Refactor account creation auth endpoints

2026-02-06 19:06:42 +01:00 · 2020-10-29 19:13:14 +01:00
parent 8c6f5f2950
commit 8c9d13ffa5
9 changed files with 316 additions and 165 deletions
--- a/api/accountcreationauths.go
+++ b/api/accountcreationauths.go
@@ -0,0 +1,68 @@
+package api
+
+import (
+	"errors"
+	"net/http"
+	"time"
+
+	ethCommon "github.com/ethereum/go-ethereum/common"
+	"github.com/gin-gonic/gin"
+	"github.com/hermeznetwork/hermez-node/apitypes"
+	"github.com/hermeznetwork/hermez-node/common"
+	"github.com/iden3/go-iden3-crypto/babyjub"
+)
+
+func postAccountCreationAuth(c *gin.Context) {
+	// Parse body
+	var apiAuth receivedAuth
+	if err := c.ShouldBindJSON(&apiAuth); err != nil {
+		retBadReq(err, c)
+		return
+	}
+	// API to common + verify signature
+	commonAuth := accountCreationAuthAPIToCommon(&apiAuth)
+	if !commonAuth.VerifySignature() {
+		retBadReq(errors.New("invalid signature"), c)
+		return
+	}
+	// Insert to DB
+	if err := l2.AddAccountCreationAuth(commonAuth); err != nil {
+		retSQLErr(err, c)
+		return
+	}
+	// Return OK
+	c.Status(http.StatusOK)
+}
+
+func getAccountCreationAuth(c *gin.Context) {
+	// Get hezEthereumAddress
+	addr, err := parseParamHezEthAddr(c)
+	if err != nil {
+		retBadReq(err, c)
+		return
+	}
+	// Fetch auth from l2DB
+	auth, err := l2.GetAccountCreationAuthAPI(*addr)
+	if err != nil {
+		retSQLErr(err, c)
+		return
+	}
+	// Build succesfull response
+	c.JSON(http.StatusOK, auth)
+}
+
+type receivedAuth struct {
+	EthAddr   apitypes.StrHezEthAddr   `json:"hezEthereumAddress" binding:"required"`
+	BJJ       apitypes.StrHezBJJ       `json:"bjj" binding:"required"`
+	Signature apitypes.StrEthSignature `json:"signature" binding:"required"`
+	Timestamp time.Time                `json:"timestamp"`
+}
+
+func accountCreationAuthAPIToCommon(apiAuth *receivedAuth) *common.AccountCreationAuth {
+	return &common.AccountCreationAuth{
+		EthAddr:   ethCommon.Address(apiAuth.EthAddr),
+		BJJ:       (*babyjub.PublicKey)(&apiAuth.BJJ),
+		Signature: []byte(apiAuth.Signature),
+		Timestamp: apiAuth.Timestamp,
+	}
+}
--- a/api/accountcreationauths_test.go
+++ b/api/accountcreationauths_test.go
@@ -0,0 +1,99 @@
+package api
+
+import (
+	"bytes"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"math/big"
+	"testing"
+	"time"
+
+	ethCommon "github.com/ethereum/go-ethereum/common"
+	"github.com/hermeznetwork/hermez-node/common"
+	"github.com/stretchr/testify/assert"
+)
+
+type testAuth struct {
+	EthAddr   string    `json:"hezEthereumAddress" binding:"required"`
+	BJJ       string    `json:"bjj" binding:"required"`
+	Signature string    `json:"signature" binding:"required"`
+	Timestamp time.Time `json:"timestamp"`
+}
+
+func genTestAuths(auths []*common.AccountCreationAuth) []testAuth {
+	testAuths := []testAuth{}
+	for _, auth := range auths {
+		testAuths = append(testAuths, testAuth{
+			EthAddr:   ethAddrToHez(auth.EthAddr),
+			BJJ:       bjjToString(auth.BJJ),
+			Signature: "0x" + hex.EncodeToString(auth.Signature),
+			Timestamp: auth.Timestamp,
+		})
+	}
+	return testAuths
+}
+
+func TestAccountCreationAuth(t *testing.T) {
+	// POST
+	endpoint := apiURL + "account-creation-authorization"
+	for _, auth := range tc.auths {
+		jsonAuthBytes, err := json.Marshal(auth)
+		assert.NoError(t, err)
+		jsonAuthReader := bytes.NewReader(jsonAuthBytes)
+		fmt.Println(string(jsonAuthBytes))
+		assert.NoError(
+			t, doGoodReq(
+				"POST",
+				endpoint,
+				jsonAuthReader, nil,
+			),
+		)
+	}
+	// GET
+	endpoint += "/"
+	for _, auth := range tc.auths {
+		fetchedAuth := testAuth{}
+		assert.NoError(
+			t, doGoodReq(
+				"GET",
+				endpoint+auth.EthAddr,
+				nil, &fetchedAuth,
+			),
+		)
+		assertAuth(t, auth, fetchedAuth)
+	}
+	// POST
+	// 400
+	// Wrong addr
+	badAuth := tc.auths[0]
+	badAuth.EthAddr = ethAddrToHez(ethCommon.BigToAddress(big.NewInt(1)))
+	jsonAuthBytes, err := json.Marshal(badAuth)
+	assert.NoError(t, err)
+	jsonAuthReader := bytes.NewReader(jsonAuthBytes)
+	err = doBadReq("POST", endpoint, jsonAuthReader, 400)
+	assert.NoError(t, err)
+	// Wrong signature
+	badAuth = tc.auths[0]
+	badAuth.Signature = badAuth.Signature[:len(badAuth.Signature)-1]
+	badAuth.Signature += "F"
+	jsonAuthBytes, err = json.Marshal(badAuth)
+	assert.NoError(t, err)
+	jsonAuthReader = bytes.NewReader(jsonAuthBytes)
+	err = doBadReq("POST", endpoint, jsonAuthReader, 400)
+	assert.NoError(t, err)
+	// GET
+	// 400
+	err = doBadReq("GET", endpoint+"hez:0xFooBar", nil, 400)
+	assert.NoError(t, err)
+	// 404
+	err = doBadReq("GET", endpoint+"hez:0x0000000000000000000000000000000000000001", nil, 404)
+	assert.NoError(t, err)
+}
+
+func assertAuth(t *testing.T, expected, actual testAuth) {
+	// timestamp should be very close to now
+	assert.Less(t, time.Now().UTC().Unix()-3, actual.Timestamp.Unix())
+	expected.Timestamp = actual.Timestamp
+	assert.Equal(t, expected, actual)
+}
--- a/api/api_test.go
+++ b/api/api_test.go
@@ -1,7 +1,6 @@
 package api

 import (
-	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
@@ -51,7 +50,7 @@ type testCommon struct {
 	usrExits         []exitAPI
 	poolTxsToSend    []testPoolTxSend
 	poolTxsToReceive []testPoolTxReceive
-	auths            []accountCreationAuthAPI
+	auths            []testAuth
 	router           *swagger.Router
 	bids             []testBid
 }
@@ -336,15 +335,6 @@ func TestMain(m *testing.M) {
 	if err != nil {
 		panic(err)
 	}
-	// Account creation auth
-	const nAuths = 5
-	auths := test.GenAuths(nAuths)
-	// Transform auths to API format
-	apiAuths := []accountCreationAuthAPI{}
-	for _, auth := range auths {
-		apiAuth := accountCreationAuthToAPI(auth)
-		apiAuths = append(apiAuths, *apiAuth)
-	}

 	// Bids
 	const nBids = 10
@@ -373,7 +363,7 @@ func TestMain(m *testing.M) {
 		usrExits:         usrExits,
 		poolTxsToSend:    poolTxsToSend,
 		poolTxsToReceive: poolTxsToReceive,
-		auths:            apiAuths,
+		auths:            genTestAuths(test.GenAuths(5)),
 		router:           router,
 		bids:             genTestBids(blocks, coordinators, bids),
 	}
@@ -581,70 +571,6 @@ func TestGetConfig(t *testing.T) {
 	assert.Equal(t, cg, &configTest)
 }

-func TestAccountCreationAuth(t *testing.T) {
-	// POST
-	endpoint := apiURL + "account-creation-authorization"
-	for _, auth := range tc.auths {
-		jsonAuthBytes, err := json.Marshal(auth)
-		assert.NoError(t, err)
-		jsonAuthReader := bytes.NewReader(jsonAuthBytes)
-		fmt.Println(string(jsonAuthBytes))
-		assert.NoError(
-			t, doGoodReq(
-				"POST",
-				endpoint,
-				jsonAuthReader, nil,
-			),
-		)
-	}
-	// GET
-	endpoint += "/"
-	for _, auth := range tc.auths {
-		fetchedAuth := accountCreationAuthAPI{}
-		assert.NoError(
-			t, doGoodReq(
-				"GET",
-				endpoint+auth.EthAddr,
-				nil, &fetchedAuth,
-			),
-		)
-		assertAuth(t, auth, fetchedAuth)
-	}
-	// POST
-	// 400
-	// Wrong addr
-	badAuth := tc.auths[0]
-	badAuth.EthAddr = ethAddrToHez(ethCommon.BigToAddress(big.NewInt(1)))
-	jsonAuthBytes, err := json.Marshal(badAuth)
-	assert.NoError(t, err)
-	jsonAuthReader := bytes.NewReader(jsonAuthBytes)
-	err = doBadReq("POST", endpoint, jsonAuthReader, 400)
-	assert.NoError(t, err)
-	// Wrong signature
-	badAuth = tc.auths[0]
-	badAuth.Signature = badAuth.Signature[:len(badAuth.Signature)-1]
-	badAuth.Signature += "F"
-	jsonAuthBytes, err = json.Marshal(badAuth)
-	assert.NoError(t, err)
-	jsonAuthReader = bytes.NewReader(jsonAuthBytes)
-	err = doBadReq("POST", endpoint, jsonAuthReader, 400)
-	assert.NoError(t, err)
-	// GET
-	// 400
-	err = doBadReq("GET", endpoint+"hez:0xFooBar", nil, 400)
-	assert.NoError(t, err)
-	// 404
-	err = doBadReq("GET", endpoint+"hez:0x0000000000000000000000000000000000000001", nil, 404)
-	assert.NoError(t, err)
-}
-
-func assertAuth(t *testing.T, expected, actual accountCreationAuthAPI) {
-	// timestamp should be very close to now
-	assert.Less(t, time.Now().UTC().Unix()-3, actual.Timestamp.Unix())
-	expected.Timestamp = actual.Timestamp
-	assert.Equal(t, expected, actual)
-}
-
 func doGoodReqPaginated(
 	path, order string,
 	iterStruct db.Paginationer,
--- a/api/dbtoapistructs.go
+++ b/api/dbtoapistructs.go
@@ -2,12 +2,8 @@ package api

 import (
 	"encoding/base64"
-	"encoding/hex"
-	"errors"
 	"math/big"
 	"strconv"
-	"strings"
-	"time"

 	ethCommon "github.com/ethereum/go-ethereum/common"
 	"github.com/hermeznetwork/hermez-node/common"
@@ -152,47 +148,3 @@ type configAPI struct {
 	AuctionConstants  eth.AuctionConstants  `json:"auction"`
 	WDelayerConstants eth.WDelayerConstants `json:"withdrawalDelayer"`
 }
-
-// AccountCreationAuth
-
-type accountCreationAuthAPI struct {
-	EthAddr   string    `json:"hezEthereumAddress" binding:"required"`
-	BJJ       string    `json:"bjj" binding:"required"`
-	Signature string    `json:"signature" binding:"required"`
-	Timestamp time.Time `json:"timestamp"`
-}
-
-func accountCreationAuthToAPI(dbAuth *common.AccountCreationAuth) *accountCreationAuthAPI {
-	return &accountCreationAuthAPI{
-		EthAddr:   ethAddrToHez(dbAuth.EthAddr),
-		BJJ:       bjjToString(dbAuth.BJJ),
-		Signature: "0x" + hex.EncodeToString(dbAuth.Signature),
-		Timestamp: dbAuth.Timestamp,
-	}
-}
-
-func accountCreationAuthAPIToCommon(apiAuth *accountCreationAuthAPI) (*common.AccountCreationAuth, error) {
-	ethAddr, err := hezStringToEthAddr(apiAuth.EthAddr, "hezEthereumAddress")
-	if err != nil {
-		return nil, err
-	}
-	bjj, err := hezStringToBJJ(apiAuth.BJJ, "bjj")
-	if err != nil {
-		return nil, err
-	}
-	without0x := strings.TrimPrefix(apiAuth.Signature, "0x")
-	s, err := hex.DecodeString(without0x)
-	if err != nil {
-		return nil, err
-	}
-	auth := &common.AccountCreationAuth{
-		EthAddr:   *ethAddr,
-		BJJ:       bjj,
-		Signature: s,
-		Timestamp: apiAuth.Timestamp,
-	}
-	if !auth.VerifySignature() {
-		return nil, errors.New("invalid signature")
-	}
-	return auth, nil
-}
--- a/api/handlers.go
+++ b/api/handlers.go
@@ -28,46 +28,6 @@ var (
 	ErrNillBidderAddr = errors.New("biderAddr can not be nil")
 )

-func postAccountCreationAuth(c *gin.Context) {
-	// Parse body
-	var apiAuth accountCreationAuthAPI
-	if err := c.ShouldBindJSON(&apiAuth); err != nil {
-		retBadReq(err, c)
-		return
-	}
-	// API to common + verify signature
-	dbAuth, err := accountCreationAuthAPIToCommon(&apiAuth)
-	if err != nil {
-		retBadReq(err, c)
-		return
-	}
-	// Insert to DB
-	if err := l2.AddAccountCreationAuth(dbAuth); err != nil {
-		retSQLErr(err, c)
-		return
-	}
-	// Return OK
-	c.Status(http.StatusOK)
-}
-
-func getAccountCreationAuth(c *gin.Context) {
-	// Get hezEthereumAddress
-	addr, err := parseParamHezEthAddr(c)
-	if err != nil {
-		retBadReq(err, c)
-		return
-	}
-	// Fetch auth from l2DB
-	dbAuth, err := l2.GetAccountCreationAuth(*addr)
-	if err != nil {
-		retSQLErr(err, c)
-		return
-	}
-	apiAuth := accountCreationAuthToAPI(dbAuth)
-	// Build succesfull response
-	c.JSON(http.StatusOK, apiAuth)
-}
-
 func getAccounts(c *gin.Context) {

 }