BTCPrivate
/
bitcore-wallet-service
mirror of https://github.com/BTCPrivate/bitcore-wallet-service.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add support staff flag to copayer lookup collection

This commit is contained in:
Ivan Socolsky 2017-06-19 11:38:38 -03:00
parent c5d9f44b2d
commit 41c82e9e76
No known key found for this signature in database
GPG Key ID: FAECE6A05FAA4F56
3 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/expressapp.js
View File

@ -39,7 +39,7 @@ ExpressApp.prototype.start = function(opts, cb) {
this.app.use(function(req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,x-session,x-client-version,X-Requested-With,Content-Type,Authorization');
res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,x-session,x-client-version,x-wallet-id,X-Requested-With,Content-Type,Authorization');
res.setHeader('x-service-version', WalletService.getServiceVersion());
next();
});
@ -165,6 +165,7 @@ ExpressApp.prototype.start = function(opts, cb) {
message: req.method.toLowerCase() + '|' + req.url + '|' + JSON.stringify(req.body),
signature: credentials.signature,
clientVersion: req.header('x-client-version'),
walletId: req.header('x-wallet-id'),
};
if (opts.allowSession) {
auth.session = credentials.session;

13
lib/server.js
View File

@ -200,6 +200,7 @@ WalletService.getInstance = function(opts) {
* @param {string} opts.signature - (Optional) Signature of message to be verified using one of the copayer's requestPubKeys. Only needed if no session token is provided.
* @param {string} opts.session - (Optional) A valid session token previously obtained using the #login method
* @param {string} opts.clientVersion - A string that identifies the client issuing the request
* @param {string} [opts.walletId] - The wallet id to use as current wallet for this request (only when copayer is support staff).
*/
WalletService.getInstanceWithAuth = function(opts, cb) {
function withSignature(cb) {
@ -216,12 +217,16 @@ WalletService.getInstanceWithAuth = function(opts, cb) {
if (err) return cb(err);
if (!copayer) return cb(new ClientError(Errors.codes.NOT_AUTHORIZED, 'Copayer not found'));
var isValid = !!server._getSigningKey(opts.message, opts.signature, copayer.requestPubKeys);
if (!isValid)
return cb(new ClientError(Errors.codes.NOT_AUTHORIZED, 'Invalid signature'));
if (!copayer.isSupportStaff) {
var isValid = !!server._getSigningKey(opts.message, opts.signature, copayer.requestPubKeys);
if (!isValid)
return cb(new ClientError(Errors.codes.NOT_AUTHORIZED, 'Invalid signature'));
server.walletId = copayer.walletId;
} else {
server.walletId = opts.walletId || copayer.walletId;
}
server.copayerId = opts.copayerId;
server.walletId = copayer.walletId;
return cb(null, server);
});
};

31
test/integration/server.js
View File

@ -103,6 +103,7 @@ describe('Wallet service', function() {
message: 'hello world',
signature: sig,
clientVersion: 'bwc-2.0.0',
walletId: '123',
}, function(err, server) {
should.not.exist(err);
server.walletId.should.equal(wallet.id);
@ -140,6 +141,36 @@ describe('Wallet service', function() {
});
});
});
it('should get server instance for support staff', function(done) {
helpers.createAndJoinWallet(1, 1, function(s, wallet) {
var collections = require('../../lib/storage').collections;
s.storage.db.collection(collections.COPAYERS_LOOKUP).update({
copayerId: wallet.copayers[0].id
}, {
$set: {
isSupportStaff: true
}
});
var xpriv = TestData.copayers[0].xPrivKey;
var priv = TestData.copayers[0].privKey_1H_0;
var sig = helpers.signMessage('hello world', priv);
WalletService.getInstanceWithAuth({
copayerId: wallet.copayers[0].id,
message: 'hello world',
signature: sig,
walletId: '123',
}, function(err, server) {
should.not.exist(err);
server.walletId.should.equal('123');
server.copayerId.should.equal(wallet.copayers[0].id);
done();
});
});
});
});
describe('Session management (#login, #logout, #authenticate)', function() {