stakey/vspd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

middleware: Allow alternate vsp auth address.

Browse Source 
If an alternate address exists for this ticket, check it first and fall
back to the commitment address if validation fails. Alternate address
failure is allowed so that other endpoints do not need to add a field to
all requests specifying whether this is the alternate address's
signature or the commitment address's signature.
This commit is contained in:
JoeGruff 2021-06-28 14:25:27 +09:00 committed by Jamie Holdstock
parent 6191ddb7c0
commit b868b828f1
2 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
background/background.go
View File

@ -102,6 +102,14 @@ func blockConnected() {
log.Errorf("%s: db.DeleteTicket error (ticketHash=%s): %v", log.Errorf("%s: db.DeleteTicket error (ticketHash=%s): %v",
funcName, ticket.Hash, err) funcName, ticket.Hash, err)
} }
// This will not error if an alternate signature does not
// exist for ticket.
err = db.DeleteAltSig(ticket.Hash)
if err != nil {
log.Errorf("%s: db.DeleteAltSig error (ticketHash=%s): %v",
funcName, ticket.Hash, err)
}
} else { } else {
log.Errorf("%s: dcrd.GetRawTransaction for ticket failed (ticketHash=%s): %v", log.Errorf("%s: dcrd.GetRawTransaction for ticket failed (ticketHash=%s): %v",
funcName, ticket.Hash, err) funcName, ticket.Hash, err)

15
webapi/middleware.go
View File

@ -347,10 +347,23 @@ func vspAuth() gin.HandlerFunc {
// Validate request signature to ensure ticket ownership. // Validate request signature to ensure ticket ownership.
err = validateSignature(reqBytes, commitmentAddress, c) err = validateSignature(reqBytes, commitmentAddress, c)
if err != nil { if err != nil {
log.Warnf("%s: Bad signature (clientIP=%s, ticketHash=%s): %v", funcName, c.ClientIP(), hash, err) // Don't return an error straight away if sig validation fails -
// first check if we have an alternate sig address for this ticket.
altSigData, err := db.AltSigData(hash)
if err != nil {
log.Errorf("%s: db.AltSigData failed (ticketHash=%s): %v", funcName, hash, err)
sendError(errInternalError, c)
return
}
// If we have no alternate sig, or if validating with the alt sig
// fails, return an error to the client.
if altSigData == nil || validateSignature(reqBytes, altSigData.AltSigAddr, c) != nil {
log.Warnf("%s: Bad signature (clientIP=%s, ticketHash=%s)", funcName, c.ClientIP(), hash)
sendError(errBadSignature, c) sendError(errBadSignature, c)
return return
} }
}
// Add ticket information to context so downstream handlers don't need // Add ticket information to context so downstream handlers don't need
// to access the db for it. // to access the db for it.