wallet-sync-server/server/wallet.go

package server

import (
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"time"

	"github.com/prometheus/client_golang/prometheus"

	"lbryio/wallet-sync-server/auth"
	"lbryio/wallet-sync-server/metrics"
	"lbryio/wallet-sync-server/store"
	"lbryio/wallet-sync-server/wallet"
)

type WalletRequest struct {
	Token           auth.AuthTokenString   `json:"token"`
	EncryptedWallet wallet.EncryptedWallet `json:"encryptedWallet"`
	Sequence        wallet.Sequence        `json:"sequence"`
	Hmac            wallet.WalletHmac      `json:"hmac"`
}

func (r *WalletRequest) validate() error {
	if r.Token == "" {
		return fmt.Errorf("Missing 'token'")
	}
	if r.EncryptedWallet == "" {
		return fmt.Errorf("Missing 'encryptedWallet'")
	}
	if r.Hmac == "" {
		return fmt.Errorf("Missing 'hmac'")
	}
	if r.Sequence < store.InitialWalletSequence {
		return fmt.Errorf("Missing or zero-value 'sequence'")
	}
	return nil
}

type WalletResponse struct {
	EncryptedWallet wallet.EncryptedWallet `json:"encryptedWallet"`
	Sequence        wallet.Sequence        `json:"sequence"`
	Hmac            wallet.WalletHmac      `json:"hmac"`
}

func (s *Server) handleWallet(w http.ResponseWriter, req *http.Request) {
	if req.Method == http.MethodGet {
		s.getWallet(w, req)
	} else if req.Method == http.MethodPost {
		s.postWallet(w, req)
	} else {
		errorJson(w, http.StatusMethodNotAllowed, "")
	}
}

func (s *Server) getWallet(w http.ResponseWriter, req *http.Request) {
	metrics.RequestsCount.With(prometheus.Labels{"method": "GET", "endpoint": "wallet"}).Inc()

	if !getGetData(w, req) {
		return
	}

	token, paramsErr := getTokenParam(req)

	if paramsErr != nil {
		// In this specific case, the error is limited to values that are safe to
		// give to the user.
		errorJson(w, http.StatusBadRequest, paramsErr.Error())
		return
	}

	authToken := s.checkAuth(w, token, auth.ScopeFull)

	if authToken == nil {
		return
	}

	latestEncryptedWallet, latestSequence, latestHmac, err := s.store.GetWallet(authToken.UserId)

	if err == store.ErrNoWallet {
		errorJson(w, http.StatusNotFound, "No wallet")
		return
	} else if err != nil {
		internalServiceErrorJson(w, err, "Error retrieving wallet")
		return
	}

	walletResponse := WalletResponse{
		EncryptedWallet: latestEncryptedWallet,
		Sequence:        latestSequence,
		Hmac:            latestHmac,
	}

	var response []byte
	response, err = json.Marshal(walletResponse)

	if err != nil {
		internalServiceErrorJson(w, err, "Error generating wallet response")
		return
	}

	fmt.Fprintf(w, string(response))
}

// Response Code:
//   200: Update successful
//   409: Update unsuccessful due to new wallet's sequence not being 1 +
//     current wallet's sequence
//   500: Update unsuccessful for unanticipated reasons
func (s *Server) postWallet(w http.ResponseWriter, req *http.Request) {
	metrics.RequestsCount.With(prometheus.Labels{"method": "POST", "endpoint": "wallet"}).Inc()

	var walletRequest WalletRequest
	if !getPostData(w, req, &walletRequest) {
		return
	}

	authToken := s.checkAuth(w, walletRequest.Token, auth.ScopeFull)
	if authToken == nil {
		return
	}

	err := s.store.SetWallet(authToken.UserId, walletRequest.EncryptedWallet, walletRequest.Sequence, walletRequest.Hmac)

	if err == store.ErrWrongSequence {
		errorJson(w, http.StatusConflict, "Bad sequence number")
		return
	} else if err != nil {
		// Something other than sequence error
		internalServiceErrorJson(w, err, "Error saving or getting wallet")
		return
	}

	var response []byte
	var walletResponse struct{} // no data to respond with, but keep it JSON
	response, err = json.Marshal(walletResponse)

	if err != nil {
		internalServiceErrorJson(w, err, "Error generating walletResponse")
		return
	}

	fmt.Fprintf(w, string(response))
	if walletRequest.Sequence == store.InitialWalletSequence {
		log.Printf("Initial wallet created for user id %d", authToken.UserId)
	}

	// Inform the other clients over websockets. If we can't do it within 100
	// milliseconds, don't bother. It's a nice-to-have, not mission critical.
	// But, count the misses on the dashboard. If it happens a lot we should
	// probably increase the buffer on the notify chans for the clients. Those
	// will be a bottleneck within the socket manager.
	timeout := time.NewTicker(100 * time.Millisecond)
	select {
	case s.walletUpdates <- walletUpdateMsg{authToken.UserId, walletRequest.Sequence}:
	case <-timeout.C:
		metrics.ErrorsCount.With(prometheus.Labels{"error_type": "ws-client-notify"}).Inc()
	}
	timeout.Stop()
}
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`package server`

			`import (`
			`"encoding/json"`
			`"fmt"`
Log a couple more things. Also change sequence=1 to its own const. Eventually we may want to make it variable per user when we do server switching. 2022-08-25 18:42:49 +02:00			`"log"`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`"net/http"`
Websocket to notify clients about wallet updates 2022-08-27 17:37:09 +02:00			`"time"`
KDF for server password. Save salt in DB. 2022-07-13 18:32:48 +02:00
Prometheus - track wallet requests 2022-07-23 01:49:30 +02:00			`"github.com/prometheus/client_golang/prometheus"`

Rename the output. lbry-id -> wallet-sync-server 2022-08-22 18:05:53 +02:00			`"lbryio/wallet-sync-server/auth"`
			`"lbryio/wallet-sync-server/metrics"`
			`"lbryio/wallet-sync-server/store"`
			`"lbryio/wallet-sync-server/wallet"`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`)`

			`type WalletRequest struct {`
Server test/implement send verify-account email 2022-07-28 01:45:09 +02:00			Token auth.AuthTokenString `json:"token"`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			EncryptedWallet wallet.EncryptedWallet `json:"encryptedWallet"`
			Sequence wallet.Sequence `json:"sequence"`
			Hmac wallet.WalletHmac `json:"hmac"`
			`}`

validate() functions return error messages 2022-07-11 15:42:08 +02:00			`func (r *WalletRequest) validate() error {`
			`if r.Token == "" {`
			`return fmt.Errorf("Missing 'token'")`
			`}`
			`if r.EncryptedWallet == "" {`
			`return fmt.Errorf("Missing 'encryptedWallet'")`
			`}`
			`if r.Hmac == "" {`
			`return fmt.Errorf("Missing 'hmac'")`
			`}`
Log a couple more things. Also change sequence=1 to its own const. Eventually we may want to make it variable per user when we do server switching. 2022-08-25 18:42:49 +02:00			`if r.Sequence < store.InitialWalletSequence {`
validate() functions return error messages 2022-07-11 15:42:08 +02:00			`return fmt.Errorf("Missing or zero-value 'sequence'")`
			`}`
			`return nil`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`}`

			`type WalletResponse struct {`
			EncryptedWallet wallet.EncryptedWallet `json:"encryptedWallet"`
			Sequence wallet.Sequence `json:"sequence"`
			Hmac wallet.WalletHmac `json:"hmac"`
			`}`

			`func (s Server) handleWallet(w http.ResponseWriter, req http.Request) {`
			`if req.Method == http.MethodGet {`
			`s.getWallet(w, req)`
			`} else if req.Method == http.MethodPost {`
			`s.postWallet(w, req)`
			`} else {`
			`errorJson(w, http.StatusMethodNotAllowed, "")`
			`}`
			`}`

			`func (s Server) getWallet(w http.ResponseWriter, req http.Request) {`
better prometheus tags 2022-09-21 22:23:31 +02:00			`metrics.RequestsCount.With(prometheus.Labels{"method": "GET", "endpoint": "wallet"}).Inc()`
Prometheus - track wallet requests 2022-07-23 01:49:30 +02:00
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`if !getGetData(w, req) {`
			`return`
			`}`

Websocket to notify clients about wallet updates 2022-08-27 17:37:09 +02:00			`token, paramsErr := getTokenParam(req)`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00
			`if paramsErr != nil {`
			`// In this specific case, the error is limited to values that are safe to`
			`// give to the user.`
			`errorJson(w, http.StatusBadRequest, paramsErr.Error())`
			`return`
			`}`

			`authToken := s.checkAuth(w, token, auth.ScopeFull)`

			`if authToken == nil {`
			`return`
			`}`

			`latestEncryptedWallet, latestSequence, latestHmac, err := s.store.GetWallet(authToken.UserId)`

			`if err == store.ErrNoWallet {`
			`errorJson(w, http.StatusNotFound, "No wallet")`
			`return`
			`} else if err != nil {`
			`internalServiceErrorJson(w, err, "Error retrieving wallet")`
			`return`
			`}`

			`walletResponse := WalletResponse{`
			`EncryptedWallet: latestEncryptedWallet,`
			`Sequence: latestSequence,`
			`Hmac: latestHmac,`
			`}`

			`var response []byte`
			`response, err = json.Marshal(walletResponse)`

			`if err != nil {`
			`internalServiceErrorJson(w, err, "Error generating wallet response")`
			`return`
			`}`

			`fmt.Fprintf(w, string(response))`
			`}`

Update API: PostWallet no longer returns a wallet 2022-06-23 21:22:31 +02:00			`// Response Code:`
			`// 200: Update successful`
			`// 409: Update unsuccessful due to new wallet's sequence not being 1 +`
			`// current wallet's sequence`
			`// 500: Update unsuccessful for unanticipated reasons`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`func (s Server) postWallet(w http.ResponseWriter, req http.Request) {`
better prometheus tags 2022-09-21 22:23:31 +02:00			`metrics.RequestsCount.With(prometheus.Labels{"method": "POST", "endpoint": "wallet"}).Inc()`
Prometheus - track wallet requests 2022-07-23 01:49:30 +02:00
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`var walletRequest WalletRequest`
			`if !getPostData(w, req, &walletRequest) {`
			`return`
			`}`

			`authToken := s.checkAuth(w, walletRequest.Token, auth.ScopeFull)`
			`if authToken == nil {`
			`return`
			`}`

Update API: PostWallet no longer returns a wallet 2022-06-23 21:22:31 +02:00			`err := s.store.SetWallet(authToken.UserId, walletRequest.EncryptedWallet, walletRequest.Sequence, walletRequest.Hmac)`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00
Update API: PostWallet no longer returns a wallet 2022-06-23 21:22:31 +02:00			`if err == store.ErrWrongSequence {`
			`errorJson(w, http.StatusConflict, "Bad sequence number")`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`return`
			`} else if err != nil {`
			`// Something other than sequence error`
TestServerPostWallet 2022-06-21 22:59:20 +02:00			`internalServiceErrorJson(w, err, "Error saving or getting wallet")`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`return`
			`}`

Update API: PostWallet no longer returns a wallet 2022-06-23 21:22:31 +02:00			`var response []byte`
Comments, remove some old junk 2022-07-06 18:47:14 +02:00			`var walletResponse struct{} // no data to respond with, but keep it JSON`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`response, err = json.Marshal(walletResponse)`

			`if err != nil {`
			`internalServiceErrorJson(w, err, "Error generating walletResponse")`
			`return`
			`}`

Update API: PostWallet no longer returns a wallet 2022-06-23 21:22:31 +02:00			`fmt.Fprintf(w, string(response))`
Log a couple more things. Also change sequence=1 to its own const. Eventually we may want to make it variable per user when we do server switching. 2022-08-25 18:42:49 +02:00			`if walletRequest.Sequence == store.InitialWalletSequence {`
			`log.Printf("Initial wallet created for user id %d", authToken.UserId)`
			`}`
Websocket to notify clients about wallet updates 2022-08-27 17:37:09 +02:00
			`// Inform the other clients over websockets. If we can't do it within 100`
			`// milliseconds, don't bother. It's a nice-to-have, not mission critical.`
			`// But, count the misses on the dashboard. If it happens a lot we should`
			`// probably increase the buffer on the notify chans for the clients. Those`
			`// will be a bottleneck within the socket manager.`
			`timeout := time.NewTicker(100 * time.Millisecond)`
			`select {`
			`case s.walletUpdates <- walletUpdateMsg{authToken.UserId, walletRequest.Sequence}:`
			`case <-timeout.C:`
better prometheus tags 2022-09-21 22:23:31 +02:00			`metrics.ErrorsCount.With(prometheus.Labels{"error_type": "ws-client-notify"}).Inc()`
Websocket to notify clients about wallet updates 2022-08-27 17:37:09 +02:00			`}`
			`timeout.Stop()`
Protocol changes * Regress from `lastSynced` to just `sequence` to start with something simpler * Simplified payload: separate metadata, assume canonical way to hmac it together * No more "wallet state" except as a simple wrapper on the front end * Version number in wallet payloads 2022-06-09 23:04:49 +02:00			`}`