You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

233 lines
5.4 KiB

package processHttp
import (
"encoding/json"
"fmt"
"log"
"net/http"
"strconv"
"time"
"github.com/vocdoni/dvote-census/tree"
"github.com/vocdoni/dvote-relay/crypto/signature"
)
const authTimeWindow = 10 // Time window (seconds) in which TimeStamp will be accepted if auth enabled
var authPubKey string
var T tree.Tree // MerkleTree dvote-census library
var S signature.SignKeys // Signature dvote-relay library
type Claim struct {
CensusID string `json:"censusID"` // References to MerkleTree namespace
ClaimData string `json:"claimData"` // Data to add to the MerkleTree
ProofData string `json:"proofData"` // MerkleProof to check
TimeStamp string `json:"timeStamp"` // Unix TimeStamp in seconds
Signature string `json:"signature"` // Signature as Hexadecimal String
}
type Result struct {
Error bool `json:"error"`
Response string `json:"response"`
}
func reply(resp *Result, w http.ResponseWriter) {
err := json.NewEncoder(w).Encode(resp)
if err != nil {
http.Error(w, err.Error(), 500)
} else {
w.Header().Set("content-type", "application/json")
}
}
func checkRequest(w http.ResponseWriter, req *http.Request) bool {
if req.Body == nil {
http.Error(w, "Please send a request body", 400)
return false
}
return true
}
func checkAuth(timestamp, signature, message string) bool {
if len(authPubKey) < 1 {
return true
}
currentTime := int64(time.Now().Unix())
timeStampRemote, err := strconv.ParseInt(timestamp, 10, 32)
if err != nil {
log.Printf("Cannot parse timestamp data %s\n", err)
return false
}
if timeStampRemote < currentTime+authTimeWindow &&
timeStampRemote > currentTime-authTimeWindow {
v, err := S.Verify(message, signature, authPubKey)
if err != nil {
log.Printf("Verification error: %s\n", err)
}
return v
}
return false
}
func claimHandler(w http.ResponseWriter, req *http.Request, op string) {
var c Claim
var resp Result
if ok := checkRequest(w, req); !ok {
return
}
// Decode JSON
err := json.NewDecoder(req.Body).Decode(&c)
if err != nil {
http.Error(w, err.Error(), 400)
return
}
// Process data
log.Printf("Received: %s,%s,%s,%s,%s", c.CensusID, c.ClaimData, c.ProofData,
c.TimeStamp, c.Signature)
resp.Error = false
resp.Response = ""
if len(c.CensusID) > 0 {
T.Namespace = c.CensusID
} else {
resp.Error = true
resp.Response = "censusID is not valid"
reply(&resp, w)
return
}
if len(c.ClaimData) < 0 {
resp.Error = true
resp.Response = "data not valid"
reply(&resp, w)
return
}
if op == "add" {
msg := fmt.Sprintf("%s%s%s", c.CensusID, c.ClaimData, c.TimeStamp)
if auth := checkAuth(c.TimeStamp, c.Signature, msg); auth {
err = T.AddClaim([]byte(c.ClaimData))
} else {
resp.Error = true
resp.Response = "invalid authentication"
}
}
if op == "gen" {
resp.Response, err = T.GenProof([]byte(c.ClaimData))
}
if op == "root" {
resp.Response = T.GetRoot()
}
if op == "dump" {
values, err := T.Dump()
if err != nil {
resp.Error = true
resp.Response = fmt.Sprint(err)
} else {
jValues, err := json.Marshal(values)
if err != nil {
resp.Error = true
resp.Response = fmt.Sprint(err)
} else {
resp.Response = string(jValues)
}
}
}
if op == "snapshot" {
msg := fmt.Sprintf("%s%s%s", c.CensusID, c.ClaimData, c.TimeStamp)
if auth := checkAuth(c.TimeStamp, c.Signature, msg); auth {
snapshotNamespace, err := T.Snapshot()
if err != nil {
resp.Error = true
resp.Response = fmt.Sprint(err)
} else {
resp.Response = snapshotNamespace
}
} else {
resp.Error = true
resp.Response = "invalid authentication"
}
}
if op == "check" {
if len(c.ProofData) < 1 {
resp.Error = true
resp.Response = "proofData not provided"
reply(&resp, w)
return
}
var validProof bool
validProof, err = T.CheckProof([]byte(c.ClaimData), c.ProofData)
if validProof {
resp.Response = "valid"
} else {
resp.Response = "invalid"
}
}
if err != nil {
resp.Error = true
resp.Response = fmt.Sprint(err)
log.Print(err)
reply(&resp, w)
return
}
reply(&resp, w)
}
func Listen(port int, proto string, pubKey string) {
srv := &http.Server{
Addr: fmt.Sprintf(":%d", port),
ReadHeaderTimeout: 4 * time.Second,
ReadTimeout: 4 * time.Second,
WriteTimeout: 4 * time.Second,
IdleTimeout: 3 * time.Second,
}
http.HandleFunc("/addClaim", func(w http.ResponseWriter, r *http.Request) {
claimHandler(w, r, "add")
})
http.HandleFunc("/genProof", func(w http.ResponseWriter, r *http.Request) {
claimHandler(w, r, "gen")
})
http.HandleFunc("/checkProof", func(w http.ResponseWriter, r *http.Request) {
claimHandler(w, r, "check")
})
http.HandleFunc("/getRoot", func(w http.ResponseWriter, r *http.Request) {
claimHandler(w, r, "root")
})
http.HandleFunc("/snapshot", func(w http.ResponseWriter, r *http.Request) {
claimHandler(w, r, "snapshot")
})
http.HandleFunc("/dump", func(w http.ResponseWriter, r *http.Request) {
claimHandler(w, r, "dump")
})
if len(pubKey) > 1 {
log.Printf("Enabling signature authentication with %s\n", pubKey)
authPubKey = pubKey
} else {
authPubKey = ""
}
if proto == "https" {
log.Print("Starting server in https mode")
if err := srv.ListenAndServeTLS("server.crt", "server.key"); err != nil {
panic(err)
}
}
if proto == "http" {
log.Print("Starting server in http mode")
srv.SetKeepAlivesEnabled(false)
if err := srv.ListenAndServe(); err != nil {
panic(err)
}
}
}