RanchiMall/exchangemarket
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'sairajzero:main' into main

Browse Source
This commit is contained in:
Sai Raj 2022-01-20 05:39:41 +05:30 committed by GitHub
commit e1830c3130
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 336 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
args/schema.sql
View File

@ -8,10 +8,11 @@ PRIMARY KEY(floID)
);
CREATE TABLE Sessions (
id INT NOT NULL AUTO_INCREMENT,
floID CHAR(34) NOT NULL,
proxyKey CHAR(66) NOT NULL,
session_id VARCHAR(100) UNIQUE,
session_time DATETIME DEFAULT CURRENT_TIMESTAMP,
KEY (id),
PRIMARY KEY(floID),
FOREIGN KEY (floID) REFERENCES Users(floID)
);
@ -129,8 +130,7 @@ tag VARCHAR(50) NOT NULL,
sellPriority INT,
buyPriority INT,
api TINYTEXT,
PRIMARY KEY(tag),
KEY (id)
PRIMARY KEY(tag)
);
CREATE TABLE Tags (
@ -184,6 +184,13 @@ timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY(t_name, id)
);
CREATE TRIGGER Sessions_I AFTER INSERT ON Sessions
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Sessions', NEW.id) ON DUPLICATE KEY UPDATE mode=TRUE, timestamp=DEFAULT;
CREATE TRIGGER Sessions_U AFTER UPDATE ON Sessions
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Sessions', NEW.id) ON DUPLICATE KEY UPDATE mode=TRUE, timestamp=DEFAULT;
CREATE TRIGGER Sessions_D AFTER DELETE ON Sessions
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Sessions', OLD.id) ON DUPLICATE KEY UPDATE mode=NULL, timestamp=DEFAULT;
CREATE TRIGGER Cash_I AFTER INSERT ON Cash
FOR EACH ROW INSERT INTO _backup (t_name, id) VALUES ('Cash', NEW.id) ON DUPLICATE KEY UPDATE mode=TRUE, timestamp=DEFAULT;
CREATE TRIGGER Cash_U AFTER UPDATE ON Cash

196
public/fn.js
View File

@ -1,4 +1,24 @@
//console.log(document.cookie.toString());
var nodeList, nodeURL, nodeKBucket; //Container for (backup) node list
function exchangeAPI(api, options) {
return new Promise((resolve, reject) => {
let curPos = exchangeAPI.curPos || 0;
if (curPos >= nodeList.length)
return resolve('No Nodes online');
let url = nodeURL[nodeList[curPos]];
(options ? fetch(url + api, options) : fetch(url + api))
.then(result => resolve(result)).catch(error => {
console.debug(error);
console.warn(nodeList[curPos], 'is offline');
//try next node
exchangeAPI.curPos = curPos + 1;
exchangeAPI(api, options)
.then(result => resolve(result))
.catch(error => reject(error))
});
})
}
const tokenAPI = {
fetch_api: function(apicall) {
@ -74,10 +94,25 @@ function responseParse(response, json_ = true) {
});
}
function getAccount() {
function getAccount(floID, proxySecret) {
return new Promise((resolve, reject) => {
fetch('/account')
.then(result => responseParse(result)
let request = {
floID: floID,
timestamp: Date.now()
};
request.sign = signRequest({
type: "get_account",
timestamp: data.timestamp
}, proxySecret);
console.debug(request);
exchangeAPI('/account', {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
}).then(result => responseParse(result)
.then(result => resolve(result))
.catch(error => reject(error)))
.catch(error => reject(error));
@ -86,7 +121,7 @@ function getAccount() {
function getBuyList() {
return new Promise((resolve, reject) => {
fetch('/list-buyorders')
exchangeAPI('/list-buyorders')
.then(result => responseParse(result)
.then(result => resolve(result))
.catch(error => reject(error)))
@ -96,7 +131,7 @@ function getBuyList() {
function getSellList() {
return new Promise((resolve, reject) => {
fetch('/list-sellorders')
exchangeAPI('/list-sellorders')
.then(result => responseParse(result)
.then(result => resolve(result))
.catch(error => reject(error)))
@ -106,7 +141,7 @@ function getSellList() {
function getTransactionList() {
return new Promise((resolve, reject) => {
fetch('/list-transactions')
exchangeAPI('/list-transactions')
.then(result => responseParse(result)
.then(result => resolve(result))
.catch(error => reject(error)))
@ -116,7 +151,7 @@ function getTransactionList() {
function getRate() {
return new Promise((resolve, reject) => {
fetch('/get-rate')
exchangeAPI('/get-rate')
.then(result => responseParse(result, false)
.then(result => resolve(result))
.catch(error => reject(error)))
@ -131,21 +166,35 @@ function signRequest(request, privKey) {
return floCrypto.signData(req_str, privKey);
}
function signUp(privKey, sid) {
function getLoginCode() {
return new Promise((resolve, reject) => {
exchangeAPI('/list-buyorders')
.then(result => responseParse(result)
.then(result => resolve(result))
.catch(error => reject(error)))
.catch(error => reject(error));
})
}
function signUp(privKey, code, hash) {
return new Promise((resolve, reject) => {
if (!code || !hash)
return reject("Login Code missing")
let request = {
pubKey: floCrypto.getPubKeyHex(privKey),
floID: floCrypto.getFloID(privKey),
code: code,
hash: hash,
timestamp: Date.now()
};
request.sign = signRequest({
type: "create_account",
random: sid,
random: code,
timestamp: request.timestamp
}, privKey);
console.debug(request);
fetch("/signup", {
exchangeAPI("/signup", {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -158,25 +207,28 @@ function signUp(privKey, sid) {
});
}
function login(privKey, proxyKey, sid, rememberMe = false) {
function login(privKey, proxyKey, code, hash) {
return new Promise((resolve, reject) => {
if (!code || !hash)
return reject("Login Code missing")
let request = {
proxyKey: proxyKey,
floID: floCrypto.getFloID(privKey),
timestamp: Date.now(),
saveSession: rememberMe
code: code,
hash: hash
};
if (!privKey || !request.floID)
return reject("Invalid Private key");
request.sign = signRequest({
type: "login",
random: sid,
proxyKey: request.proxyKey,
random: code,
proxyKey: proxyKey,
timestamp: request.timestamp
}, privKey);
console.debug(request);
fetch("/login", {
exchangeAPI("/login", {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -189,23 +241,39 @@ function login(privKey, proxyKey, sid, rememberMe = false) {
})
}
function logout() {
function logout(floID, proxySecret) {
return new Promise((resolve, reject) => {
fetch("/logout")
.then(result => responseParse(result, false)
let request = {
floID: floID,
timestamp: Date.now()
};
request.sign = signRequest({
type: "logout",
timestamp: data.timestamp
}, proxySecret);
console.debug(request);
exchangeAPI("/logout", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
}).then(result => responseParse(result, false)
.then(result => resolve(result))
.catch(error => reject(error)))
.catch(error => reject(error))
})
}
function buy(quantity, max_price, proxySecret) {
function buy(quantity, max_price, floID, proxySecret) {
return new Promise((resolve, reject) => {
if (typeof quantity !== "number" || quantity <= 0)
return reject(`Invalid quantity (${quantity})`);
else if (typeof max_price !== "number" || max_price <= 0)
return reject(`Invalid max_price (${max_price})`);
let request = {
floID: floID,
quantity: quantity,
max_price: max_price,
timestamp: Date.now()
@ -218,7 +286,7 @@ function buy(quantity, max_price, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/buy', {
exchangeAPI('/buy', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -232,13 +300,14 @@ function buy(quantity, max_price, proxySecret) {
}
function sell(quantity, min_price, proxySecret) {
function sell(quantity, min_price, floID, proxySecret) {
return new Promise((resolve, reject) => {
if (typeof quantity !== "number" || quantity <= 0)
return reject(`Invalid quantity (${quantity})`);
else if (typeof min_price !== "number" || min_price <= 0)
return reject(`Invalid min_price (${min_price})`);
let request = {
floID: floID,
quantity: quantity,
min_price: min_price,
timestamp: Date.now()
@ -251,7 +320,7 @@ function sell(quantity, min_price, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/sell', {
exchangeAPI('/sell', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -265,11 +334,12 @@ function sell(quantity, min_price, proxySecret) {
}
function cancelOrder(type, id, proxySecret) {
function cancelOrder(type, id, floID, proxySecret) {
return new Promise((resolve, reject) => {
if (type !== "buy" && type !== "sell")
return reject(`Invalid type (${type}): type should be sell (or) buy`);
let request = {
floID: floID,
orderType: type,
orderID: id,
timestamp: Date.now()
@ -282,7 +352,7 @@ function cancelOrder(type, id, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/cancel', {
exchangeAPI('/cancel', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -295,12 +365,13 @@ function cancelOrder(type, id, proxySecret) {
})
}
function depositFLO(quantity, userID, privKey, proxySecret) {
function depositFLO(quantity, floID, privKey, proxySecret) {
return new Promise((resolve, reject) => {
if (typeof quantity !== "number" || quantity <= floGlobals.fee)
return reject(`Invalid quantity (${quantity})`);
floBlockchainAPI.sendTx(userID, floGlobals.adminID, quantity, privKey, 'Deposit FLO in market').then(txid => {
floBlockchainAPI.sendTx(floID, floGlobals.adminID, quantity, privKey, 'Deposit FLO in market').then(txid => {
let request = {
floID: floID,
txid: txid,
timestamp: Date.now()
};
@ -311,7 +382,7 @@ function depositFLO(quantity, userID, privKey, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/deposit-flo', {
exchangeAPI('/deposit-flo', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -325,9 +396,10 @@ function depositFLO(quantity, userID, privKey, proxySecret) {
})
}
function withdrawFLO(quantity, proxySecret) {
function withdrawFLO(quantity, floID, proxySecret) {
return new Promise((resolve, reject) => {
let request = {
floID: floID,
amount: quantity,
timestamp: Date.now()
};
@ -338,7 +410,7 @@ function withdrawFLO(quantity, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/withdraw-flo', {
exchangeAPI('/withdraw-flo', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -351,12 +423,13 @@ function withdrawFLO(quantity, proxySecret) {
})
}
function depositRupee(quantity, userID, privKey, proxySecret) {
function depositRupee(quantity, floID, privKey, proxySecret) {
return new Promise((resolve, reject) => {
if (!floCrypto.verifyPrivKey(privKey, userID))
if (!floCrypto.verifyPrivKey(privKey, floID))
return reject("Invalid Private Key");
tokenAPI.sendToken(privKey, quantity, 'Deposit Rupee in market').then(txid => {
let request = {
floID: floID,
txid: txid,
timestamp: Date.now()
};
@ -367,7 +440,7 @@ function depositRupee(quantity, userID, privKey, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/deposit-rupee', {
exchangeAPI('/deposit-rupee', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -381,9 +454,10 @@ function depositRupee(quantity, userID, privKey, proxySecret) {
})
}
function withdrawRupee(quantity, proxySecret) {
function withdrawRupee(quantity, floID, proxySecret) {
return new Promise((resolve, reject) => {
let request = {
floID: floID,
amount: quantity,
timestamp: Date.now()
};
@ -394,7 +468,7 @@ function withdrawRupee(quantity, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/withdraw-rupee', {
exchangeAPI('/withdraw-rupee', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -407,10 +481,11 @@ function withdrawRupee(quantity, proxySecret) {
})
}
function addUserTag(floID, tag, proxySecret) {
function addUserTag(tag_user, tag, floID, proxySecret) {
return new Promise((resolve, reject) => {
let request = {
user: floID,
floID: floID,
user: tag_user,
tag: tag,
timestamp: Date.now()
};
@ -422,7 +497,7 @@ function addUserTag(floID, tag, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/add-tag', {
exchangeAPI('/add-tag', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -435,10 +510,11 @@ function addUserTag(floID, tag, proxySecret) {
})
}
function removeUserTag(floID, tag, proxySecret) {
function removeUserTag(tag_user, tag, floID, proxySecret) {
return new Promise((resolve, reject) => {
let request = {
user: floID,
floID: floID,
user: tag_user,
tag: tag,
timestamp: Date.now()
};
@ -450,7 +526,7 @@ function removeUserTag(floID, tag, proxySecret) {
}, proxySecret);
console.debug(request);
fetch('/remove-tag', {
exchangeAPI('/remove-tag', {
method: "POST",
headers: {
'Content-Type': 'application/json'
@ -461,4 +537,44 @@ function removeUserTag(floID, tag, proxySecret) {
.catch(error => reject(error)))
.catch(error => reject(error))
})
}
function refreshDataFromBlockchain() {
return new Promise((resolve, reject) => {
let nodes, lastTx;
try {
nodes = JSON.parse(localStorage.getItems('exhange-nodes'));
if (typeof nodes !== 'object')
throw Error('nodes must be an object')
else
lastTx = parseInt(localStorage.getItem('exchange-lastTx')) || 0;
} catch (error) {
nodes = {};
lastTx = 0;
}
floBlockchainAPI.readData(floGlobals.adminID, {
ignoreOld: lastTx,
sentOnly: true,
pattern: floGlobals.application
}).then(result => {
result.data.reverse().forEach(data => {
var content = JSON.parse(data)[floGlobals.application];
//Node List
if (content.Nodes) {
if (content.Nodes.remove)
for (let n of content.Nodes.remove)
delete nodes[n];
if (content.Nodes.add)
for (let n in content.Nodes.add)
nodes[n] = content.Nodes.add[n];
}
});
localStorage.setItem('exhange-lastTx', result.totalTxs);
localStorage.setItem('exhange-nodes', JSON.stringify(nodes));
nodeURL = nodes;
nodeKBucket = new K_Bucket(floGlobals.adminID, Object.keys(nodeURL));
nodeList = nodeKBucket.order;
resolve(nodes);
}).catch(error => reject(error));
})
}

95
public/home.html
View File

@ -96,7 +96,8 @@
Remember me
</span>
</sm-checkbox>
<input type="text" id="sign_in_id" style="display: none;" hidden />
<input type="text" id="sign_in_code" style="display: none;" hidden />
<input type="text" id="sign_in_hash" style="display: none;" hidden />
<div id="login_button_wrapper" class="stateful-button-wrapper">
<sm-button variant="primary" onclick="UI_evt.login();">Log in</sm-button>
</div>
@ -854,7 +855,7 @@
let pageId
let params
if (targetPage === '') {
if (typeof myFloID === "undefined") {
if (typeof proxy.userID === "undefined") {
pageId = 'landing'
} else {
pageId = 'home'
@ -1206,13 +1207,13 @@
const quantity = parseFloat(getRef('get_user_amount').value)
try {
showProcess('wallet_popup__cta_wrapper')
const proxySecret = await proxy.secret
const proxySecret = await proxy.secret;
if (type === 'deposit') {
const privKey = getRef('get_private_key').value;
if (asset === 'FLO') {
await depositFLO(quantity, userID, privKey, proxySecret)
await depositFLO(quantity, proxy.userID, privKey, proxySecret)
} else {
await depositRupee(quantity, userID, privKey, proxySecret)
await depositRupee(quantity, proxy.userID, privKey, proxySecret)
}
showWalletResult('success', `Sent ${asset} deposit request`, 'This may take upto 30 mins to reflect in your wallet.')
} else {
@ -1451,10 +1452,10 @@
transactions.forEach(transaction => {
const { quantity, unitValue, tx_time, buyer, seller } = transaction
let type, other;
if (seller === userID) {
if (seller === proxy.userID) {
type = 'Sold';
other = buyer === userID ? 'MySelf' : buyer;
} else if (buyer === userID) {
other = buyer === proxy.userID ? 'MySelf' : buyer;
} else if (buyer === proxy.userID) {
type = 'Bought';
other = seller;
} else
@ -1551,9 +1552,9 @@
</script>
<script>
let userID; //container for user ID and proxy private-key
//container for user ID and proxy private-key
const proxy = {
user: null,
private: null,
public: null,
async lock() {
@ -1576,9 +1577,23 @@
},
clear() {
localStorage.removeItem("proxy_secret");
localStorage.removeItem("user_ID");
this.user = null;
this.private = null;
this.public = null;
},
set userID(id){
localStorage.setItem("user_ID", id);
this.user = id;
},
get userID(){
if(this.user)
return this.user;
else{
let id = localStorage.getItem('user_ID');
return id ? this.user = id : undefined;
}
},
set secret(key) {
localStorage.setItem("proxy_secret", key);
this.private = key;
@ -1636,13 +1651,24 @@
}
function refresh(init = false) {
if (init)
if (init){
console.info("init");
else
if(!proxy.userID){
getRef('home').classList.remove('signed-in');
getLoginCode().then(response => {
getRef("login_form").classList.remove('hide-completely');
document.querySelectorAll(".user-content").forEach(elem => elem.classList.add('hide-completely'))
getRef('sign_in_code').value = response.code;
getRef('sign_in_hash').value = response.hash;
proxy.clear();
}).catch(error => console.error(error))
}
} else
console.info("refresh");
updateRate()
renderMarketOrders()
account();
updateRate();
renderMarketOrders();
if(proxy.userID)
account();
}
function showBalance(type, availableBalance = 0, lockedBalance = 0) {
@ -1662,7 +1688,7 @@
let accountDetails = {}
function account() {
getAccount().then(acc => {
getAccount(proxy.userID, await proxy.secret).then(acc => {
getRef("login_form").classList.add('hide-completely')
getRef('home').classList.add('signed-in')
accountDetails = acc
@ -1671,7 +1697,6 @@
document.querySelectorAll(".user-content").forEach(elem => elem.classList.remove('hide-completely'))
getRef('trade_form').classList.remove('hide-completely')
getRef("user_id").value = acc.floID;
userID = acc.floID;
//FLO Balance
let flo_total = acc.coins.reduce((a, x) => a + x.quantity, 0);
let flo_locked = acc.sellOrders.reduce((a, x) => a + x.quantity, 0);
@ -1690,28 +1715,17 @@
//My orders
renderUserOrders();
proxy.secret.then(_ => null).catch(_ => null);
}).catch(error => {
getRef('home').classList.remove('signed-in')
if (error instanceof ResponseError) {
let response = JSON.parse(error.data)
console.log(error);
console.log(response);
getRef("login_form").classList.remove('hide-completely')
document.querySelectorAll(".user-content").forEach(elem => elem.classList.add('hide-completely'))
getRef('sign_in_id').value = response.sid;
proxy.clear();
} else
console.error(error);
})
}).catch(error => console.error(error))
};
const UI_evt = {
signup(privKey) {
let sid = getRef('sign_in_id').value;
let code = getRef('sign_in_code').value,
hash = getRef('sign_in_hash').value;
if (!privKey)
privKey = getRef('get_registration_key').value.trim()
if (privKey !== '') {
signUp(privKey, sid).then(result => {
signUp(privKey, code, hash).then(result => {
console.info(result);
notify("Account registered!", 'success')
hidePopup()
@ -1722,9 +1736,9 @@
},
logout() {
getConfirmation('Log out?', { cancelText: 'Stay', confirmText: 'Log out' }).then(res => {
getConfirmation('Log out?', { cancelText: 'Stay', confirmText: 'Log out' }).then(async res => {
if (res) {
logout().then(result => {
logout(proxy.userID, await proxy.secret).then(result => {
console.warn(result);
proxy.clear();
location.reload();
@ -1736,12 +1750,16 @@
login() {
showProcess('login_button_wrapper')
let privKey = getRef('login_form__priv_key').value;
let sid = getRef('sign_in_id').value;
let code = getRef('sign_in_code').value,
hash = getRef('sign_in_hash').value;
let rememberMe = getRef('remember_me').checked;
let tmpKey = floCrypto.generateNewID();
login(privKey, tmpKey.pubKey, sid, rememberMe).then(result => {
login(privKey, tmpKey.pubKey, code, hash).then(result => {
console.log(result);
proxy.secret = tmpKey.privKey;
proxy.userID = floCrypto.getFloID(privKey);
getRef('sign_in_code').value = null;
getRef('sign_in_hash').value = null;
account();
}).catch(error => notify(error.data, 'error'))
.finally(() => {
@ -1757,7 +1775,10 @@
}
window.addEventListener('load', e => {
refresh(true);
refreshDataFromBlockchain().then(nodes => {
console.log(nodes);
refresh(true);
}).catch(error => reject(error))
})
</script>
</body>

20
src/app.js
View File

@ -1,9 +1,8 @@
'use strict';
const express = require('express');
const cookieParser = require("cookie-parser");
const sessions = require('express-session');
//const cookieParser = require("cookie-parser");
//const sessions = require('express-session');
const Request = require('./request');
const WebSocket = require('ws');
const REFRESH_INTERVAL = 5 * 1000; //10 * 60 * 1000;
@ -12,16 +11,15 @@ module.exports = function App(secret, DB) {
if (!(this instanceof App))
return new App(secret, DB);
var server = null,
wss = null;
var server = null;
const app = express();
//session middleware
app.use(sessions({
/*app.use(sessions({
secret: secret,
saveUninitialized: true,
resave: false,
name: "session"
}));
}));*/
// parsing the incoming data
app.use(express.json());
app.use(express.urlencoded({
@ -30,12 +28,17 @@ module.exports = function App(secret, DB) {
//serving public file
app.use(express.static(PUBLIC_DIR));
// cookie parser middleware
app.use(cookieParser());
//app.use(cookieParser());
/* Decentralising - Users will load from user-end files and request via APIs only
//Initital page loading
app.get('/', (req, res) => res.sendFile('home.html', {
root: PUBLIC_DIR
}));
*/
//get code for login or signup
app.get('/get-login-code', Request.getLoginCode);
//signup request
app.post('/signup', Request.SignUp);
@ -76,6 +79,7 @@ module.exports = function App(secret, DB) {
app.post('/remove-tag', Request.removeUserTag);
Request.DB = DB;
Request.secret = secret;
//Properties
var periodInstance = null;

222
src/request.js
View File

@ -1,7 +1,7 @@
'use strict';
const market = require("./market");
var DB, trustedIDs; //container for database
var DB, trustedIDs, secret; //container for database
global.INVALID = function(message) {
if (!(this instanceof INVALID))
@ -28,9 +28,13 @@ function validateRequestFromFloID(request, sign, floID, proxy = true) {
return new Promise((resolve, reject) => {
if (!serving)
return reject(INVALID(INVALID_SERVER_MSG));
DB.query("SELECT " + (proxy ? "proxyKey AS pubKey FROM Sessions" : "pubKey FROM Users") + " WHERE floID=?", [floID]).then(result => {
else if (!floCrypto.validateAddr(floID))
return res.status(INVALID.e_code).send("Invalid floID");
DB.query("SELECT " + (proxy ? "session_time, proxyKey AS pubKey FROM Sessions" : "pubKey FROM Users") + " WHERE floID=?", [floID]).then(result => {
if (result.length < 1)
return reject(INVALID(proxy ? "Session not active" : "User not registered"));
if (proxy && result[0].session_time + maxSessionTimeout < Date.now())
return res.status(INVALID.e_code).send("Session Expired! Re-login required");
let req_str = validateRequest(request, sign, result[0].pubKey);
req_str instanceof INVALID ? reject(req_str) : resolve(req_str);
}).catch(error => reject(error));
@ -57,18 +61,26 @@ function storeRequest(floID, req_str, sign) {
.then(_ => null).catch(error => console.error(error));
}
function getLoginCode(req, res) {
let randID = floCrypto.randString(8, true) + Math.round(Date.now() / 1000);
let hash = Crypto.SHA1(randID + secret);
res.status(INVALID.e_code).send({
code: randID,
hash: hash
});
}
function SignUp(req, res) {
if (!serving)
return res.status(INVALID.e_code).send(INVALID_SERVER_MSG);
let data = req.body,
session = req.session;
let data = req.body;
if (floCrypto.getFloID(data.pubKey) !== data.floID)
return res.status(INVALID.e_code).send("Invalid Public Key");
if (!session.random)
return res.status(INVALID.e_code).send("Invalid Session");
if (!data.code || data.hash != Crypto.SHA1(data.code + secret))
return res.status(INVALID.e_code).send("Invalid Code");
let req_str = validateRequest({
type: "create_account",
random: session.random,
random: data.code,
timestamp: data.timestamp
}, data.sign, data.pubKey);
if (req_str instanceof INVALID)
@ -90,22 +102,18 @@ function SignUp(req, res) {
}
function Login(req, res) {
let data = req.body,
session = req.session;
if (!session.random)
return res.status(INVALID.e_code).send("Invalid Session");
let data = req.body;
if (!data.code || data.hash != Crypto.SHA1(data.code + secret))
return res.status(INVALID.e_code).send("Invalid Code");
validateRequestFromFloID({
type: "login",
random: session.random,
random: data.code,
proxyKey: data.proxyKey,
timestamp: data.timestamp
}, data.sign, data.floID, false).then(req_str => {
DB.query("INSERT INTO Sessions (floID, session_id, proxyKey) VALUES (?, ?, ?) " +
"ON DUPLICATE KEY UPDATE session_id=?, session_time=DEFAULT, proxyKey=?",
[data.floID, req.sessionID, data.proxyKey, req.sessionID, data.proxyKey]).then(_ => {
if (data.saveSession)
session.cookie.maxAge = maxSessionTimeout;
session.user_id = data.floID;
DB.query("INSERT INTO Sessions (floID, proxyKey) VALUES (?, ?, ?) " +
"ON DUPLICATE KEY UPDATE session_time=DEFAULT, proxyKey=?",
[data.floID, data.code, data.proxyKey, data.code, data.proxyKey]).then(_ => {
storeRequest(data.floID, req_str, data.sign);
res.send("Login Successful");
}).catch(error => {
@ -123,32 +131,38 @@ function Login(req, res) {
}
function Logout(req, res) {
let session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("No logged in user found in this session");
DB.query("DELETE FROM Sessions WHERE floID=?", [session.user_id]).then(_ => {
session.destroy();
res.send('Logout successful');
validateRequestFromFloID({
type: "logout",
timestamp: data.timestamp
}, data.sign, data.floID).then(req_str => {
DB.query("DELETE FROM Sessions WHERE floID=?", [data.floID]).then(_ => {
storeRequest(data.floID, req_str, data.sign);
res.send('Logout successful');
}).catch(error => {
console.error(error);
res.status(INTERNAL.e_code).send("Logout failed! Try again later! Contact support if this error occurs frequently");
});
}).catch(error => {
console.error(error);
res.status(INTERNAL.e_code).send("Logout failed! Try again later! Contact support if this error occurs frequently");
if (error instanceof INVALID)
res.status(INVALID.e_code).send(error.message);
else {
console.error(error);
res.status(INTERNAL.e_code).send("Request processing failed! Try again later!");
}
});
}
function PlaceSellOrder(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "sell_order",
quantity: data.quantity,
min_price: data.min_price,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.addSellOrder(session.user_id, data.quantity, data.min_price)
}, data.sign, data.floID).then(req_str => {
market.addSellOrder(data.floID, data.quantity, data.min_price)
.then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send('Sell Order placed successfully');
}).catch(error => {
if (error instanceof INVALID)
@ -169,19 +183,16 @@ function PlaceSellOrder(req, res) {
}
function PlaceBuyOrder(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "buy_order",
quantity: data.quantity,
max_price: data.max_price,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.addBuyOrder(session.user_id, data.quantity, data.max_price)
}, data.sign, data.floID).then(req_str => {
market.addBuyOrder(data.floID, data.quantity, data.max_price)
.then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send('Buy Order placed successfully');
}).catch(error => {
if (error instanceof INVALID)
@ -202,19 +213,16 @@ function PlaceBuyOrder(req, res) {
}
function CancelOrder(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "cancel_order",
order: data.orderType,
id: data.orderID,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.cancelOrder(data.orderType, data.orderID, session.user_id)
}, data.sign, data.floID).then(req_str => {
market.cancelOrder(data.orderType, data.orderID, data.floID)
.then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -263,54 +271,35 @@ function getRate(req, res) {
}
function Account(req, res) {
if (!serving)
return res.status(INVALID.e_code).send(INVALID_SERVER_MSG);
const setLogin = function(message) {
let randID = floCrypto.randString(16, true);
req.session.random = randID;
res.status(INVALID.e_code).send({
message,
sid: randID
let data = req.body;
validateRequestFromFloID({
type: "get_account",
timestamp: data.timestamp
}, data.sign, data.floID).then(req_str => {
market.getAccountDetails(data.floID).then(result => {
if (trustedIDs.includes(data.floID))
result.subAdmin = true;
res.send(result);
});
}
if (!req.session.user_id)
setLogin("Login required");
else {
DB.query("SELECT session_id, session_time FROM Sessions WHERE floID=?", [req.session.user_id]).then(result => {
if (result.length < 1) {
res.status(INVALID.e_code).send("floID not registered");
return;
}
let {
session_id,
session_time
} = result.pop();
if (!session_id || session_id != req.sessionID || session_time + maxSessionTimeout < Date.now())
setLogin("Session Expired! Re-login required");
else {
let floID = req.session.user_id;
market.getAccountDetails(floID).then(result => {
if (trustedIDs.includes(floID))
result.subAdmin = true;
res.send(result)
});
}
}).catch(_ => res.status(INTERNAL.e_code).send("Try again later!"));
}
}).catch(error => {
if (error instanceof INVALID)
res.status(INVALID.e_code).send(error.message);
else {
console.error(error);
res.status(INTERNAL.e_code).send("Request processing failed! Try again later!");
}
});
}
function DepositFLO(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "deposit_FLO",
txid: data.txid,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.depositFLO(session.user_id, data.txid).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.depositFLO(data.floID, data.txid).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -331,17 +320,14 @@ function DepositFLO(req, res) {
}
function WithdrawFLO(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "withdraw_FLO",
amount: data.amount,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.withdrawFLO(session.user_id, data.amount).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.withdrawFLO(data.floID, data.amount).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -362,17 +348,14 @@ function WithdrawFLO(req, res) {
}
function DepositRupee(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "deposit_Rupee",
txid: data.txid,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.depositRupee(session.user_id, data.txid).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.depositRupee(data.floID, data.txid).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -393,17 +376,14 @@ function DepositRupee(req, res) {
}
function WithdrawRupee(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
let data = req.body;
validateRequestFromFloID({
type: "withdraw_Rupee",
amount: data.amount,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
market.withdrawRupee(session.user_id, data.amount).then(result => {
storeRequest(session.user_id, req_str, data.sign);
}, data.sign, data.floID).then(req_str => {
market.withdrawRupee(data.floID, data.amount).then(result => {
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -424,20 +404,17 @@ function WithdrawRupee(req, res) {
}
function addUserTag(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
else if (!trustedIDs.includes(session.user_id))
let data = req.body;
if (!trustedIDs.includes(data.floID))
return res.status(INVALID.e_code).send("Access Denied");
validateRequestFromFloID({
command: "add_Tag",
user: data.user,
tag: data.tag,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
}, data.sign, data.floID).then(req_str => {
market.group.addTag(data.user, data.tag).then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -458,11 +435,8 @@ function addUserTag(req, res) {
}
function removeUserTag(req, res) {
let data = req.body,
session = req.session;
if (!session.user_id)
return res.status(INVALID.e_code).send("Login required");
else if (!trustedIDs.includes(session.user_id))
let data = req.body;
if (!trustedIDs.includes(data.floID))
return res.status(INVALID.e_code).send("Access Denied");
else
validateRequestFromFloID({
@ -470,9 +444,9 @@ function removeUserTag(req, res) {
user: data.user,
tag: data.tag,
timestamp: data.timestamp
}, data.sign, session.user_id).then(req_str => {
}, data.sign, data.floID).then(req_str => {
market.group.removeTag(data.user, data.tag).then(result => {
storeRequest(session.user_id, req_str, data.sign);
storeRequest(data.floID, req_str, data.sign);
res.send(result);
}).catch(error => {
if (error instanceof INVALID)
@ -493,6 +467,7 @@ function removeUserTag(req, res) {
}
module.exports = {
getLoginCode,
SignUp,
Login,
Logout,
@ -518,6 +493,9 @@ module.exports = {
DB = db;
market.DB = db;
},
set secret(s) {
secret = s;
},
pause() {
serving = false;
},