brave-intl · Sneagan · Jan 4, 2024 · Jan 9, 2024 · Jan 10, 2024 · Jan 10, 2024
@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>brave-intl/renovate-config"
+  ]
+}
@@ -37,6 +37,7 @@ share-0.gpg
 
 fetch-quote.json
 main/main
-zebpay_test.env
-zebpay_stage.pem
 prepare-*response.log
+
+go.work
+go.work.sum
@@ -114,30 +114,30 @@ docker-payments:
 	docker tag bat-go/payments:$(GIT_VERSION)$(BUILD_TIME) bat-go/payments:latest
 
 docker-up-dev:
-	COMMIT=$(GIT_COMMIT) VERSION=$(GIT_VERSION) BUILD_TIME=$(BUILD_TIME) docker-compose \
+	COMMIT=$(GIT_COMMIT) VERSION=$(GIT_VERSION) BUILD_TIME=$(BUILD_TIME) docker compose \
 		-f docker-compose.yml -f docker-compose.dev.yml up -d
 
 docker-up-dev-rep:
-	COMMIT=$(GIT_COMMIT) VERSION=$(GIT_VERSION) BUILD_TIME=$(BUILD_TIME) docker-compose \
+	COMMIT=$(GIT_COMMIT) VERSION=$(GIT_VERSION) BUILD_TIME=$(BUILD_TIME) docker compose \
 		-f docker-compose.yml -f docker-compose.reputation.yml -f docker-compose.dev.yml up -d
 
 docker-test:
-	COMMIT=$(GIT_COMMIT) VERSION=$(GIT_VERSION) BUILD_TIME=$(BUILD_TIME) docker-compose \
+	COMMIT=$(GIT_COMMIT) VERSION=$(GIT_VERSION) BUILD_TIME=$(BUILD_TIME) docker compose \
 		-f docker-compose.yml -f docker-compose.dev.yml up -d vault
 	$(eval VAULT_TOKEN = $(shell docker logs grant-vault 2>&1 | grep "Root Token" | tail -1 | cut -d ' ' -f 3 ))
-	VAULT_TOKEN=$(VAULT_TOKEN) PKG=$(TEST_PKG) RUN=$(TEST_RUN) docker-compose -f docker-compose.yml -f docker-compose.dev.yml run --rm dev make test && cd main && go run main.go generate json-schema
+	VAULT_TOKEN=$(VAULT_TOKEN) PKG=$(TEST_PKG) RUN=$(TEST_RUN) docker compose -f docker-compose.yml -f docker-compose.dev.yml run --rm dev make test && cd main && go run main.go generate json-schema
 
 docker-dev:
 	$(eval VAULT_TOKEN = $(shell docker logs grant-vault 2>&1 | grep "Root Token" | tail -1 | cut -d ' ' -f 3 ))
-	VAULT_TOKEN=$(VAULT_TOKEN) docker-compose -f docker-compose.yml -f docker-compose.dev.yml run --rm -p 3333:3333 dev /bin/bash
+	VAULT_TOKEN=$(VAULT_TOKEN) docker compose -f docker-compose.yml -f docker-compose.dev.yml run --rm -p 3333:3333 dev /bin/bash
 
 docker-refresh-dev:
 	$(eval VAULT_TOKEN = $(shell docker logs grant-vault 2>&1 | grep "Root Token" | tail -1 | cut -d ' ' -f 3 ))
-	VAULT_TOKEN=$(VAULT_TOKEN) docker-compose -f docker-compose.yml -f docker-compose.dev-refresh.yml up -d dev-refresh
+	VAULT_TOKEN=$(VAULT_TOKEN) docker compose -f docker-compose.yml -f docker-compose.dev-refresh.yml up -d dev-refresh
 
 docker-refresh-skus:
 	$(eval VAULT_TOKEN = $(shell docker logs grant-vault 2>&1 | grep "Root Token" | tail -1 | cut -d ' ' -f 3 ))
-	VAULT_TOKEN=$(VAULT_TOKEN) docker-compose -f docker-compose.yml -f docker-compose.skus-refresh.yml up -d skus-refresh
+	VAULT_TOKEN=$(VAULT_TOKEN) docker compose -f docker-compose.yml -f docker-compose.skus-refresh.yml up -d skus-refresh
 
 settlement-tools:
 	$(eval GOOS?=darwin)
@@ -219,7 +219,7 @@ download-mod:
 
 docker-up-ext: ensure-shared-net
 	$(eval VAULT_TOKEN = $(shell docker logs grant-vault 2>&1 | grep "Root Token" | tail -1 | cut -d ' ' -f 3 ))
-	VAULT_TOKEN=$(VAULT_TOKEN) docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.ext.yml run --rm -p 3333:3333 dev /bin/bash
+	VAULT_TOKEN=$(VAULT_TOKEN) docker compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.ext.yml run --rm -p 3333:3333 dev /bin/bash
 
 ensure-gomod-volume:
 	docker volume create batgo_lint_gomod

@@ -56,3 +56,4 @@ services:
       - UPHOLD_ACCESS_TOKEN
       - "RATIOS_SERVICE=https://ratios.rewards.bravesoftware.com"
       - RATIOS_TOKEN
+      - "DAPP_ALLOWED_CORS_ORIGINS=https://my-dapp.com"
@@ -80,6 +80,7 @@ services:
       - TEST_RUN
       - TOKEN_LIST
       - UPHOLD_ACCESS_TOKEN
+      - "DAPP_ALLOWED_CORS_ORIGINS=https://my-dapp.com"
     volumes:
       - ./test/secrets:/etc/kafka/secrets
       - ./migrations:/src/migrations
@@ -172,6 +173,7 @@ services:
       - TEST_RUN
       - TOKEN_LIST
       - UPHOLD_ACCESS_TOKEN
+      - "DAPP_ALLOWED_CORS_ORIGINS=https://my-dapp.com"
     volumes:
       - ./test/secrets:/etc/kafka/secrets
       - ./migrations:/src/migrations

@@ -146,6 +146,8 @@ const (
 	DisableGeminiLinkingCTXKey CTXKey = "disable_gemini_linking"
 	// DisableBitflyerLinkingCTXKey - this informs if bitflyer linking is enabled
 	DisableBitflyerLinkingCTXKey CTXKey = "disable_bitflyer_linking"
+	// DisableSolanaLinkingCTXKey - this informs if solana linking is enabled
+	DisableSolanaLinkingCTXKey CTXKey = "disable_solana_linking"
 
 	// RadomWebhookSecretCTXKey - the webhook secret key for radom integration
 	RadomWebhookSecretCTXKey CTXKey = "radom_webhook_secret"

@@ -103,6 +103,7 @@ type PayoutStatus struct {
 	Gemini     string `json:"gemini" valid:"in(off|processing|complete)"`
 	Bitflyer   string `json:"bitflyer" valid:"in(off|processing|complete)"`
 	Zebpay     string `json:"zebpay" valid:"in(off|processing|complete)"`
+	Solana     string `json:"solana" valid:"in(off|processing|complete)"`
 	Date       string `json:"payoutDate" valid:"-"`
 }
 
@@ -117,7 +118,6 @@ func contains(countries, allowblock []string) bool {
 	for _, ab := range allowblock {
 		for _, country := range countries {
 			if strings.EqualFold(ab, country) {
-				fmt.Println("contains ", ab, country)
 				return true
 			}
 		}
@@ -141,6 +141,7 @@ type Regions struct {
 	Gemini   GeoAllowBlockMap `json:"gemini" valid:"-"`
 	Bitflyer GeoAllowBlockMap `json:"bitflyer" valid:"-"`
 	Zebpay   GeoAllowBlockMap `json:"zebpay" valid:"-"`
+	Solana   GeoAllowBlockMap `json:"solana" valid:"-"`
 }
 
 // HandleErrors - handle any errors in input
@@ -149,12 +150,12 @@ func (cr *Regions) HandleErrors(err error) *handlers.AppError {
 }
 
 // Decode - implement decodable
-func (cr *Regions) Decode(ctx context.Context, input []byte) error {
+func (cr *Regions) Decode(_ context.Context, input []byte) error {
 	return json.Unmarshal(input, cr)
 }
 
 // Validate - implement validatable
-func (cr *Regions) Validate(ctx context.Context) error {
+func (cr *Regions) Validate(_ context.Context) error {
 	isValid, err := govalidator.ValidateStruct(cr)
 	if err != nil {
 		return err

@@ -1,6 +1,12 @@
 package custodian
 
-import "testing"
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
 
 func TestVerdictAllowList(t *testing.T) {
 	gabm := GeoAllowBlockMap{
@@ -27,3 +33,46 @@ func TestVerdictBlockList(t *testing.T) {
 		t.Error("should have been false, US in block list")
 	}
 }
+
+func TestRegions_Decode(t *testing.T) {
+	type tcGiven struct {
+		input []byte
+	}
+
+	type exp struct {
+		allow []string
+		block []string
+	}
+
+	type testCase struct {
+		name  string
+		given tcGiven
+		exp   exp
+	}
+
+	testCases := []testCase{
+		{
+			name: "solana",
+			given: tcGiven{
+				input: []byte(`{"solana":{"allow":["AA"],"block":["AB"]}}`),
+			},
+			exp: exp{
+				allow: []string{"AA"},
+				block: []string{"AB"},
+			},
+		},
+	}
+
+	for i := range testCases {
+		tc := testCases[i]
+
+		t.Run(tc.name, func(t *testing.T) {
+			regions := Regions{}
+			err := regions.Decode(context.Background(), tc.given.input)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.exp.allow, regions.Solana.Allow)
+			assert.Equal(t, tc.exp.block, regions.Solana.Block)
+		})
+	}
+}
@@ -13,8 +13,8 @@ import (
 	appctx "github.com/brave-intl/bat-go/libs/context"
 	"github.com/brave-intl/bat-go/libs/logging"
 	"github.com/brave-intl/bat-go/libs/metrics"
-	sentry "github.com/getsentry/sentry-go"
-	migrate "github.com/golang-migrate/migrate/v4"
+	"github.com/getsentry/sentry-go"
+	"github.com/golang-migrate/migrate/v4"
 	"github.com/golang-migrate/migrate/v4/database/postgres"
 	"github.com/jmoiron/sqlx"
 	"github.com/prometheus/client_golang/prometheus"
@@ -41,7 +41,7 @@ var (
 	}
 	dbs = map[string]*sqlx.DB{}
 	// CurrentMigrationVersion holds the default migration version
-	CurrentMigrationVersion = uint(63)
+	CurrentMigrationVersion = uint(66)
 	// MigrationTracks holds the migration version for a given track (eyeshade, promotion, wallet)
 	MigrationTracks = map[string]uint{
 		"eyeshade": 20,

@@ -25,16 +25,17 @@ type AppError struct {
 }
 
 // Error makes app error an error
-func (e AppError) Error() string {
-	msg := fmt.Sprintf("error: %s", e.Message)
+func (e *AppError) Error() string {
+	msg := "error: " + e.Message
 	if e.Cause != nil {
-		msg = fmt.Sprintf("%s: %s", msg, e.Cause)
+		msg = msg + ": " + e.Cause.Error()
 	}
+
 	return msg
 }
 
 // ServeHTTP responds according to the passed AppError
-func (e AppError) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+func (e *AppError) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("content-type", "application/json")
 	w.WriteHeader(e.Code)
 	if err := json.NewEncoder(w).Encode(e); err != nil {
@@ -100,18 +101,6 @@ func WrapValidationError(err error) *AppError {
 	return ValidationError("request body", govalidator.ErrorsByField(err))
 }
 
-// CodedValidationError creates an error to communicate a bad request was formed
-func CodedValidationError(message string, errorCode string, validationErrors interface{}) *AppError {
-	return &AppError{
-		Message:   "Error validating " + message,
-		ErrorCode: errorCode,
-		Code:      http.StatusBadRequest,
-		Data: map[string]interface{}{
-			"validationErrors": validationErrors,
-		},
-	}
-}
-
 // ValidationError creates an error to communicate a bad request was formed
 func ValidationError(message string, validationErrors interface{}) *AppError {
 	return &AppError{

@@ -65,7 +65,7 @@ func VerifyHTTPSignedOnly(verifier httpsignature.ParameterizedKeystoreVerifier)
 
 			if len(r.Header.Get("Signature")) == 0 {
 				logger.Warn().Msg("signature must be present for signed middleware")
-				ae := handlers.AppError{
+				ae := &handlers.AppError{
 					Cause:   errMissingSignature,
 					Message: "signature must be present for signed middleware",
 					Code:    http.StatusUnauthorized,
@@ -78,7 +78,7 @@ func VerifyHTTPSignedOnly(verifier httpsignature.ParameterizedKeystoreVerifier)
 
 			if err != nil {
 				logger.Error().Err(err).Msg("failed to verify request")
-				ae := handlers.AppError{
+				ae := &handlers.AppError{
 					Cause:   errInvalidSignature,
 					Message: "request signature verification failure",
 					Code:    http.StatusForbidden,
@@ -87,6 +87,43 @@ func VerifyHTTPSignedOnly(verifier httpsignature.ParameterizedKeystoreVerifier)
 				return
 			}
 
+			if contains.Str(verifier.SignatureParams.Headers, "date") {
+				// Date: Wed, 21 Oct 2015 07:28:00 GMT
+				dateStr := r.Header.Get("date")
+				date, err := time.Parse(time.RFC1123, dateStr)
+				if err != nil {
+					logger.Error().Err(err).Msg("failed to parse the date header")
+					ae := &handlers.AppError{
+						Cause:   errInvalidHeader,
+						Message: "Invalid date header",
+						Code:    http.StatusBadRequest,
+					}
+					ae.ServeHTTP(w, r)
+					return
+				}
+
+				if time.Now().Add(10 * time.Minute).Before(date) {
+					logger.Error().Err(err).Msg("date is invalid")
+					ae := &handlers.AppError{
+						Cause:   errInvalidHeader,
+						Message: "date is invalid",
+						Code:    http.StatusTooEarly,
+					}
+					ae.ServeHTTP(w, r)
+					return
+				}
+				if time.Now().Add(-10 * time.Minute).After(date) {
+					logger.Error().Err(err).Msg("date is invalid")
+					ae := &handlers.AppError{
+						Cause:   errInvalidHeader,
+						Message: "date is invalid",
+						Code:    http.StatusRequestTimeout,
+					}
+					ae.ServeHTTP(w, r)
+					return
+				}
+			}
+
 			ctx = context.WithValue(ctx, httpSignedKeyID{}, keyID)
 			next.ServeHTTP(w, r.WithContext(ctx))
 		})

@@ -47,6 +47,7 @@ func IPRateLimiterWithStore(
 			// override for OPTIONS request methods, as sometimes many cors requests happen quickly??
 			if r.Method == http.MethodOptions {
 				next.ServeHTTP(w, r)
+				return
 			}
 
 			if !isSimpleTokenInContext(r.Context()) {