verify subscribe request signature #1
@ -10,6 +10,9 @@ import settings
|
|||||||
from funding.factory import app, db, cache
|
from funding.factory import app, db, cache
|
||||||
from funding.orm import Address, Slate
|
from funding.orm import Address, Slate
|
||||||
|
|
||||||
|
import secp256k1
|
||||||
|
import base58
|
||||||
|
|
||||||
|
|
||||||
@app.route('/')
|
@app.route('/')
|
||||||
def index():
|
def index():
|
||||||
@ -50,12 +53,25 @@ def postSlate(receivingAddress, slate):
|
|||||||
@app.route('/getSlates', methods=['POST'])
|
@app.route('/getSlates', methods=['POST'])
|
||||||
@endpoint.api(
|
@endpoint.api(
|
||||||
parameter('receivingAddress', type=str, required=True),
|
parameter('receivingAddress', type=str, required=True),
|
||||||
|
parameter('signature', type=str, required=True)
|
||||||
)
|
)
|
||||||
def getSlates(receivingAddress):
|
def getSlates(receivingAddress, signature):
|
||||||
try:
|
try:
|
||||||
if receivingAddress is None:
|
if receivingAddress is None:
|
||||||
return make_response(jsonify({'status': 'failure', 'error': str("missing correct arguments")}))
|
return make_response(jsonify({'status': 'failure', 'error': str("missing correct arguments")}))
|
||||||
|
|
||||||
|
# Deserialize the base-58 address to hex, and then to an internal public key format
|
||||||
|
# NOTE: This assumes that the network version (which is not part of the key) is exactly 2 bytes
|
||||||
|
public_key = secp256k1.PublicKey(base58.b58decode_check(receivingAddress)[2:])
|
||||||
|
|
||||||
|
# Prepare the message bound to the signature: a domain separator and the encoded address
|
||||||
|
# For some reason, the original client code calls this the "challenge"
|
||||||
|
message = 'SubscribeRequest_' + receivingAddress
|
||||||
|
|
||||||
|
# Deserialize and verify the provided signature against the message and address public key
|
||||||
|
if not public_key.ecdsa_verify(message, public_key.ecdsa_deserialize(signature)):
|
||||||
|
return make_response(jsonify({'status': 'failure', 'error': str("bad signature")}))
|
||||||
|
|
||||||
slates = Slate.find_slates(address=receivingAddress)
|
slates = Slate.find_slates(address=receivingAddress)
|
||||||
return make_response(jsonify({'status': 'success', 'slates': slates}))
|
return make_response(jsonify({'status': 'success', 'slates': slates}))
|
||||||
|
|
||||||
|
@ -15,3 +15,5 @@ pillow-simd
|
|||||||
Flask-Caching
|
Flask-Caching
|
||||||
flask-sqlalchemy
|
flask-sqlalchemy
|
||||||
sqlalchemy_json
|
sqlalchemy_json
|
||||||
|
secp256k1
|
||||||
|
base58
|
||||||
|
Loading…
Reference in New Issue
Block a user