Charon/blockchain
1
0
Fork 0
forked from lthn/blockchain
Code Pull requests Activity

implemented JWT support in simplewallet

Browse source
This commit is contained in:
cryptozoidberg 2024-03-14 21:55:22 +01:00
parent bb3b893bd3
commit 7e676e74e9
No known key found for this signature in database
GPG key ID: 2E10CC61CAC8F36D
12 changed files with 205 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitmodules vendored
View file

@ -8,4 +8,7 @@
[submodule "contrib/tor-connect"]
path = contrib/tor-connect
url = https://github.com/hyle-team/tor-connect.git
branch = main
branch = main
[submodule "contrib/jwt-cpp"]
path = contrib/jwt-cpp
url = https://github.com/Thalhammer/jwt-cpp.git

4
CMakeLists.txt
View file

@ -58,7 +58,7 @@ else()
endif()
endif()
message("Generated with config types: ${CMAKE_CONFIGURATION_TYPES}, and built type: ${CMAKE_BUILD_TYPE}")
enable_testing()
set(OPENSSL_USE_STATIC_LIBS TRUE) # link statically
@ -74,7 +74,7 @@ set(DISABLE_TOR FALSE CACHE BOOL "Disable TOR library(and related tor-connect su
set(TESTNET FALSE CACHE BOOL "Compile for testnet")
set(BUILD_GUI FALSE CACHE BOOL "Build qt-daemon")
include_directories(src contrib/eos_portable_archive contrib contrib/epee/include ${OPENSSL_INCLUDE_DIR} "${CMAKE_BINARY_DIR}/version" "${CMAKE_BINARY_DIR}/contrib/zlib")
include_directories(src contrib/eos_portable_archive contrib contrib/epee/include contrib/jwt-cpp/include ${OPENSSL_INCLUDE_DIR} "${CMAKE_BINARY_DIR}/version" "${CMAKE_BINARY_DIR}/contrib/zlib")
add_definitions(-DSTATICLIB)

2
contrib/CMakeLists.txt
View file

@ -14,9 +14,11 @@ if(CMAKE_SYSTEM_NAME STREQUAL "iOS" OR CMAKE_SYSTEM_NAME STREQUAL "Android")
message("excluded upnp support for IOS build")
return()
endif()
add_subdirectory(miniupnp/miniupnpc)
set_property(TARGET libminiupnpc-static PROPERTY FOLDER "contrib")
set_property(TARGET zlibstatic PROPERTY FOLDER "contrib")
set_property(TARGET mdbx PROPERTY FOLDER "contrib")

25
contrib/epee/include/misc_language.h
View file

@ -532,6 +532,31 @@ namespace misc_utils
};
template<typename key, typename expiration_type>
struct expirating_set
{
typedef std::set<key> main_set;
main_set m_set;
std::multimap<expiration_type, typename main_set::iterator> m_expirations;
const main_set& get_set()
{
return m_set;
}
void add(const key& k, const expiration_type& e)
{
auto res = m_set.insert(k);
m_expirations.insert({ e, res.first });
}
void remove_if_expiration_less_than(const expiration_type& e)
{
while(m_expirations.size() && m_expirations.begin()->first < e)
{
m_expirations.erase(m_expirations.begin());
}
}
};
} // namespace misc_utils

1
contrib/jwt-cpp Submodule

@ -0,0 +1 @@
Subproject commit 364a5572f4b46bb9f4304cb1c92acec8ddb2c620

5
src/currency_core/currency_config.h
View file

@ -249,13 +249,8 @@
#define BC_OFFERS_CURRENT_OFFERS_SERVICE_ARCHIVE_VER CURRENCY_FORMATION_VERSION + BLOCKCHAIN_STORAGE_MAJOR_COMPATIBILITY_VERSION + 9
#define BC_OFFERS_CURRENCY_MARKET_FILENAME "market.bin"
#ifndef TESTNET
#define WALLET_FILE_SERIALIZATION_VERSION 163
#define WALLET_FILE_LAST_SUPPORTED_VERSION 163
#else
#define WALLET_FILE_LAST_SUPPORTED_VERSION (CURRENCY_FORMATION_VERSION+76)
#define WALLET_FILE_SERIALIZATION_VERSION (CURRENCY_FORMATION_VERSION+76)
#endif
#define CURRENT_MEMPOOL_ARCHIVE_VER (CURRENCY_FORMATION_VERSION+31)

20
src/simplewallet/simplewallet.cpp
View file

@ -287,7 +287,7 @@ simple_wallet::simple_wallet()
m_cmd_binder.set_handler("start_mining", boost::bind(&simple_wallet::start_mining, this, ph::_1), "start_mining <threads_count> - Start mining in daemon");
m_cmd_binder.set_handler("stop_mining", boost::bind(&simple_wallet::stop_mining, this, ph::_1), "Stop mining in daemon");
m_cmd_binder.set_handler("refresh", boost::bind(&simple_wallet::refresh, this, ph::_1), "Resynchronize transactions and balance");
m_cmd_binder.set_handler("balance", boost::bind(&simple_wallet::show_balance, this, ph::_1), "Show current wallet balance");
m_cmd_binder.set_handler("balance", boost::bind(&simple_wallet::show_balance, this, ph::_1), "[force_all] Show current wallet balance, with 'force_all' param it displays all assets without filtering against whitelists");
m_cmd_binder.set_handler("show_staking_history", boost::bind(&simple_wallet::show_staking_history, this, ph::_1), "show_staking_history [2] - Show staking transfers, if option provided - number of days for history to display");
m_cmd_binder.set_handler("incoming_transfers", boost::bind(&simple_wallet::show_incoming_transfers, this, ph::_1), "incoming_transfers [available|unavailable] - Show incoming transfers - all of them or filter them by availability");
m_cmd_binder.set_handler("incoming_counts", boost::bind(&simple_wallet::show_incoming_transfers_counts, this, ph::_1), "incoming_transfers counts");
@ -539,8 +539,7 @@ void simple_wallet::handle_command_line(const boost::program_options::variables_
m_restore_wallet = command_line::get_arg(vm, arg_restore_wallet);
m_disable_tor = command_line::get_arg(vm, arg_disable_tor_relay);
m_voting_config_file = command_line::get_arg(vm, arg_voting_config_file);
m_no_password_confirmations = command_line::get_arg(vm, arg_no_password_confirmations);
m_no_password_confirmations = command_line::get_arg(vm, arg_no_password_confirmations);
}
//----------------------------------------------------------------------------------------------------
@ -998,9 +997,16 @@ bool simple_wallet::refresh(const std::vector<std::string>& args)
return true;
}
//----------------------------------------------------------------------------------------------------
bool simple_wallet::show_balance(const std::vector<std::string>& args/* = std::vector<std::string>()*/)
bool simple_wallet::show_balance(const std::vector<std::string>& args /* = std::vector<std::string>()*/)
{
success_msg_writer() << m_wallet->get_balance_str();
if (args.size() == 1 && args[0] == "raw")
{
success_msg_writer() << m_wallet->get_balance_str_raw();
}
else
{
success_msg_writer() << m_wallet->get_balance_str();
}
return true;
}
//----------------------------------------------------------------------------------------------------
@ -2675,9 +2681,7 @@ int main(int argc, char* argv[])
command_line::add_arg(desc_params, arg_set_timeout);
command_line::add_arg(desc_params, arg_voting_config_file);
command_line::add_arg(desc_params, arg_no_password_confirmations);
tools::wallet_rpc_server::init_options(desc_params);

53
src/wallet/wallet2.cpp
View file

@ -3752,6 +3752,59 @@ std::string wallet2::get_balance_str() const
return ss.str();
}
//----------------------------------------------------------------------------------------------------
std::string wallet2::get_balance_str_raw() const
{
// balance unlocked / [balance total] ticker asset id
// 1391306.970000000000 / 1391306.970000000000 ZANO d6329b5b1f7c0805b5c345f4957554002a2f557845f64d7645dae0e051a6498a
// 1391306.97 ZANO d6329b5b1f7c0805b5c345f4957554002a2f557845f64d7645dae0e051a6498a
// 106.971 / 206.4 ZANO d6329b5b1f7c0805b5c345f4957554002a2f557845f64d7645dae0e051a6498a
static const char* header = " balance unlocked / [balance total] asset id";
std::stringstream ss;
ss << header << ENDL;
uint64_t dummy = 0;
std::unordered_map<crypto::public_key, wallet_public::asset_balance_entry_base> balances_map;
this->balance(balances_map, dummy);
for(const auto& entry : balances_map)
{
ss << " " << std::left << std::setw(20) << print_fixed_decimal_point_with_trailing_spaces(entry.second.unlocked, 12);
if(entry.second.total == entry.second.unlocked)
ss << " ";
else
ss << " / " << std::setw(20) << print_fixed_decimal_point_with_trailing_spaces(entry.second.total, 12);
ss << " " << std::setw(8) << std::left << entry.first << ENDL;
}
//print whitelist
ss << "WHITELIST: " << ENDL;
for(const auto& entry : m_whitelisted_assets)
{
ss << " " << std::left << entry.first << " " << entry.second.ticker << ENDL;
}
// print whitelist
ss << "CUSTOM LIST: " << ENDL;
for(const auto& entry : m_custom_assets)
{
ss << " " << std::left << entry.first << " " << entry.second.ticker << ENDL;
}
ss << "OWN DESCRIPTORS LIST: " << ENDL;
for(const auto& entry : m_own_asset_descriptors)
{
ss << " " << std::left << entry.first << " " << entry.second.asset_descriptor.ticker << ENDL;
}
return ss.str();
}
//----------------------------------------------------------------------------------------------------
void wallet2::get_payments(const std::string& payment_id, std::list<payment_details>& payments, uint64_t min_height) const
{
auto range = m_payments.equal_range(payment_id);

8
src/wallet/wallet2.h
View file

@ -154,7 +154,9 @@ namespace tools
std::atomic<uint64_t> m_last_sync_percent = 0;
mutable uint64_t m_current_wallet_file_size = 0;
bool m_use_assets_whitelisting = true;
// variables that should be part of state data object but should not be stored during serialization
mutable std::atomic<bool> m_whitelist_updated = false;
//===============================================================
template <class t_archive>
@ -218,7 +220,7 @@ namespace tools
a & m_rollback_events;
a & m_whitelisted_assets;
a & m_use_assets_whitelisting;
}
}
};
@ -536,6 +538,7 @@ namespace tools
void get_transfers(transfer_container& incoming_transfers) const;
std::string get_transfers_str(bool include_spent = true, bool include_unspent = true, bool show_only_unknown = false, const std::string& filter_asset_ticker = std::string{}) const;
std::string get_balance_str() const;
std::string get_balance_str_raw() const;
// Returns all payments by given id in unspecified order
void get_payments(const std::string& payment_id, std::list<payment_details>& payments, uint64_t min_height = 0) const;
@ -886,7 +889,6 @@ private:
uint64_t m_upper_transaction_size_limit; //TODO: auto-calc this value or request from daemon, now use some fixed value
std::atomic<bool> m_stop;
mutable std::atomic<bool> m_whitelist_updated = false;
std::shared_ptr<i_core_proxy> m_core_proxy;
std::shared_ptr<i_wallet2_callback> m_wcallback;

83
src/wallet/wallet_rpc_server.cpp
View file

@ -17,7 +17,16 @@ using namespace epee;
#include "wallet_rpc_server_error_codes.h"
#include "wallet_helpers.h"
#include "wrap_service.h"
#include <jwt-cpp/jwt.h>
#include "jwt-cpp/jwt.h"
#include "crypto/bitcoin/sha256_helper.h"
#define JWT_TOKEN_EXPIRATION_MAXIMUM (60 * 60)
#define JWT_TOKEN_CLAIM_NAME_BODY_HASH "body_hash"
#define JWT_TOKEN_CLAIM_NAME_SALT "salt"
#define JWT_TOKEN_CLAIM_NAME_EXPIRATION "exp"
#define JWT_TOKEN_OVERWHELM_LIMIT 100000 // if there are more records in m_jwt_used_salts then we consider it as an attack
#define GET_WALLET() wallet_rpc_locker w(m_pwallet_provider);
@ -61,6 +70,7 @@ namespace tools
const command_line::arg_descriptor<std::string> wallet_rpc_server::arg_rpc_bind_ip ("rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1");
const command_line::arg_descriptor<std::string> wallet_rpc_server::arg_miner_text_info ( "miner-text-info", "Wallet password");
const command_line::arg_descriptor<bool> wallet_rpc_server::arg_deaf_mode ( "deaf", "Put wallet into 'deaf' mode make it ignore any rpc commands(usable for safe PoS mining)");
const command_line::arg_descriptor<std::string> wallet_rpc_server::arg_jwt_secret("jwt-secret", "Enables JWT auth over secret string provided");
void wallet_rpc_server::init_options(boost::program_options::options_description& desc)
{
@ -68,6 +78,7 @@ namespace tools
command_line::add_arg(desc, arg_rpc_bind_port);
command_line::add_arg(desc, arg_miner_text_info);
command_line::add_arg(desc, arg_deaf_mode);
command_line::add_arg(desc, arg_jwt_secret);
}
//------------------------------------------------------------------------------------------------------------------------------
wallet_rpc_server::wallet_rpc_server(std::shared_ptr<wallet2> wptr):
@ -185,8 +196,12 @@ namespace tools
m_net_server.set_threads_prefix("RPC");
bool r = handle_command_line(vm);
CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server");
m_jwt_secrete = "secretesecrete";
if(command_line::has_arg(vm, arg_jwt_secret))
{
m_jwt_secret = command_line::get_arg(vm, arg_jwt_secret);
}
return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(m_port, m_bind_ip);
}
//------------------------------------------------------------------------------------------------------------------------------
@ -197,22 +212,65 @@ namespace tools
{ return element.first == ZANO_ACCESS_TOKEN; });
if(it == query_info.m_header_info.m_etc_fields.end())
return false;
std::string token = it->second; //"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCIsInNhbXBsZSI6InRlc3QifQ.lQm3N2bVlqt2-1L-FsOjtR6uE-L4E9zJutMWKIe1v1M";
auto decoded_token = jwt::decode(token);
try
{
if(m_jwt_used_salts.get_set().size() > JWT_TOKEN_OVERWHELM_LIMIT)
{
throw std::runtime_error("Salt is overwhelmed");
}
auto decoded = jwt::decode(it->second, [](const std::string& str)
{ return jwt::base::decode<jwt::alphabet::base64>(jwt::base::pad<jwt::alphabet::base64>(str)); });
auto verifier = jwt::verify().allow_algorithm(jwt::algorithm::hs256 { m_jwt_secret });
verifier.verify(decoded);
std::string body_hash = decoded.get_payload_claim(JWT_TOKEN_CLAIM_NAME_BODY_HASH).as_string();
std::string salt = decoded.get_payload_claim(JWT_TOKEN_CLAIM_NAME_SALT).as_string();
crypto::hash jwt_claim_sha256 = currency::null_hash;
epee::string_tools::hex_to_pod(body_hash, jwt_claim_sha256);
crypto::hash sha256 = crypto::sha256_hash(query_info.m_body.data(), query_info.m_body.size());
if (sha256 != jwt_claim_sha256)
{
throw std::runtime_error("Body hash missmatch");
}
if(m_jwt_used_salts.get_set().find(salt) != m_jwt_used_salts.get_set().end())
{
throw std::runtime_error("Salt reused");
}
uint64_t ticks_now = epee::misc_utils::get_tick_count();
m_jwt_used_salts.add(salt, ticks_now + JWT_TOKEN_EXPIRATION_MAXIMUM);
m_jwt_used_salts.remove_if_expiration_less_than(ticks_now);
//TODO: check for salt unique
// std::cout << "Token is valid. Claims:" << std::endl;
//for(auto& e : decoded.get_payload_json())
//{
// std::cout << e.first << " = " << e.second << std::endl;
//}
LOG_PRINT_L0("JWT token OK");
return true;
}
catch(const std::exception& e)
{
LOG_ERROR("Invalid JWT token: " << e.what());
return false;
}
auto verifier = jwt::verify()
.with_issuer("auth0")
.with_claim("sample", jwt::claim(std::string("test")))
.allow_algorithm(jwt::algorithm::hs256 { m_jwt_secrete });
verifier.verify(decoded_token);
return false;
}
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::handle_http_request(const epee::net_utils::http::http_request_info& query_info, epee::net_utils::http::http_response_info& response, connection_context& m_conn_context)
{
if (m_jwt_secrete.size())
if (m_jwt_secret.size())
{
if (!auth_http_request(query_info, response, m_conn_context))
{
@ -247,6 +305,11 @@ namespace tools
return true;
}
//------------------------------------------------------------------------------------------------------------------------------
void wallet_rpc_server::set_jwt_secret(const std::string& jwt)
{
m_jwt_secret = jwt;
}
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_getbalance(const wallet_public::COMMAND_RPC_GET_BALANCE::request& req, wallet_public::COMMAND_RPC_GET_BALANCE::response& res, epee::json_rpc::error& er, connection_context& cntx)
{
WALLET_RPC_BEGIN_TRY_ENTRY();

6
src/wallet/wallet_rpc_server.h
View file

@ -82,12 +82,14 @@ namespace tools
const static command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
const static command_line::arg_descriptor<std::string> arg_miner_text_info;
const static command_line::arg_descriptor<bool> arg_deaf_mode;
const static command_line::arg_descriptor<std::string> arg_jwt_secret;
static void init_options(boost::program_options::options_description& desc);
bool init(const boost::program_options::variables_map& vm);
bool run(bool do_mint, bool offline_mode, const currency::account_public_address& miner_address);
bool handle_http_request(const epee::net_utils::http::http_request_info& query_info, epee::net_utils::http::http_response_info& response, connection_context& m_conn_context);
void set_jwt_secret(const std::string& jwt);
BEGIN_URI_MAP2_VIRTUAL()
BEGIN_JSON_RPC_MAP("/json_rpc")
@ -223,8 +225,8 @@ namespace tools
bool m_do_mint;
bool m_deaf;
uint64_t m_last_wallet_store_height;
std::string m_jwt_secrete;
std::string m_jwt_secret;
epee::misc_utils::expirating_set<std::string, uint64_t> m_jwt_used_salts;
};
} // namespace tools

26
tests/performance_tests/main.cpp
View file

@ -33,9 +33,31 @@ void test_plain_wallet()
{
std::string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCIsInNhbXBsZSI6InRlc3QifQ.lQm3N2bVlqt2-1L-FsOjtR6uE-L4E9zJutMWKIe1v1M";
std::string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiemFub19leHRlbnNpb24iLCJzYWx0IjoiYTUyMTk5MzQyNmYxN2Y2MDQyMzkzYTI4YzJhMzk1NjFiYTgxYmVkZDkxODJlY2E5NTY3ZDBlNjQ3YjIwZTE2NSIsImV4cCI6MTcxMDM2MzA1MH0.CwqvPBtgE8ZUFZ4cYy1ZJLWdYCnhfEiCzEhqDYCK4CQ";
auto decoded_token = jwt::decode(token);
std::string sharedSecret = "DFDvfedceEDCECECecedcyhtyh";
try
{
auto decoded = jwt::decode(token);
auto verifier = jwt::verify()
.allow_algorithm(jwt::algorithm::hs256 { sharedSecret });
verifier.verify(decoded);
std::cout << "Token is valid. Claims:" << std::endl;
for(auto& e : decoded.get_payload_json())
std::cout << e.first << " = " << e.second << std::endl;
}
catch(const std::exception& e)
{
std::cerr << "Invalid token: " << e.what() << std::endl;
}
/*
auto verifier = jwt::verify()
.with_issuer("auth0")
.with_claim("sample", jwt::claim(std::string("test")))
@ -49,7 +71,7 @@ void test_plain_wallet()
.set_payload_claim("sample", jwt::claim(std::string("test")))
.sign(jwt::algorithm::hs256 { "secret" });
*/
return;