.query, machineVersion, machineModel)
.then(results => {
const cassettes = results.cassettes
const reboot = pid && reboots[deviceId] && reboots[deviceId] === pid
const shutdown = pid && shutdowns[deviceId] && shutdowns[deviceId] === pid
const restartServices = pid && restartServicesMap[deviceId] && restartServicesMap[deviceId] === pid
const langs = localeConfig.languages
const locale = {
fiatCode: localeConfig.fiatCurrency,
localeInfo: {
primaryLocale: langs[0],
primaryLocales: langs,
country: localeConfig.country
}
}
const response = {
error: null,
locale,
version,
receiptPrintingActive: receipt.active,
cassettes,
twoWayMode: cashOutConfig.active,
zeroConfLimit: cashOutConfig.zeroConfLimit,
reboot,
shutdown,
restartServices,
hasLightning,
receipt,
operatorInfo,
machineInfo,
triggers
}
// BACKWARDS_COMPATIBILITY 7.5
// machines before 7.5 expect old compliance
if (!machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')) {
const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
response.smsVerificationActive = !!compatTriggers.sms
response.smsVerificationThreshold = compatTriggers.sms
response.idCardDataVerificationActive = !!compatTriggers.idCardData
response.idCardDataVerificationThreshold = compatTriggers.idCardData
response.idCardPhotoVerificationActive = !!compatTriggers.idCardPhoto
response.idCardPhotoVerificationThreshold = compatTriggers.idCardPhoto
response.sanctionsVerificationActive = !!compatTriggers.sancations
response.sanctionsVerificationThreshold = compatTriggers.sancations
response.frontCameraVerificationActive = !!compatTriggers.facephoto
response.frontCameraVerificationThreshold = compatTriggers.facephoto
}
// BACKWARDS_COMPATIBILITY 7.4.9
// machines before 7.4.9 expect t&c on poll
if (!machineVersion || semver.lt(machineVersion, '7.4.9')) {
response.terms = createTerms(terms)
}
return res.json(_.assign(response, results))
})
.catch(next)
}
function getTermsConditions (req, res, next) {
const deviceId = req.deviceId
const settings = req.settings
const terms = configManager.getTermsConditions(settings.config)
const pi = plugins(settings, deviceId)
return pi.fetchCurrentConfigVersion().then(version => {
return res.json({ terms: createTerms(terms), version })
})
.catch(next)
}
function getTx (req, res, next) {
if (req.query.status) {
return helpers.fetchStatusTx(req.params.id, req.query.status)
.then(r => res.json(r))
.catch(next)
}
return next(httpError('Not Found', 404))
}
function getPhoneTx (req, res, next) {
if (req.query.phone) {
return helpers.fetchPhoneTx(req.query.phone)
.then(r => res.json(r))
.catch(next)
}
return next(httpError('Not Found', 404))
}
function postTx (req, res, next) {
const pi = plugins(req.settings, req.deviceId)
return Tx.post(_.set('deviceId', req.deviceId, req.body), pi)
.then(tx => {
if (tx.errorCode) {
logger.error(tx.error)
throw httpError(tx.error, 500)
}
return res.json(tx)
})
.catch(err => {
// 204 so that l-m can ignore the error
// this is fine because the request is polled and will be retried if needed.
if (err.code === dbErrorCodes.SERIALIZATION_FAILURE) {
logger.warn('Harmless DB conflict, the query will be retried.')
return res.status(204).json({})
}
if (err instanceof E.StaleTxError) return res.status(409).json({ errorType: 'stale' })
if (err instanceof E.RatchetError) return res.status(409).json({ errorType: 'ratchet' })
throw err
})
.catch(next)
}
function stateChange (req, res, next) {
helpers.stateChange(req.deviceId, req.deviceTime, req.body)
.then(() => respond(req, res))
.catch(next)
}
function verifyUser (req, res, next) {
const pi = plugins(req.settings, req.deviceId)
pi.verifyUser(req.body)
.then(idResult => respond(req, res, idResult))
.catch(next)
}
function verifyTx (req, res, next) {
const pi = plugins(req.settings, req.deviceId)
pi.verifyTransaction(req.body)
.then(idResult => respond(req, res, idResult))
.catch(next)
}
function verifyPromoCode (req, res, next) {
promoCodes.getPromoCode(req.body.codeInput)
.then(promoCode => {
if (!promoCode) return next()
const transaction = req.body.tx
const commissions = configManager.getCommissions(transaction.cryptoCode, req.deviceId, req.settings.config)
const tickerRate = BN(transaction.rawTickerPrice)
const discount = commissionMath.getDiscountRate(promoCode.discount, commissions[transaction.direction])
const rates = {
[transaction.cryptoCode]: {
[transaction.direction]: (transaction.direction === 'cashIn')
? tickerRate.mul(discount).round(5)
: tickerRate.div(discount).round(5)
}
}
respond(req, res, {
promoCode: promoCode,
newRates: rates
})
})
.catch(next)
}
function addOrUpdateCustomer (req) {
const customerData = req.body
const machineVersion = req.query.version
const triggers = configManager.getTriggers(req.settings.config)
const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
const maxDaysThreshold = complianceTriggers.maxDaysThreshold(triggers)
return customers.get(customerData.phone)
.then(customer => {
if (customer) return customer
return customers.add(req.body)
})
.then(customer => {
// BACKWARDS_COMPATIBILITY 7.5
// machines before 7.5 expect customer with sanctions result
const isOlderMachineVersion = !machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')
const shouldRunOfacCompat = !compatTriggers.sanctions && isOlderMachineVersion
if (!shouldRunOfacCompat) return customer
return compliance.validationPatch(req.deviceId, !!compatTriggers.sanctions, customer)
.then(patch => {
if (_.isEmpty(patch)) return customer
return customers.update(customer.id, patch)
})
}).then(customer => {
return Tx.customerHistory(customer.id, maxDaysThreshold)
.then(result => {
customer.txHistory = result
return customer
})
})
}
function getCustomerWithPhoneCode (req, res, next) {
const pi = plugins(req.settings, req.deviceId)
const phone = req.body.phone
return pi.getPhoneCode(phone)
.then(code => {
return addOrUpdateCustomer(req)
.then(customer => respond(req, res, { code, customer }))
})
.catch(err => {
if (err.name === 'BadNumberError') throw httpError('Bad number', 401)
throw err
})
.catch(next)
}
function updateCustomer (req, res, next) {
const id = req.params.id
const machineVersion = req.query.version
const txId = req.query.txId
const patch = req.body
const triggers = configManager.getTriggers(req.settings.config)
const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
customers.getById(id)
.then(customer => {
if (!customer) { throw httpError('Not Found', 404) }
const mergedCustomer = _.merge(customer, patch)
// BACKWARDS_COMPATIBILITY 7.5
// machines before 7.5 expect customer with sanctions result
const isOlderMachineVersion = !machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')
return Promise.resolve({})
.then(emptyObj => {
if (!isOlderMachineVersion) return Promise.resolve(emptyObj)
return compliance.validationPatch(req.deviceId, !!compatTriggers.sanctions, mergedCustomer)
})
.then(_.merge(patch))
.then(newPatch => customers.updatePhotoCard(id, newPatch))
.then(newPatch => customers.updateFrontCamera(id, newPatch))
.then(newPatch => customers.update(id, newPatch, null, txId))
})
.then(customer => respond(req, res, { customer }))
.catch(next)
}
function triggerSanctions (req, res, next) {
const id = req.params.id
customers.getById(id)
.then(customer => {
if (!customer) { throw httpError('Not Found', 404) }
return compliance.validationPatch(req.deviceId, true, customer)
.then(patch => customers.update(id, patch))
})
.then(customer => respond(req, res, { customer }))
.catch(next)
}
function triggerBlock (req, res, next) {
const id = req.params.id
customers.update(id, { authorizedOverride: 'blocked' })
.then(customer => {
notifier.notifyIfActive('compliance', 'customerComplianceNotify', customer, req.deviceId, 'BLOCKED')
return respond(req, res, { customer })
})
.catch(next)
}
function triggerSuspend (req, res, next) {
const id = req.params.id
const triggerId = req.body.triggerId
const triggers = configManager.getTriggers(req.settings.config)
const getSuspendDays = _.compose(_.get('suspensionDays'), _.find(_.matches({ id: triggerId })))
const days = triggerId === 'no-ff-camera' ? 1 : getSuspendDays(triggers)
const date = new Date()
date.setDate(date.getDate() + days);
customers.update(id, { suspendedUntil: date })
.then(customer => {
notifier.notifyIfActive('compliance', 'customerComplianceNotify', customer, req.deviceId, 'SUSPENDED', days)
return respond(req, res, { customer })
})
.catch(next)
}
function getLastSeen (req, res, next) {
const deviceId = req.deviceId
const timestamp = Date.now()
const shouldTrigger = !canGetLastSeenMap[deviceId] ||
timestamp - canGetLastSeenMap[deviceId] >= THROTTLE_LOGS_QUERY
if (shouldTrigger) {
canGetLastSeenMap[deviceId] = timestamp
return logs.getLastSeen(deviceId)
.then(r => res.json(r))
.catch(next)
}
return res.status(408).json({})
}
function updateLogs (req, res, next) {
return logs.update(req.deviceId, req.body.logs)
.then(status => res.json({ success: status }))
.catch(next)
}
function ca (req, res) {
const token = req.query.token
return pairing.authorizeCaDownload(token)
.then(ca => res.json({ ca }))
.catch(() => res.status(403).json({ error: 'forbidden' }))
}
function pair (req, res, next) {
const token = req.query.token
const deviceId = req.deviceId
const model = req.query.model
return pairing.pair(token, deviceId, model)
.then(valid => {
if (valid) {
return res.json({ status: 'paired' })
}
throw httpError('Pairing failed')
})
.catch(next)
}
function errorHandler (err, req, res, next) {
const statusCode = err.name === 'HTTPError'
? err.code || 500
: 500
const json = { error: err.message }
if (statusCode >= 400) logger.error(err)
return res.status(statusCode).json(json)
}
function respond (req, res, _body, _status) {
const status = _status || 200
const body = _body || {}
const customer = _.getOr({ sanctions: true }, ['customer'], body)
// sanctions can be null for new customers so we can't use falsy checks
if (customer.sanctions === false) {
notifier.notifyIfActive('compliance', 'sanctionsNotify', customer, req.body.phone)
}
return res.status(status).json(body)
}
function httpError (msg, code) {
const err = new Error(msg)
err.name = 'HTTPError'
err.code = code || 500
return err
}
function filterOldRequests (req, res, next) {
const deviceTime = req.deviceTime
const deviceId = req.deviceId
const timestamp = Date.now()
const delta = timestamp - Date.parse(deviceTime)
const shouldTrigger = !canLogClockSkewMap[deviceId] ||
timestamp - canLogClockSkewMap[deviceId] >= THROTTLE_CLOCK_SKEW
if (delta > CLOCK_SKEW && shouldTrigger) {
canLogClockSkewMap[deviceId] = timestamp
logger.error('Clock skew with lamassu-machine[%s] too high [%ss], adjust lamassu-machine clock',
req.deviceName, (delta / 1000).toFixed(2))
}
if (delta > REQUEST_TTL) return res.status(408).json({ error: 'stale' })
next()
}
function authorize (req, res, next) {
const deviceId = req.deviceId
return pairing.isPaired(deviceId)
.then(deviceName => {
if (deviceName) {
req.deviceId = deviceId
req.deviceName = deviceName
return next()
}
return res.status(403).json({ error: 'Forbidden' })
})
.catch(next)
}
const skip = (req, res) => _.includes(req.path, ['/poll', '/state', '/logs']) && _.includes(res.statusCode, [200, 408])
const bodyParser = require('body-parser')
const compression = require('compression')
const helmet = require('helmet')
const morgan = require('morgan')
const nocache = require('nocache')
const authorize = require('./middlewares/authorize')
const errorHandler = require('./middlewares/errorHandler')
const filterOldRequests = require('./middlewares/filterOldRequests')
const logger = require('./logger')
const options = require('./options')
const findOperatorId = require('./middlewares/operatorId')
const populateDeviceId = require('./middlewares/populateDeviceId')
const populateSettings = require('./middlewares/populateSettings')
const customerRoutes = require('./routes/customerRoutes')
const logsRoutes = require('./routes/logsRoutes')
const rootRoutes = require('./routes/rootRoutes')
const phoneCodeRoutes = require('./routes/phoneCodeRoutes')
const pollingRoutes = require('./routes/pollingRoutes')
const stateRoutes = require('./routes/stateRoutes')
const termsAndConditionsRoutes = require('./routes/termsAndConditionsRoutes')
const txRoutes = require('./routes/txRoutes')
const verifyUserRoutes = require('./routes/verifyUserRoutes')
const verifyTxRoutes = require('./routes/verifyTxRoutes')
const verifyPromoCodeRoutes = require('./routes/verifyPromoCodeRoutes')
const localAppRoutes = require('./routes/localAppRoutes')
const app = express()
const localApp = express()
const configRequiredRoutes = [
'/poll',
@ -493,168 +41,46 @@ const configRequiredRoutes = [
'/tx',
'/verify_promo_code'
]
const devMode = argv.dev || options.http
const app = express()
const localApp = express()
// middleware setup
app.use(compression({ threshold: 500 }))
app.use(helmet())
app.use(nocache())
app.use(bodyParser.json({ limit: '2mb' }))
app.use(morgan(':method :url :status :response-time ms - :res[content-length]', { stream: logger.stream }))
// These two have their own authorization
app.post('/pair', populateDeviceId, pair)
app.get('/ca', ca)
// app /pair and /ca routes
app.use('/', rootRoutes)
app.use(findOperatorId)
app.use(populateDeviceId)
if (!devMode) app.use(authorize)
app.use(configRequiredRoutes, populateSettings)
app.use(filterOldRequests)
app.get('/poll', poll)
app.get('/terms_conditions', getTermsConditions)
app.post('/state', stateChange)
// other app routes
app.use('/poll', pollingRoutes)
app.use('/terms_conditions', termsAndConditionsRoutes)
app.use('/state', stateRoutes)
app.post('/verify_user', verifyUser)
app.post('/verify_transaction', verifyTx)
app.post('/verify_promo_code', verifyPromoCode)
app.use('/verify_user', verifyUserRoutes)
app.use('/verify_transaction', verifyTxRoutes)
app.use('/verify_promo_code', verifyPromoCodeRoutes)
app.post('/phone_code', getCustomerWithPhoneCode)
app.patch('/customer/:id', updateCustomer)
app.patch('/customer/:id/sanctions', triggerSanctions)
app.patch('/customer/:id/block', triggerBlock)
app.patch('/customer/:id/suspend', triggerSuspend)
app.use('/phone_code', phoneCodeRoutes)
app.use('/customer', customerRoutes)
app.post('/tx', postTx)
app.get('/tx/:id', getTx)
app.get('/tx', getPhoneTx)
app.get('/logs', getLastSeen)
app.post('/logs', updateLogs)
app.use('/tx', txRoutes)
app.use('/logs', logsRoutes)
app.use(errorHandler)
app.use((req, res) => {
res.status(404).json({ error: 'No such route' })
})
localApp.get('/pid', (req, res) => {
const deviceId = req.query.device_id
const pidRec = pids[deviceId]
res.json(pidRec)
})
localApp.post('/reboot', (req, res) => {
const deviceId = req.query.device_id
const pid = pids[deviceId] && pids[deviceId].pid
if (!deviceId || !pid) {
return res.sendStatus(400)
}
reboots[deviceId] = pid
res.sendStatus(200)
})
localApp.post('/shutdown', (req, res) => {
const deviceId = req.query.device_id
const pid = pids[deviceId] && pids[deviceId].pid
if (!deviceId || !pid) {
return res.sendStatus(400)
}
shutdowns[deviceId] = pid
res.sendStatus(200)
})
localApp.post('/restartServices', (req, res) => {
const deviceId = req.query.device_id
const pid = pids[deviceId] && pids[deviceId].pid
if (!deviceId || !pid) {
return res.sendStatus(400)
}
restartServicesMap[deviceId] = pid
res.sendStatus(200)
})
localApp.post('/dbChange', (req, res, next) => {
settingsCache.cache = null
return newSettingsLoader.loadLatest()
.then(poller.reload)
.then(() => logger.info('Config reloaded'))
.catch(err => {
logger.error(err)
res.sendStatus(500)
})
})
function sha256 (buf) {
const crypto = require('crypto')
const hash = crypto.createHash('sha256')
hash.update(buf)
return hash.digest('hex').toString('hex')
}
function populateDeviceId (req, res, next) {
const deviceId = _.isFunction(req.connection.getPeerCertificate)
? sha256(req.connection.getPeerCertificate().raw)
: null
req.deviceId = deviceId
req.deviceTime = req.get('date')
next()
}
let oldVersionId = 'initial'
function populateSettings (req, res, next) {
const versionId = req.headers['config-version']
if (versionId !== oldVersionId) {
oldVersionId = versionId
}
// Clear cache every hour
if (Date.now() - settingsCache.timestamp > SETTINGS_CACHE_REFRESH) {
settingsCache.cache = null
}
if (!versionId && settingsCache.cache) {
req.settings = settingsCache.cache
return next()
}
if (!versionId && !settingsCache.cache) {
return newSettingsLoader.loadLatest()
.then(settings => {
settingsCache.cache = settings
settingsCache.timestamp = Date.now()
req.settings = settings
})
.then(() => next())
.catch(next)
}
newSettingsLoader.load(versionId)
.then(settings => { req.settings = settings })
.then(() => helpers.updateDeviceConfigVersion(versionId))
.then(() => next())
.catch(next)
}
function createTerms (terms) {
if (!terms.active || !terms.text) return null
return {
active: terms.active,
title: terms.title,
text: nmd(terms.text),
accept: terms.acceptButtonText,
cancel: terms.cancelButtonText
}
}
// localapp routes
localApp.use('/', localAppRoutes)
module.exports = { app, localApp }

13
lib/routes/customerRoutes.js
View file

@ -7,14 +7,7 @@ const compliance = require('../compliance')
const complianceTriggers = require('../compliance-triggers')
const configManager = require('../new-config-manager')
const customers = require('../customers')
function httpError (msg, code) {
const err = new Error(msg)
err.name = 'HTTPError'
err.code = code || 500
return err
}
const httpError = require('../route-helpers').httpError
function updateCustomer (req, res, next) {
const id = req.params.id
@ -54,10 +47,8 @@ function triggerSanctions (req, res, next) {
customers.getById(id)
.then(customer => {
if (!customer) { throw httpError('Not Found', 404) }
return compliance.validationPatch(req.deviceId, true, customer)
.then(patch => customers.update(id, patch))
})
.then(customer => res.status(200).json({ customer }))
.catch(next)
@ -81,7 +72,7 @@ function triggerSuspend (req, res, next) {
const days = triggerId === 'no-ff-camera' ? 1 : getSuspendDays(triggers)
const date = new Date()
date.setDate(date.getDate() + days);
date.setDate(date.getDate() + days)
customers.update(id, { suspendedUntil: date })
.then(customer => res.status(200).json({ customer }))
.catch(next)

15
lib/routes/localAppRoutes.js
View file

@ -1,10 +1,6 @@
const express = require('express')
const router = express.Router()
const logger = require('../logger')
const newSettingsLoader = require('../new-settings-loader')
const poller = require('../poller')
const settingsCache = require('../middlewares/settingsCache')
const state = require('../middlewares/state')
router.get('/pid', (req, res) => {
@ -49,15 +45,4 @@ router.post('/restartServices', (req, res) => {
res.sendStatus(200)
})
router.post('/dbChange', (req, res, next) => {
settingsCache.clearCache()
return newSettingsLoader.loadLatest()
.then(poller.reload)
.then(() => logger.info('Config reloaded'))
.catch(err => {
logger.error(err)
res.sendStatus(500)
})
})
module.exports = router

1
lib/routes/logsRoutes.js
View file

@ -1,6 +1,5 @@
const express = require('express')
const router = express.Router()
const _ = require('lodash/fp')
const state = require('../middlewares/state')
const logs = require('../logs')

11
lib/routes/ownAuthorizationRoutes.js
View file

@ -1,11 +0,0 @@
const express = require('express')
const router = express.Router()
const ca = require('../middlewares/ca')
const pair = require('../middlewares/pair')
const populateDeviceId = require('../middlewares/populateDeviceId')
router.post('/pair', populateDeviceId, pair)
router.get('/ca', ca)
module.exports = router

9
lib/routes/phoneCodeRoutes.js
View file

@ -7,6 +7,7 @@ const compliance = require('../compliance')
const complianceTriggers = require('../compliance-triggers')
const configManager = require('../new-config-manager')
const customers = require('../customers')
const httpError = require('../route-helpers').httpError
const plugins = require('../plugins')
const Tx = require('../tx')
@ -44,14 +45,6 @@ function addOrUpdateCustomer (req) {
})
}
function httpError (msg, code) {
const err = new Error(msg)
err.name = 'HTTPError'
err.code = code || 500
return err
}
function getCustomerWithPhoneCode (req, res, next) {
const pi = plugins(req.settings, req.deviceId)
const phone = req.body.phone

12
lib/routes/pollingRoutes.js
View file

@ -1,7 +1,9 @@
const express = require('express')
const router = express.Router()
const nmd = require('nano-markdown')
const _ = require('lodash/fp')
const router = express.Router()
const complianceTriggers = require('../compliance-triggers')
const configManager = require('../new-config-manager')
const plugins = require('../plugins')
@ -13,17 +15,13 @@ function checkHasLightning (settings) {
return configManager.getWalletSettings('BTC', settings.config).layer2 !== 'no-layer2'
}
function createTerms (terms) {
if (!terms.active || !terms.text) return null
return {
const createTerms = terms => (terms.active && terms.text) ? ({
active: terms.active,
title: terms.title,
text: nmd(terms.text),
accept: terms.acceptButtonText,
cancel: terms.cancelButtonText
}
}
}) : null
function poll (req, res, next) {
const machineVersion = req.query.version

25
lib/routes/rootRoutes.js Normal file
View file

@ -0,0 +1,25 @@
const express = require('express')
const router = express.Router()
const ca = require('../middlewares/ca')
const httpError = require('../route-helpers').httpError
const pairing = require('../pairing')
const populateDeviceId = require('../middlewares/populateDeviceId')
function pair (req, res, next) {
const token = req.query.token
const deviceId = req.deviceId
const model = req.query.model
return pairing.pair(token, deviceId, model)
.then(isValid => {
if (isValid) return res.json({ status: 'paired' })
throw httpError('Pairing failed')
})
.catch(next)
}
router.post('/pair', populateDeviceId, pair)
router.get('/ca', ca)
module.exports = router

10
lib/routes/termsAndConditionsRoutes.js
View file

@ -1,20 +1,18 @@
const express = require('express')
const nmd = require('nano-markdown')
const router = express.Router()
const configManager = require('../new-config-manager')
const plugins = require('../plugins')
function createTerms (terms) {
if (!terms.active || !terms.text) return null
return {
const createTerms = terms => (terms.active && terms.text) ? ({
active: terms.active,
title: terms.title,
text: nmd(terms.text),
accept: terms.acceptButtonText,
cancel: terms.cancelButtonText
}
}
}) : null
function getTermsConditions (req, res, next) {
const deviceId = req.deviceId

10
lib/routes/txRoutes.js
View file

@ -3,19 +3,13 @@ const router = express.Router()
const _ = require('lodash/fp')
const dbErrorCodes = require('../db-error-codes')
const E = require('../error')
const helpers = require('../route-helpers')
const httpError = require('../route-helpers').httpError
const logger = require('../logger')
const plugins = require('../plugins')
const Tx = require('../tx')
function httpError (msg, code) {
const err = new Error(msg)
err.name = 'HTTPError'
err.code = code || 500
return err
}
function postTx (req, res, next) {
const pi = plugins(req.settings, req.deviceId)

49
lib/routes/verifyPromoCodeRoutes.js Normal file
View file

@ -0,0 +1,49 @@
const express = require('express')
const router = express.Router()
const _ = require('lodash/fp')
const BN = require('../bn')
const commissionMath = require('../commission-math')
const configManager = require('../new-config-manager')
const notifier = require('../notifier')
const promoCodes = require('../promo-codes')
function respond (req, res, _body, _status) {
const status = _status || 200
const body = _body || {}
const customer = _.getOr({ sanctions: true }, ['customer'], body)
// sanctions can be null for new customers so we can't use falsy checks
if (customer.sanctions === false) {
notifier.notifyIfActive('compliance', 'sanctionsNotify', customer, req.body.phone)
}
return res.status(status).json(body)
}
function verifyPromoCode (req, res, next) {
promoCodes.getPromoCode(req.body.codeInput)
.then(promoCode => {
if (!promoCode) return next()
const transaction = req.body.tx
const commissions = configManager.getCommissions(transaction.cryptoCode, req.deviceId, req.settings.config)
const tickerRate = BN(transaction.rawTickerPrice)
const discount = commissionMath.getDiscountRate(promoCode.discount, commissions[transaction.direction])
const rates = {
[transaction.cryptoCode]: {
[transaction.direction]: (transaction.direction === 'cashIn')
? tickerRate.mul(discount).round(5)
: tickerRate.div(discount).round(5)
}
}
respond(req, res, {
promoCode: promoCode,
newRates: rates
})
})
.catch(next)
}
router.post('/', verifyPromoCode)
module.exports = router

9
lib/wallet.js
View file

@ -10,20 +10,13 @@ const mnemonicHelpers = require('./mnemonic-helpers')
const options = require('./options')
const ph = require('./plugin-helper')
const layer2 = require('./layer2')
const httpError = require('./route-helpers').httpError
const FETCH_INTERVAL = 5000
const INSUFFICIENT_FUNDS_CODE = 570
const INSUFFICIENT_FUNDS_NAME = 'InsufficientFunds'
const ZERO_CONF_EXPIRATION = 60000
function httpError (msg, code) {
const err = new Error(msg)
err.name = 'HTTPError'
err.code = code || 500
return err
}
function computeSeed (masterSeed) {
return hkdf(masterSeed, 32, { salt: 'lamassu-server-salt', info: 'wallet-seed' })
}