Locazia: v1 auth (not tested yet)

app/api/__init__.py

@@ -1,9 +1,44 @@
-from sanic import Sanic
+import traceback
+
+from sanic import Sanic, response
+from app.core.logger import make_log
 
 app = Sanic(__name__)
 
+from app.api.middleware import attach_user_to_request, close_db_session
+
+app.register_middleware(attach_user_to_request, "request")
+app.register_middleware(close_db_session, "response")
+
 from app.api.routes._index import s_index
+from app.api.routes.auth import s_api_v1_auth_twa
 from app.api.routes.tonconnect import s_api_tonconnect_manifest
+from app.api.routes.node_storage import s_api_v1_storage_post, s_api_v1_storage_get
+from app.api.routes.custodial import s_api_v1_custodial_upload_content
 
 app.add_route(s_index, "/")
+
 app.add_route(s_api_tonconnect_manifest, "/api/tonconnect-manifest.json")
+
+app.add_route(s_api_v1_auth_twa, "/api/v1/auth.twa", methods=["POST"])
+
+app.add_route(s_api_v1_storage_post, "/api/v1/storage", methods=["POST"])
+app.add_route(s_api_v1_storage_get, "/api/v1/storage/<file_hash>", methods=["GET"])
+
+app.add_route(s_api_v1_custodial_upload_content, "/api/v1/custodial.uploadContent", methods=["POST"])
+
+
+@app.exception(BaseException)
+async def s_handle_exception(request, exception):
+    try:
+        request.ctx.db_session.close()
+    except BaseException as e:
+        pass
+
+    try:
+        raise exception
+    except BaseException as e:
+        make_log("sanic_exception", f"Exception: {e}" + '\n' + str(traceback.format_exc()), level='error')
+
+    return response.json({"error": "An internal server error occurred"}, status=500)
+

app/api/middleware.py

@@ -0,0 +1,70 @@
+from app.core.models.user import User
+from app.core.models.keys import KnownKey
+from app.core.storage import Session
+from app.core.logger import make_log
+
+from base58 import b58encode, b58decode
+
+
+async def try_authorization(request):
+    token = request.headers.get("Authorization")
+    if not token:
+        return
+
+    token_bin = b58decode(token)
+    if len(token_bin) != 57:
+        make_log("auth", "Invalid token length", level="warning")
+        return
+
+    known_key = request.ctx.db_session.query(KnownKey).filter(KnownKey.seed == token).first()
+    if not known_key:
+        make_log("auth", "Unknown key", level="warning")
+        return
+
+    if known_key.type != "USER_API_V1":
+        make_log("auth", "Invalid key type", level="warning")
+        return
+
+    (
+        token_version,
+        user_id,
+        timestamp,
+        randpart
+    ) = (
+        int.from_bytes(token_bin[0:1], 'big'),
+        int.from_bytes(token_bin[1:17], 'big'),
+        int.from_bytes(token_bin[17:25], 'big'),
+        token_bin[25:]
+    )
+    assert token_version == 1, "Invalid token version"
+    assert user_id > 0, "Invalid user_id"
+    assert timestamp > 0, "Invalid timestamp"
+
+    if known_key.meta.get('I_user_id', -1) != user_id:
+        make_log("auth", f"User ID mismatch: {known_key.meta.get('I_user_id', -1)} != {user_id}", level="warning")
+        return
+
+    user = request.ctx.db_session.query(User).filter(User.id == known_key.meta['I_user_id']).first()
+    if not user:
+        make_log("auth", "No user from key", level="warning")
+        return
+
+    request.ctx.user = user
+    request.ctx.user_key = known_key
+
+
+async def attach_user_to_request(request):
+    request.ctx.db_session = Session()
+    try_authorization(request)
+
+
+async def close_db_session(request, response):
+    try:
+        request.ctx.db_session.close()
+    except BaseException as e:
+        pass
+
+    response.headers["Access-Control-Allow-Origin"] = "*"
+    response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
+    response.headers["Access-Control-Allow-Headers"] = "Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token, Authorization, Refer"
+

app/api/routes/auth.py

@@ -0,0 +1,45 @@
+from sanic import response
+from app.core._config import TELEGRAM_API_KEY
+from app.core.models.user import User
+from app.core.logger import make_log
+from aiogram.utils.web_app import safe_parse_webapp_init_data
+from datetime import datetime
+import os
+import hashlib
+
+
+async def s_api_v1_auth_twa(request):
+    if not request.json:
+        return response.json({"error": "No data provided"}, status=400)
+
+    if not request.json.get('twa_data'):
+        return response.json({"error": "No TWA data provided"}, status=400)
+
+    twa_data = request.json['twa_data']
+    twa_data = safe_parse_webapp_init_data(token=TELEGRAM_API_KEY, init_data=twa_data)
+    assert twa_data
+
+    known_user = request.ctx.db_session.query(User).filter(User.telegram_id == twa_data.user.id).first()
+    if not known_user:
+        new_user = User(
+            telegram_id=twa_data.user.id,
+            username=twa_data.user.username,
+            meta={
+                "first_name": twa_data.user.first_name,
+                "last_name": twa_data.user.last_name,
+                "photo_url": twa_data.user.photo_url
+            },
+            lang_code=twa_data.user.language_code,
+            last_use=datetime.now(),
+            created=datetime.now()
+        )
+        request.ctx.db_session.add(new_user)
+        request.ctx.db_session.commit()
+
+        known_user = request.ctx.db_session.query(User).filter(User.telegram_id == twa_data.user.id).first()
+        assert known_user, "User not created"
+
+    return response.json({
+        'user': known_user.json_format(),
+        'auth_v1_token': known_user.create_api_token_v1(request.ctx.db_session, "USER_API_V1")['auth_v1_token']
+    })

app/api/routes/custodial.py

@@ -0,0 +1,36 @@
+from sanic import response
+from app.core._config import TELEGRAM_API_KEY
+from app.core.models.user import User
+from app.core.logger import make_log
+from datetime import datetime
+import os
+import hashlib
+
+
+async def s_api_v1_custodial_upload_content(request):
+    if not request.json:
+        return response.json({"error": "No data provided"}, status=400)
+
+    if not request.json.get('content'):
+        return response.json({"error": "No content provided"}, status=400)
+
+    if not request.json.get('content_hash'):
+        return response.json({"error": "No content hash provided"}, status=400)
+
+    content = request.json['content']
+    content_hash = request.json['content_hash']
+
+    known_user = request.ctx.db_session.query(User).filter(User.telegram_id == request.ctx.user.telegram_id).first()
+    if not known_user:
+        return response.json({"error": "User not found"}, status=400)
+
+    content_path = os.path.join(os.path.abspath(os.path.dirname(__file__)), f"../../../content/{content_hash}")
+    if os.path.exists(content_path):
+        return response.json({"error": "Content already exists"}, status=400)
+
+    with open(content_path, "wb") as f:
+        f.write(content)
+
+    return response.json({
+        'content_hash': content_hash
+    })

app/api/routes/node_storage.py

@@ -0,0 +1,58 @@
+from sanic import response
+from app.core._config import UPLOADS_DIR
+from app.core.storage import db_session
+from app.core.models.node_storage import StoredContent
+from app.core.logger import make_log
+from datetime import datetime
+from base58 import b58encode, b58decode
+import os
+import hashlib
+
+
+async def s_api_v1_storage_post(request):
+    if not request.files and not request.json:
+        return response.json({"error": "No file provided"}, status=400)
+
+    file_param = list(request.files.values())[0][0] if request.files else None
+    file_name_json = request.json.get("filename") if request.json else None
+
+    if file_param:
+        file_content = file_param.body
+        file_name = file_name_json or file_param.name
+    else:
+        return response.json({"error": "No file provided"}, status=400)
+
+    try:
+        file_hash = b58encode(hashlib.sha256(file_content).digest()).decode()
+        new_content = StoredContent(
+            hash=file_hash,
+            filename=file_name,
+            user_id=None,
+            meta={},
+            created=datetime.now(),
+            key_id=None
+        )
+        request.ctx.db_session.add(new_content)
+        request.ctx.db_session.commit()
+
+        file_path = os.path.join(UPLOADS_DIR, file_hash)
+        with open(file_path, "wb") as file:
+            file.write(file_content)
+
+        return response.json({"content_sha256": file_hash})
+    except BaseException as e:
+        return response.json({"error": f"Error: {e}"}, status=500)
+
+
+async def s_api_v1_storage_get(request, file_hash):
+    content = request.ctx.db_session.query(StoredContent).filter(StoredContent.hash == file_hash).first()
+    if not content:
+        return response.json({"error": "File not found"}, status=404)
+
+    make_log(f"File {file_hash} requested by {request.ip}")
+
+    file_path = os.path.join(UPLOADS_DIR, file_hash)
+    if not os.path.exists(file_path):
+        return response.json({"error": "File not found"}, status=404)
+
+    return await response.file(file_path)

app/bot/routers/index.py

@@ -7,7 +7,9 @@ from aiogram.filters import Command
 
 from app.bot.routers.tonconnect import router as tonconnect_router
 from app.core._utils.tg_process_template import tg_process_template
+from app.core._keyboards import get_inline_keyboard
 from app.core.logger import logger
+from app.core._config import WEB_APP_URLS
 
 main_router = Router()
 
@@ -18,7 +20,15 @@ async def t_home_menu(__msg, **extra):
         await extra['state'].clear()
 
     return await tg_process_template(
-        chat_wrap, user.translated('home_menu'), message_id=__msg.message.message_id if isinstance(__msg, types.CallbackQuery) else None
+        chat_wrap, user.translated('home_menu'), message_id=__msg.message.message_id if isinstance(__msg, types.CallbackQuery) else None,
+        keyboard=get_inline_keyboard([
+            [{
+                'text': user.translated('webApp_uploadContent_button'),
+                'web_app': types.WebAppInfo(
+                    url=WEB_APP_URLS['uploadContent']
+                )
+            }]
+        ])
     )
 
 

app/core/_config.py

@@ -7,6 +7,9 @@ load_dotenv(dotenv_path='.env')
 
 PROJECT_HOST = os.getenv('PROJECT_HOST', 'http://127.0.0.1:8080')
 SANIC_PORT = int(os.getenv('SANIC_PORT', '8080'))
+UPLOADS_DIR = os.getenv('UPLOADS_DIR', '/app/data')
+if not os.path.exists(UPLOADS_DIR):
+    os.makedirs(UPLOADS_DIR)
 
 TELEGRAM_API_KEY = os.environ.get('TELEGRAM_API_KEY')
 assert TELEGRAM_API_KEY, "Telegram API_KEY required"
@@ -21,3 +24,7 @@ if not os.path.exists(LOG_DIR):
 
 _now_str = datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
 LOG_FILEPATH = f"{LOG_DIR}/{_now_str}.log"
+
+WEB_APP_URLS = {
+    'uploadContent': f"https://web2-client.vercel.app/uploadContent"
+}

app/core/auth_v1.py

@@ -0,0 +1,63 @@
+from app.core.models.keys import KnownKey
+from datetime import datetime
+from base58 import b58encode, b58decode
+from hashlib import sha256
+import os
+
+
+# Auth v1 specs
+## Private key (57 bytes)
+# 1. int8 token version
+# 2. int128 users.id
+# 3. int64 init_ts
+# 4. int256 of os.urandom
+
+## Public key (72 bytes)
+# 1. int256 of sha256 of private key
+# 2. int256 of sha256 of users.id
+# 3. int64 init_ts
+
+
+class AuthenticationMixin:
+    async def create_api_token_v1(self, db_session, token_type) -> dict:
+        user_id = self.id
+        randpart = os.urandom(32)
+        assert type(user_id) == int, "User ID must be an integer"
+        init_ts = int(datetime.now().timestamp())
+        new_seed = (bytes([1])  # token version
+                    + user_id.to_bytes(16, 'big')
+                    + init_ts.to_bytes(8, 'big')
+                    + randpart)
+
+        assert len(new_seed) == 57, "Invalid seed length"
+        new_seed_hash_bin = sha256(new_seed).digest()
+        new_seed_hash = b58encode(new_seed_hash_bin).decode()
+        user_id_hash_bin = sha256(user_id.to_bytes(16, 'big')).digest()
+        public_key = (
+                new_seed_hash_bin
+                + user_id_hash_bin
+                + init_ts.to_bytes(8, 'big')
+        )
+        assert len(public_key) == 72, "Invalid public key length"
+        public_key_hash_bin = sha256(public_key).digest()
+        public_key_hash = b58encode(public_key_hash_bin).decode()
+        new_key = KnownKey(
+            type=token_type,
+            seed=b58encode(new_seed).decode(),
+            seed_hash=new_seed_hash,
+            public_key=b58encode(public_key).decode(),
+            public_key_hash=public_key_hash,
+            algo='CX_URANDOM_SHA256',
+            meta={
+                'I_user_id': user_id
+            },
+            created=datetime.fromtimestamp(init_ts)
+        )
+        db_session.add(new_key)
+        db_session.commit()
+        new_key = db_session.query(KnownKey).filter(KnownKey.seed_hash == new_key.seed_hash).first()
+        assert new_key, "Key not created"
+        return {
+            "key": new_key,
+            "auth_v1_token": new_key.seed
+        }

app/core/models/__init__.py

@@ -3,4 +3,6 @@ from app.core.models.memory import Memory
 from app.core.models.transaction import UserBalance, InternalTransaction
 from app.core.models.user import User
 from app.core.models.wallet_connection import WalletConnection
+from app.core.models.keys import KnownKey
+from app.core.models.node_storage import StoredContent
 from app.core.models.base import AlchemyBase

app/core/models/keys.py

@@ -0,0 +1,22 @@
+from sqlalchemy import Column, Integer, String, ForeignKey, DateTime, JSON, Boolean
+from sqlalchemy.orm import relationship
+
+from .base import AlchemyBase
+
+
+class KnownKey(AlchemyBase):
+    __tablename__ = 'known_keys'
+
+    id = Column(Integer, autoincrement=True, primary_key=True)
+    type = Column(String(32), nullable=False, default="NOT_SPECIFIED")
+    seed = Column(String(6144), nullable=True, default=None)
+    seed_hash = Column(String(64), nullable=True, default=None)  # base58
+    public_key = Column(String(6144), nullable=False, unique=True)
+    public_key_hash = Column(String(64), nullable=False, unique=True)  # base58
+
+    algo = Column(String(32), nullable=True, default=None)
+    meta = Column(JSON, nullable=False, default={})
+
+    created = Column(DateTime, nullable=False, default=0)
+
+    # stored_content = relationship('StoredContent', back_populates='key')

app/core/models/node_storage.py

@@ -0,0 +1,49 @@
+from sqlalchemy import Column, BigInteger, Integer, String, ForeignKey, DateTime, JSON, Boolean
+from sqlalchemy.orm import relationship
+
+from .base import AlchemyBase
+from hashlib import sha256
+from base58 import b58encode, b58decode
+
+
+# DMY CID v1 specs
+# 1. int8 cid version
+# 2. int256 sha256 of content
+# 3. int128 onchain content index
+
+
+class StoredContent(AlchemyBase):
+    __tablename__ = 'node_storage'
+
+    id = Column(Integer, autoincrement=True, primary_key=True)
+    hash = Column(String(64), nullable=False, unique=True)  # base58
+    onchain_index = Column(BigInteger, nullable=True, default=None)
+
+    filename = Column(String(1024), nullable=False)
+    meta = Column(JSON, nullable=False, default={})
+
+    user_id = Column(Integer, ForeignKey('users.id'), nullable=False)
+
+    storj_cid = Column(String(1024), nullable=False, unique=True)
+    ipfs_cid = Column(String(1024), nullable=False, unique=True)
+    telegram_cid = Column(String(1024), nullable=False, unique=True)
+
+    created = Column(DateTime, nullable=False, default=0)
+    disabled = Column(DateTime, nullable=False, default=0)
+    disabled_by = Column(Integer, ForeignKey('users.id'), nullable=True, default=None)
+
+    key_id = Column(Integer, ForeignKey('known_keys.id'), nullable=True, default=None)
+
+    user = relationship('User', uselist=False, foreign_keys=[user_id])
+    key = relationship('KnownKey', uselist=False, foreign_keys=[key_id])
+
+    def make_dmy_cid_v1(self) -> str:
+        vhash = sha256(
+            (1).to_bytes(1, 'big')  # cid version
+            + b58decode(hash)
+            + (self.onchain_index or 0).to_bytes(16, 'big')
+        ).digest()
+        return b58encode(vhash).decode()
+
+    def make_deeplink(self):
+        return f"dmy://storage?cid={self.make_dmy_cid_v1()}"

app/core/models/user/__init__.py

@@ -2,10 +2,12 @@ from sqlalchemy import Column, Integer, String, BigInteger, DateTime, JSON
 from sqlalchemy.orm import relationship
 
 from app.core.translation import TranslationCore
+from app.core.auth_v1 import AuthenticationMixin as AuthenticationMixin_V1
+from app.core.models.user.display_mixin import DisplayMixin
 from ..base import AlchemyBase
 
 
-class User(AlchemyBase, TranslationCore):
+class User(AlchemyBase, DisplayMixin, TranslationCore, AuthenticationMixin_V1):
     LOCALE_DOMAIN = 'sanic_telegram_bot'
 
     __tablename__ = 'users'
@@ -22,6 +24,7 @@ class User(AlchemyBase, TranslationCore):
     balances = relationship('UserBalance', back_populates='user')
     internal_transactions = relationship('InternalTransaction', back_populates='user')
     wallet_connections = relationship('WalletConnection', back_populates='user')
+    # stored_content = relationship('StoredContent', back_populates='user')
 
     def __str__(self):
         return f"User, {self.id}_{self.telegram_id} | Username: {self.username} " + '\\'

app/core/models/user/display_mixin.py

@@ -0,0 +1,11 @@
+class DisplayMixin:
+    def json_format(self):
+        return {
+            "id": self.id,
+            "telegram_id": self.telegram_id,
+            "username": self.username,
+            "lang_code": self.lang_code,
+            "meta": self.meta,
+            "last_use": self.last_use,
+            "created": self.created
+        }

docker-compose.yml

@@ -23,8 +23,11 @@ services:
       - .env
     links:
       - maria_db
+    ports:
+      - "13807:13000"
     volumes:
       - ./logs:/app/logs
+      - ./storedContent:/app/data
     depends_on:
       maria_db:
         condition: service_healthy

requirements.txt

@@ -3,5 +3,6 @@ websockets==10.0
 sqlalchemy==2.0.23
 python-dotenv==1.0.0
 pymysql==1.1.0
-aiogram==3.1.1
+aiogram==3.4.1
 pytonconnect==0.3.0
+base58==2.1.1