You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

457 lines
11 KiB

'use strict';
var _ = require('lodash');
var $ = require('preconditions').singleton();
var util = require('util');
var async = require('async');
var log = require('npmlog');
var request = require('request')
log.debug = log.verbose;
var Bitcore = require('bitcore')
var WalletUtils = require('../walletutils');
10 years ago
var Verifier = require('./verifier');
10 years ago
var ServerCompromisedError = require('./servercompromisederror')
10 years ago
var BASE_URL = 'http://localhost:3001/copay/api';
var WALLET_CRITICAL_DATA = ['xPrivKey', 'm', 'publicKeyRing'];
10 years ago
function _createProposalOpts(opts, signingKey) {
var msg = opts.toAddress + '|' + opts.amount + '|' + opts.message;
opts.proposalSignature = WalletUtils.signMessage(msg, signingKey);
10 years ago
return opts;
};
10 years ago
function _getUrl(path) {
return BASE_URL + path;
};
10 years ago
function _parseError(body) {
if (_.isString(body)) {
10 years ago
try {
body = JSON.parse(body);
10 years ago
} catch (e) {
body = {
error: body
};
10 years ago
}
10 years ago
}
var code = body.code || 'ERROR';
var message = body.error || 'There was an unknown error processing the request';
log.error(code, message);
};
function _signRequest(method, url, args, privKey) {
var message = method.toLowerCase() + '|' + url + '|' + JSON.stringify(args);
return WalletUtils.signMessage(message, privKey);
10 years ago
};
10 years ago
function _createXPrivKey(network) {
return new Bitcore.HDPrivateKey(network).toString();
10 years ago
};
function API(opts) {
if (!opts.storage) {
throw new Error('Must provide storage option');
}
this.storage = opts.storage;
this.verbose = !!opts.verbose;
this.request = request || opts.request;
if (this.verbose) {
log.level = 'debug';
10 years ago
}
};
10 years ago
API.prototype._tryToComplete = function(data, cb) {
var self = this;
var url = '/v1/wallets/';
self._doGetRequest(url, data, function(err, ret) {
10 years ago
if (err) return cb(err);
var wallet = ret.wallet;
10 years ago
if (wallet.status != 'complete')
10 years ago
return cb('Wallet Incomplete');
10 years ago
if (!Verifier.checkCopayers(wallet.copayers, data.walletPrivKey, data.xPrivKey, data.n))
return cb('Some copayers in the wallet could not be verified to have known the wallet secret');
10 years ago
data.publicKeyRing = _.pluck(wallet.copayers, 'xPubKey')
self.storage.save(data, function(err) {
return cb(err, data);
});
});
};
10 years ago
API.prototype._loadAndCheck = function(cb) {
10 years ago
var self = this;
10 years ago
this.storage.load(function(err, data) {
if (err || !data) {
return cb(err || 'Wallet file not found.');
}
if (data.n > 1) {
var pkrComplete = data.publicKeyRing && data.m && data.publicKeyRing.length === data.n;
10 years ago
if (!pkrComplete) {
return self._tryToComplete(data, cb);
10 years ago
}
10 years ago
}
10 years ago
return cb(null, data);
});
10 years ago
};
10 years ago
API.prototype._doRequest = function(method, url, args, data, cb) {
var reqSignature;
data = data || {};
if (data.signingPrivKey)
reqSignature = _signRequest(method, url, args, data.signingPrivKey);
10 years ago
var absUrl = _getUrl(url);
var args = {
10 years ago
headers: {
'x-identity': data.copayerId,
'x-signature': reqSignature,
},
method: method,
10 years ago
url: absUrl,
body: args,
json: true,
};
10 years ago
log.verbose('Request Args', util.inspect(args, {
depth: 10
}));
this.request(args, function(err, res, body) {
10 years ago
log.verbose(util.inspect(body, {
depth: 10
}));
10 years ago
if (err) return cb(err);
if (res.statusCode != 200) {
_parseError(body);
return cb('Request error');
}
10 years ago
return cb(null, body);
});
};
API.prototype._doPostRequest = function(url, args, data, cb) {
10 years ago
return this._doRequest('post', url, args, data, cb);
};
API.prototype._doGetRequest = function(url, data, cb) {
10 years ago
return this._doRequest('get', url, {}, data, cb);
};
API.prototype.createWallet = function(walletName, copayerName, m, n, network, cb) {
10 years ago
var self = this;
10 years ago
network = network || 'livenet';
if (!_.contains(['testnet', 'livenet'], network))
return cb('Invalid network');
10 years ago
10 years ago
this.storage.load(function(err, data) {
if (data)
return cb('Storage already contains a wallet');
var walletPrivKey = new Bitcore.PrivateKey();
10 years ago
var args = {
name: walletName,
m: m,
n: n,
pubKey: walletPrivKey.toPublicKey().toString(),
10 years ago
network: network,
};
var url = '/v1/wallets/';
self._doPostRequest(url, args, {}, function(err, body) {
10 years ago
if (err) return cb(err);
10 years ago
var walletId = body.walletId;
var secret = walletId + ':' + walletPrivKey.toWIF() + ':' + (network == 'testnet' ? 'T' : 'L');
10 years ago
var ret;
10 years ago
if (n > 1)
ret = secret;
self._joinWallet(secret, copayerName, function(err) {
return cb(err, ret);
10 years ago
});
});
});
};
API.prototype._joinWallet = function(secret, copayerName, cb) {
10 years ago
var self = this;
10 years ago
var secretSplit = secret.split(':');
var walletId = secretSplit[0];
10 years ago
var walletPrivKey = Bitcore.PrivateKey.fromString(secretSplit[1]);
10 years ago
var network = secretSplit[2] == 'T' ? 'testnet' : 'livenet';
var xPrivKey = _createXPrivKey(network);
var xPubKey = new Bitcore.HDPublicKey(xPrivKey);
var xPubKeySignature = WalletUtils.signMessage(xPubKey.toString(), walletPrivKey);
var signingPrivKey = (new Bitcore.HDPrivateKey(xPrivKey)).derive('m/1/0').privateKey;
var args = {
walletId: walletId,
name: copayerName,
10 years ago
xPubKey: xPubKey.toString(),
xPubKeySignature: xPubKeySignature,
};
10 years ago
var url = '/v1/wallets/' + walletId + '/copayers';
this._doPostRequest(url, args, {}, function(err, body) {
10 years ago
var wallet = body.wallet;
var data = {
copayerId: body.copayerId,
10 years ago
publicKeyRing: wallet.publicKeyRing,
network: wallet.network,
10 years ago
m: wallet.m,
n: wallet.n,
xPrivKey: xPrivKey,
walletPrivKey: walletPrivKey.toWIF(),
signingPrivKey: signingPrivKey.toWIF(),
};
10 years ago
self.storage.save(data, cb);
10 years ago
});
};
10 years ago
API.prototype.joinWallet = function(secret, copayerName, cb) {
10 years ago
var self = this;
10 years ago
10 years ago
this.storage.load(function(err, data) {
if (data)
return cb('Storage already contains a wallet');
10 years ago
self._joinWallet(secret, copayerName, cb);
10 years ago
});
};
API.prototype.getStatus = function(cb) {
10 years ago
var self = this;
10 years ago
this._loadAndCheck(function(err, data) {
if (err) return cb(err);
10 years ago
var url = '/v1/wallets/';
self._doGetRequest(url, data, function(err, body) {
10 years ago
return cb(err, body);
10 years ago
});
});
};
10 years ago
/**
* send
*
* @param inArgs
* @param inArgs.toAddress
* @param inArgs.amount
* @param inArgs.message
*/
API.prototype.sendTxProposal = function(inArgs, cb) {
10 years ago
var self = this;
10 years ago
this._loadAndCheck(function(err, data) {
if (err) return cb(err);
10 years ago
var args = _createProposalOpts(inArgs, data.signingPrivKey);
10 years ago
var url = '/v1/txproposals/';
self._doPostRequest(url, args, data, cb);
});
};
API.prototype.createAddress = function(cb) {
var self = this;
10 years ago
this._loadAndCheck(function(err, data) {
if (err) return cb(err);
10 years ago
10 years ago
var url = '/v1/addresses/';
self._doPostRequest(url, {}, data, function(err, address) {
if (err) return cb(err);
if (!Verifier.checkAddress(data, address)) {
return cb(new ServerCompromisedError('Server sent fake address'));
}
10 years ago
10 years ago
return cb(null, address);
10 years ago
});
10 years ago
});
};
API.prototype.history = function(limit, cb) {
};
API.prototype.getBalance = function(cb) {
var self = this;
10 years ago
this._loadAndCheck(function(err, data) {
10 years ago
if (err) return cb(err);
var url = '/v1/balance/';
self._doGetRequest(url, data, cb);
});
};
API.prototype.export = function(cb) {
var self = this;
10 years ago
this._loadAndCheck(function(err, data) {
if (err) return cb(err);
10 years ago
var v = [];
10 years ago
var myXPubKey = (new Bitcore.HDPublicKey(data.xPrivKey)).toString();
10 years ago
_.each(WALLET_CRITICAL_DATA, function(k) {
10 years ago
var d;
if (k === 'publicKeyRing') {
d = _.without(data[k], myXPubKey);
} else {
d = data[k];
}
v.push(d);
10 years ago
});
return cb(null, JSON.stringify(v));
});
}
API.prototype.import = function(str, cb) {
var self = this;
10 years ago
this.storage.load(function(err, data) {
if (data)
return cb('Storage already contains a wallet');
10 years ago
data = {};
10 years ago
var inData = JSON.parse(str);
var i = 0;
_.each(WALLET_CRITICAL_DATA, function(k) {
data[k] = inData[i++];
if (!data[k])
return cb('Invalid wallet data');
});
10 years ago
var xPubKey = (new Bitcore.HDPublicKey(data.xPrivKey)).toString();
data.publicKeyRing.push(xPubKey);
data.copayerId = WalletUtils.xPubToCopayerId(xPubKey);
10 years ago
data.m = data.publicKeyRing.length;
data.signingPrivKey = (new Bitcore.HDPrivateKey(data.xPrivKey)).derive('m/1/0').privateKey.toWIF();
data.network = data.xPrivKey.substr(0, 4) === 'tprv' ? 'testnet' : 'livenet';
10 years ago
self.storage.save(data, cb);
});
};
API.prototype.getTxProposals = function(opts, cb) {
var self = this;
this._loadAndCheck(function(err, data) {
if (err) return cb(err);
var url = '/v1/txproposals/';
self._doGetRequest(url, data, cb);
});
};
API.prototype.signTxProposal = function(txp, cb) {
10 years ago
var self = this;
this._loadAndCheck(function(err, data) {
if (err) return cb(err);
10 years ago
if (!Verifier.checkTxProposal(data, txp)) {
return cb(new ServerCompromisedError('Server sent fake transaction proposal'));
}
10 years ago
//Derive proper key to sign, for each input
var privs = [],
derived = {};
10 years ago
var network = new Bitcore.Address(txp.toAddress).network.name;
var xpriv = new Bitcore.HDPrivateKey(data.xPrivKey, network);
10 years ago
_.each(txp.inputs, function(i) {
if (!derived[i.path]) {
derived[i.path] = xpriv.derive(i.path).privateKey;
}
privs.push(derived[i.path]);
});
10 years ago
var t = new Bitcore.Transaction();
_.each(txp.inputs, function(i) {
t.from(i, i.publicKeys, txp.requiredSignatures);
});
10 years ago
t.to(txp.toAddress, txp.amount)
.change(txp.changeAddress)
.sign(privs);
10 years ago
var signatures = [];
_.each(privs, function(p) {
var s = t.getSignatures(p)[0].signature.toDER().toString('hex');
signatures.push(s);
});
10 years ago
var url = '/v1/txproposals/' + txp.id + '/signatures/';
var args = {
signatures: signatures
};
10 years ago
self._doPostRequest(url, args, data, cb);
});
10 years ago
};
API.prototype.rejectTxProposal = function(txp, reason, cb) {
10 years ago
var self = this;
10 years ago
this._loadAndCheck(
function(err, data) {
if (err) return cb(err);
10 years ago
10 years ago
var url = '/v1/txproposals/' + txp.id + '/rejections/';
var args = {
reason: reason || '',
};
self._doPostRequest(url, args, data, cb);
});
10 years ago
};
10 years ago
API.prototype.broadcastTxProposal = function(txp, cb) {
var self = this;
10 years ago
this._loadAndCheck(
function(err, data) {
if (err) return cb(err);
10 years ago
10 years ago
var url = '/v1/txproposals/' + txp.id + '/broadcast/';
self._doPostRequest(url, {}, data, cb);
});
10 years ago
};
10 years ago
API.prototype.removeTxProposal = function(txp, cb) {
10 years ago
var self = this;
10 years ago
this._loadAndCheck(
function(err, data) {
if (err) return cb(err);
var url = '/v1/txproposals/' + txp.id;
self._doRequest('delete', url, {}, data, cb);
});
10 years ago
};
module.exports = API;