Class: StraightServer::GatewayOnDB

Inherits:

Object

• Object
• StraightServer::GatewayOnDB

Includes:

Straight::GatewayModule, GatewayModule

Defined in:

lib/straight-server/gateway.rb

Overview

Uses database to load and save attributes

Constant Summary

Constants included from GatewayModule

StraightServer::GatewayModule::CALLBACK_URL_ATTEMPT_TIMEFRAME

Instance Attribute Summary

• #update_secret ⇒ Object

  This virtual attribute is important because it’s difficult to detect whether secret was actually updated or not.

Class Method Summary

• .find_by_hashed_id(s) ⇒ Object
• .find_by_id(id) ⇒ Object

Instance Method Summary

• #address_provider ⇒ Object
• #address_provider_type ⇒ Object
• #after_create ⇒ Object
• #after_initialize ⇒ Object
• #before_create ⇒ Object
• #before_update ⇒ Object
• #disable_test_mode! ⇒ Object
• #enable_test_mode! ⇒ Object
• #encrypt_secret ⇒ Object
• #secret ⇒ Object

  We cannot allow to store gateway secret in a DB plaintext, this would be completetly unsecure.

• #validate ⇒ Object

Methods included from GatewayModule

#add_websocket_for_order, #create_order, #fetch_transactions_for, #find_reusable_order, #get_next_last_keychain_id, #get_order_counter, #increment_order_counter!, #initialize_blockchain_adapters, #initialize_callbacks, #initialize_exchange_rate_adapters, #initialize_network, #initialize_status_check_schedule, #order_counters, #order_status_changed, #send_order_to_websocket_client, #sign_with_secret, #update_last_keychain_id, #websockets

Instance Attribute Details

#update_secret ⇒ Object

This virtual attribute is important because it’s difficult to detect whether secret was actually updated or not. Sequel’s #changed_columns may mistakenly say :secret attr was changed, while it hasn’t. Thus we provide a manual way of ensuring this. It’s also better and works as safety switch: we don’t want somebody accidentally updating a secret.

# File 'lib/straight-server/gateway.rb', line 374

def update_secret
  @update_secret
end

Class Method Details

.find_by_hashed_id(s) ⇒ Object

# File 'lib/straight-server/gateway.rb', line 366

def self.find_by_hashed_id(s)
  self.where(hashed_id: s).first
end

.find_by_id(id) ⇒ Object

# File 'lib/straight-server/gateway.rb', line 421

def self.find_by_id(id)
  self[id]
end

Instance Method Details

#address_provider ⇒ Object

# File 'lib/straight-server/gateway.rb', line 450

def address_provider
  Kernel.const_get("Straight::AddressProvider::#{address_provider_type}").new(self)
end

#address_provider_type ⇒ Object

# File 'lib/straight-server/gateway.rb', line 446

def address_provider_type
  self[:address_provider] ? self[:address_provider].to_sym : :Bip32
end

#after_create ⇒ Object

# File 'lib/straight-server/gateway.rb', line 389

def after_create
  @@websockets[self.id] = {}
  update(hashed_id: OpenSSL::HMAC.digest('sha256', Config.server_secret, self.id.to_s).unpack("H*").first)
end

#after_initialize ⇒ Object

# File 'lib/straight-server/gateway.rb', line 394

def after_initialize
  @status_check_schedule = Straight::GatewayModule::DEFAULT_STATUS_CHECK_SCHEDULE
  @@websockets[self.id] ||= {} if self.id
  initialize_callbacks
  initialize_exchange_rate_adapters
  initialize_blockchain_adapters
  initialize_status_check_schedule
  initialize_network
end

#before_create ⇒ Object

# File 'lib/straight-server/gateway.rb', line 376

def before_create
  super
  encrypt_secret
  self.test_mode ||= false
  self.test_last_keychain_id ||= 0
end

#before_update ⇒ Object

# File 'lib/straight-server/gateway.rb', line 383

def before_update
  encrypt_secret if @update_secret
  @update_secret = false
  super
end

#disable_test_mode! ⇒ Object

# File 'lib/straight-server/gateway.rb', line 454

def disable_test_mode!
  self[:test_mode] = false
  save(columns: 'test_mode')
end

#enable_test_mode! ⇒ Object

# File 'lib/straight-server/gateway.rb', line 459

def enable_test_mode!
  self[:test_mode] = true
  save(columns: 'test_mode')
end

#encrypt_secret ⇒ Object

# File 'lib/straight-server/gateway.rb', line 425

def encrypt_secret
  cipher           = OpenSSL::Cipher::AES.new(128, :CBC)
  cipher.encrypt
  cipher.key       = OpenSSL::HMAC.digest('sha256', 'nonce', Config.server_secret).unpack("H*").first[0,16]

  cipher.iv        = iv = OpenSSL::HMAC.digest('sha256', 'nonce', "#{self.class.max(:id)}#{Config.server_secret}").unpack("H*").first[0,16]
  raise "cipher.iv cannot be nil" unless iv

  encrypted        = cipher.update(self[:secret]) << cipher.final()
  base64_encrypted = Base64.strict_encode64(encrypted).encode('utf-8')
  result           = "#{iv}:#{base64_encrypted}"

  # Check whether we can decrypt. It should not be possible to encrypt the
  # gateway secret unless we are sure we can decrypt it.
  if decrypt_secret(result) == self[:secret]
    self.secret = result
  else
    raise "Decrypted and original secrets don't match! Cannot proceed with writing the encrypted gateway secret."
  end
end

#secret ⇒ Object

We cannot allow to store gateway secret in a DB plaintext, this would be completetly unsecure. Althougth we use symmetrical encryption here and store the encryption key in the server’s in a special file (~/.straight/server_secret), which in turn can also be stolen, this is still marginally better than doing nothing.

Also, server admnistrators now have the freedom of developing their own strategy of storing that secret - it doesn’t have to be stored on the same machine.

# File 'lib/straight-server/gateway.rb', line 417

def secret
  decrypt_secret
end

#validate ⇒ Object

# File 'lib/straight-server/gateway.rb', line 404

def validate
  super
  errors.add(:pubkey, "Please provide public key") if pubkey_missing?
  errors.add(:test_pubkey, "Please provide test public key if you activate test mode") if test_pubkey_missing?
end