From e1edae9b29028a2bde0c03ab1e6fa4226cce0d7e Mon Sep 17 00:00:00 2001 From: user Date: Thu, 22 Feb 2024 21:18:56 +0300 Subject: [PATCH] Locazia: v1 auth (not tested yet) --- app/api/__init__.py | 37 +++++++++++++- app/api/middleware.py | 70 +++++++++++++++++++++++++++ app/api/routes/auth.py | 45 +++++++++++++++++ app/api/routes/custodial.py | 36 ++++++++++++++ app/api/routes/node_storage.py | 58 ++++++++++++++++++++++ app/bot/routers/index.py | 12 ++++- app/core/_config.py | 7 +++ app/core/auth_v1.py | 63 ++++++++++++++++++++++++ app/core/models/__init__.py | 2 + app/core/models/keys.py | 22 +++++++++ app/core/models/node_storage.py | 49 +++++++++++++++++++ app/core/models/user/__init__.py | 5 +- app/core/models/user/display_mixin.py | 11 +++++ docker-compose.yml | 3 ++ requirements.txt | 3 +- 15 files changed, 419 insertions(+), 4 deletions(-) create mode 100644 app/api/middleware.py create mode 100644 app/api/routes/auth.py create mode 100644 app/api/routes/custodial.py create mode 100644 app/api/routes/node_storage.py create mode 100644 app/core/auth_v1.py create mode 100644 app/core/models/keys.py create mode 100644 app/core/models/node_storage.py create mode 100644 app/core/models/user/display_mixin.py diff --git a/app/api/__init__.py b/app/api/__init__.py index da68079..341f7fa 100644 --- a/app/api/__init__.py +++ b/app/api/__init__.py @@ -1,9 +1,44 @@ -from sanic import Sanic +import traceback + +from sanic import Sanic, response +from app.core.logger import make_log app = Sanic(__name__) +from app.api.middleware import attach_user_to_request, close_db_session + +app.register_middleware(attach_user_to_request, "request") +app.register_middleware(close_db_session, "response") + from app.api.routes._index import s_index +from app.api.routes.auth import s_api_v1_auth_twa from app.api.routes.tonconnect import s_api_tonconnect_manifest +from app.api.routes.node_storage import s_api_v1_storage_post, s_api_v1_storage_get +from app.api.routes.custodial import s_api_v1_custodial_upload_content app.add_route(s_index, "/") + app.add_route(s_api_tonconnect_manifest, "/api/tonconnect-manifest.json") + +app.add_route(s_api_v1_auth_twa, "/api/v1/auth.twa", methods=["POST"]) + +app.add_route(s_api_v1_storage_post, "/api/v1/storage", methods=["POST"]) +app.add_route(s_api_v1_storage_get, "/api/v1/storage/", methods=["GET"]) + +app.add_route(s_api_v1_custodial_upload_content, "/api/v1/custodial.uploadContent", methods=["POST"]) + + +@app.exception(BaseException) +async def s_handle_exception(request, exception): + try: + request.ctx.db_session.close() + except BaseException as e: + pass + + try: + raise exception + except BaseException as e: + make_log("sanic_exception", f"Exception: {e}" + '\n' + str(traceback.format_exc()), level='error') + + return response.json({"error": "An internal server error occurred"}, status=500) + diff --git a/app/api/middleware.py b/app/api/middleware.py new file mode 100644 index 0000000..fc1ba7e --- /dev/null +++ b/app/api/middleware.py @@ -0,0 +1,70 @@ +from app.core.models.user import User +from app.core.models.keys import KnownKey +from app.core.storage import Session +from app.core.logger import make_log + +from base58 import b58encode, b58decode + + +async def try_authorization(request): + token = request.headers.get("Authorization") + if not token: + return + + token_bin = b58decode(token) + if len(token_bin) != 57: + make_log("auth", "Invalid token length", level="warning") + return + + known_key = request.ctx.db_session.query(KnownKey).filter(KnownKey.seed == token).first() + if not known_key: + make_log("auth", "Unknown key", level="warning") + return + + if known_key.type != "USER_API_V1": + make_log("auth", "Invalid key type", level="warning") + return + + ( + token_version, + user_id, + timestamp, + randpart + ) = ( + int.from_bytes(token_bin[0:1], 'big'), + int.from_bytes(token_bin[1:17], 'big'), + int.from_bytes(token_bin[17:25], 'big'), + token_bin[25:] + ) + assert token_version == 1, "Invalid token version" + assert user_id > 0, "Invalid user_id" + assert timestamp > 0, "Invalid timestamp" + + if known_key.meta.get('I_user_id', -1) != user_id: + make_log("auth", f"User ID mismatch: {known_key.meta.get('I_user_id', -1)} != {user_id}", level="warning") + return + + user = request.ctx.db_session.query(User).filter(User.id == known_key.meta['I_user_id']).first() + if not user: + make_log("auth", "No user from key", level="warning") + return + + request.ctx.user = user + request.ctx.user_key = known_key + + +async def attach_user_to_request(request): + request.ctx.db_session = Session() + try_authorization(request) + + +async def close_db_session(request, response): + try: + request.ctx.db_session.close() + except BaseException as e: + pass + + response.headers["Access-Control-Allow-Origin"] = "*" + response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS" + response.headers["Access-Control-Allow-Headers"] = "Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token, Authorization, Refer" + diff --git a/app/api/routes/auth.py b/app/api/routes/auth.py new file mode 100644 index 0000000..bcf1318 --- /dev/null +++ b/app/api/routes/auth.py @@ -0,0 +1,45 @@ +from sanic import response +from app.core._config import TELEGRAM_API_KEY +from app.core.models.user import User +from app.core.logger import make_log +from aiogram.utils.web_app import safe_parse_webapp_init_data +from datetime import datetime +import os +import hashlib + + +async def s_api_v1_auth_twa(request): + if not request.json: + return response.json({"error": "No data provided"}, status=400) + + if not request.json.get('twa_data'): + return response.json({"error": "No TWA data provided"}, status=400) + + twa_data = request.json['twa_data'] + twa_data = safe_parse_webapp_init_data(token=TELEGRAM_API_KEY, init_data=twa_data) + assert twa_data + + known_user = request.ctx.db_session.query(User).filter(User.telegram_id == twa_data.user.id).first() + if not known_user: + new_user = User( + telegram_id=twa_data.user.id, + username=twa_data.user.username, + meta={ + "first_name": twa_data.user.first_name, + "last_name": twa_data.user.last_name, + "photo_url": twa_data.user.photo_url + }, + lang_code=twa_data.user.language_code, + last_use=datetime.now(), + created=datetime.now() + ) + request.ctx.db_session.add(new_user) + request.ctx.db_session.commit() + + known_user = request.ctx.db_session.query(User).filter(User.telegram_id == twa_data.user.id).first() + assert known_user, "User not created" + + return response.json({ + 'user': known_user.json_format(), + 'auth_v1_token': known_user.create_api_token_v1(request.ctx.db_session, "USER_API_V1")['auth_v1_token'] + }) diff --git a/app/api/routes/custodial.py b/app/api/routes/custodial.py new file mode 100644 index 0000000..dda3357 --- /dev/null +++ b/app/api/routes/custodial.py @@ -0,0 +1,36 @@ +from sanic import response +from app.core._config import TELEGRAM_API_KEY +from app.core.models.user import User +from app.core.logger import make_log +from datetime import datetime +import os +import hashlib + + +async def s_api_v1_custodial_upload_content(request): + if not request.json: + return response.json({"error": "No data provided"}, status=400) + + if not request.json.get('content'): + return response.json({"error": "No content provided"}, status=400) + + if not request.json.get('content_hash'): + return response.json({"error": "No content hash provided"}, status=400) + + content = request.json['content'] + content_hash = request.json['content_hash'] + + known_user = request.ctx.db_session.query(User).filter(User.telegram_id == request.ctx.user.telegram_id).first() + if not known_user: + return response.json({"error": "User not found"}, status=400) + + content_path = os.path.join(os.path.abspath(os.path.dirname(__file__)), f"../../../content/{content_hash}") + if os.path.exists(content_path): + return response.json({"error": "Content already exists"}, status=400) + + with open(content_path, "wb") as f: + f.write(content) + + return response.json({ + 'content_hash': content_hash + }) diff --git a/app/api/routes/node_storage.py b/app/api/routes/node_storage.py new file mode 100644 index 0000000..d1579af --- /dev/null +++ b/app/api/routes/node_storage.py @@ -0,0 +1,58 @@ +from sanic import response +from app.core._config import UPLOADS_DIR +from app.core.storage import db_session +from app.core.models.node_storage import StoredContent +from app.core.logger import make_log +from datetime import datetime +from base58 import b58encode, b58decode +import os +import hashlib + + +async def s_api_v1_storage_post(request): + if not request.files and not request.json: + return response.json({"error": "No file provided"}, status=400) + + file_param = list(request.files.values())[0][0] if request.files else None + file_name_json = request.json.get("filename") if request.json else None + + if file_param: + file_content = file_param.body + file_name = file_name_json or file_param.name + else: + return response.json({"error": "No file provided"}, status=400) + + try: + file_hash = b58encode(hashlib.sha256(file_content).digest()).decode() + new_content = StoredContent( + hash=file_hash, + filename=file_name, + user_id=None, + meta={}, + created=datetime.now(), + key_id=None + ) + request.ctx.db_session.add(new_content) + request.ctx.db_session.commit() + + file_path = os.path.join(UPLOADS_DIR, file_hash) + with open(file_path, "wb") as file: + file.write(file_content) + + return response.json({"content_sha256": file_hash}) + except BaseException as e: + return response.json({"error": f"Error: {e}"}, status=500) + + +async def s_api_v1_storage_get(request, file_hash): + content = request.ctx.db_session.query(StoredContent).filter(StoredContent.hash == file_hash).first() + if not content: + return response.json({"error": "File not found"}, status=404) + + make_log(f"File {file_hash} requested by {request.ip}") + + file_path = os.path.join(UPLOADS_DIR, file_hash) + if not os.path.exists(file_path): + return response.json({"error": "File not found"}, status=404) + + return await response.file(file_path) diff --git a/app/bot/routers/index.py b/app/bot/routers/index.py index d0852c1..b3364e0 100644 --- a/app/bot/routers/index.py +++ b/app/bot/routers/index.py @@ -7,7 +7,9 @@ from aiogram.filters import Command from app.bot.routers.tonconnect import router as tonconnect_router from app.core._utils.tg_process_template import tg_process_template +from app.core._keyboards import get_inline_keyboard from app.core.logger import logger +from app.core._config import WEB_APP_URLS main_router = Router() @@ -18,7 +20,15 @@ async def t_home_menu(__msg, **extra): await extra['state'].clear() return await tg_process_template( - chat_wrap, user.translated('home_menu'), message_id=__msg.message.message_id if isinstance(__msg, types.CallbackQuery) else None + chat_wrap, user.translated('home_menu'), message_id=__msg.message.message_id if isinstance(__msg, types.CallbackQuery) else None, + keyboard=get_inline_keyboard([ + [{ + 'text': user.translated('webApp_uploadContent_button'), + 'web_app': types.WebAppInfo( + url=WEB_APP_URLS['uploadContent'] + ) + }] + ]) ) diff --git a/app/core/_config.py b/app/core/_config.py index 45ff929..0e8e15a 100644 --- a/app/core/_config.py +++ b/app/core/_config.py @@ -7,6 +7,9 @@ load_dotenv(dotenv_path='.env') PROJECT_HOST = os.getenv('PROJECT_HOST', 'http://127.0.0.1:8080') SANIC_PORT = int(os.getenv('SANIC_PORT', '8080')) +UPLOADS_DIR = os.getenv('UPLOADS_DIR', '/app/data') +if not os.path.exists(UPLOADS_DIR): + os.makedirs(UPLOADS_DIR) TELEGRAM_API_KEY = os.environ.get('TELEGRAM_API_KEY') assert TELEGRAM_API_KEY, "Telegram API_KEY required" @@ -21,3 +24,7 @@ if not os.path.exists(LOG_DIR): _now_str = datetime.now().strftime("%Y-%m-%d_%H-%M-%S") LOG_FILEPATH = f"{LOG_DIR}/{_now_str}.log" + +WEB_APP_URLS = { + 'uploadContent': f"https://web2-client.vercel.app/uploadContent" +} diff --git a/app/core/auth_v1.py b/app/core/auth_v1.py new file mode 100644 index 0000000..f47d2d1 --- /dev/null +++ b/app/core/auth_v1.py @@ -0,0 +1,63 @@ +from app.core.models.keys import KnownKey +from datetime import datetime +from base58 import b58encode, b58decode +from hashlib import sha256 +import os + + +# Auth v1 specs +## Private key (57 bytes) +# 1. int8 token version +# 2. int128 users.id +# 3. int64 init_ts +# 4. int256 of os.urandom + +## Public key (72 bytes) +# 1. int256 of sha256 of private key +# 2. int256 of sha256 of users.id +# 3. int64 init_ts + + +class AuthenticationMixin: + async def create_api_token_v1(self, db_session, token_type) -> dict: + user_id = self.id + randpart = os.urandom(32) + assert type(user_id) == int, "User ID must be an integer" + init_ts = int(datetime.now().timestamp()) + new_seed = (bytes([1]) # token version + + user_id.to_bytes(16, 'big') + + init_ts.to_bytes(8, 'big') + + randpart) + + assert len(new_seed) == 57, "Invalid seed length" + new_seed_hash_bin = sha256(new_seed).digest() + new_seed_hash = b58encode(new_seed_hash_bin).decode() + user_id_hash_bin = sha256(user_id.to_bytes(16, 'big')).digest() + public_key = ( + new_seed_hash_bin + + user_id_hash_bin + + init_ts.to_bytes(8, 'big') + ) + assert len(public_key) == 72, "Invalid public key length" + public_key_hash_bin = sha256(public_key).digest() + public_key_hash = b58encode(public_key_hash_bin).decode() + new_key = KnownKey( + type=token_type, + seed=b58encode(new_seed).decode(), + seed_hash=new_seed_hash, + public_key=b58encode(public_key).decode(), + public_key_hash=public_key_hash, + algo='CX_URANDOM_SHA256', + meta={ + 'I_user_id': user_id + }, + created=datetime.fromtimestamp(init_ts) + ) + db_session.add(new_key) + db_session.commit() + new_key = db_session.query(KnownKey).filter(KnownKey.seed_hash == new_key.seed_hash).first() + assert new_key, "Key not created" + return { + "key": new_key, + "auth_v1_token": new_key.seed + } diff --git a/app/core/models/__init__.py b/app/core/models/__init__.py index 9e38f18..883b3b1 100644 --- a/app/core/models/__init__.py +++ b/app/core/models/__init__.py @@ -3,4 +3,6 @@ from app.core.models.memory import Memory from app.core.models.transaction import UserBalance, InternalTransaction from app.core.models.user import User from app.core.models.wallet_connection import WalletConnection +from app.core.models.keys import KnownKey +from app.core.models.node_storage import StoredContent from app.core.models.base import AlchemyBase diff --git a/app/core/models/keys.py b/app/core/models/keys.py new file mode 100644 index 0000000..832b0ec --- /dev/null +++ b/app/core/models/keys.py @@ -0,0 +1,22 @@ +from sqlalchemy import Column, Integer, String, ForeignKey, DateTime, JSON, Boolean +from sqlalchemy.orm import relationship + +from .base import AlchemyBase + + +class KnownKey(AlchemyBase): + __tablename__ = 'known_keys' + + id = Column(Integer, autoincrement=True, primary_key=True) + type = Column(String(32), nullable=False, default="NOT_SPECIFIED") + seed = Column(String(6144), nullable=True, default=None) + seed_hash = Column(String(64), nullable=True, default=None) # base58 + public_key = Column(String(6144), nullable=False, unique=True) + public_key_hash = Column(String(64), nullable=False, unique=True) # base58 + + algo = Column(String(32), nullable=True, default=None) + meta = Column(JSON, nullable=False, default={}) + + created = Column(DateTime, nullable=False, default=0) + + # stored_content = relationship('StoredContent', back_populates='key') diff --git a/app/core/models/node_storage.py b/app/core/models/node_storage.py new file mode 100644 index 0000000..8cdf90d --- /dev/null +++ b/app/core/models/node_storage.py @@ -0,0 +1,49 @@ +from sqlalchemy import Column, BigInteger, Integer, String, ForeignKey, DateTime, JSON, Boolean +from sqlalchemy.orm import relationship + +from .base import AlchemyBase +from hashlib import sha256 +from base58 import b58encode, b58decode + + +# DMY CID v1 specs +# 1. int8 cid version +# 2. int256 sha256 of content +# 3. int128 onchain content index + + +class StoredContent(AlchemyBase): + __tablename__ = 'node_storage' + + id = Column(Integer, autoincrement=True, primary_key=True) + hash = Column(String(64), nullable=False, unique=True) # base58 + onchain_index = Column(BigInteger, nullable=True, default=None) + + filename = Column(String(1024), nullable=False) + meta = Column(JSON, nullable=False, default={}) + + user_id = Column(Integer, ForeignKey('users.id'), nullable=False) + + storj_cid = Column(String(1024), nullable=False, unique=True) + ipfs_cid = Column(String(1024), nullable=False, unique=True) + telegram_cid = Column(String(1024), nullable=False, unique=True) + + created = Column(DateTime, nullable=False, default=0) + disabled = Column(DateTime, nullable=False, default=0) + disabled_by = Column(Integer, ForeignKey('users.id'), nullable=True, default=None) + + key_id = Column(Integer, ForeignKey('known_keys.id'), nullable=True, default=None) + + user = relationship('User', uselist=False, foreign_keys=[user_id]) + key = relationship('KnownKey', uselist=False, foreign_keys=[key_id]) + + def make_dmy_cid_v1(self) -> str: + vhash = sha256( + (1).to_bytes(1, 'big') # cid version + + b58decode(hash) + + (self.onchain_index or 0).to_bytes(16, 'big') + ).digest() + return b58encode(vhash).decode() + + def make_deeplink(self): + return f"dmy://storage?cid={self.make_dmy_cid_v1()}" diff --git a/app/core/models/user/__init__.py b/app/core/models/user/__init__.py index 42d7f00..2da5723 100644 --- a/app/core/models/user/__init__.py +++ b/app/core/models/user/__init__.py @@ -2,10 +2,12 @@ from sqlalchemy import Column, Integer, String, BigInteger, DateTime, JSON from sqlalchemy.orm import relationship from app.core.translation import TranslationCore +from app.core.auth_v1 import AuthenticationMixin as AuthenticationMixin_V1 +from app.core.models.user.display_mixin import DisplayMixin from ..base import AlchemyBase -class User(AlchemyBase, TranslationCore): +class User(AlchemyBase, DisplayMixin, TranslationCore, AuthenticationMixin_V1): LOCALE_DOMAIN = 'sanic_telegram_bot' __tablename__ = 'users' @@ -22,6 +24,7 @@ class User(AlchemyBase, TranslationCore): balances = relationship('UserBalance', back_populates='user') internal_transactions = relationship('InternalTransaction', back_populates='user') wallet_connections = relationship('WalletConnection', back_populates='user') + # stored_content = relationship('StoredContent', back_populates='user') def __str__(self): return f"User, {self.id}_{self.telegram_id} | Username: {self.username} " + '\\' diff --git a/app/core/models/user/display_mixin.py b/app/core/models/user/display_mixin.py new file mode 100644 index 0000000..576d45c --- /dev/null +++ b/app/core/models/user/display_mixin.py @@ -0,0 +1,11 @@ +class DisplayMixin: + def json_format(self): + return { + "id": self.id, + "telegram_id": self.telegram_id, + "username": self.username, + "lang_code": self.lang_code, + "meta": self.meta, + "last_use": self.last_use, + "created": self.created + } diff --git a/docker-compose.yml b/docker-compose.yml index e801eb6..d3532c3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,8 +23,11 @@ services: - .env links: - maria_db + ports: + - "13807:13000" volumes: - ./logs:/app/logs + - ./storedContent:/app/data depends_on: maria_db: condition: service_healthy diff --git a/requirements.txt b/requirements.txt index 5c6e411..e6a6fef 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,6 @@ websockets==10.0 sqlalchemy==2.0.23 python-dotenv==1.0.0 pymysql==1.1.0 -aiogram==3.1.1 +aiogram==3.4.1 pytonconnect==0.3.0 +base58==2.1.1