migrate dashboard

brave-intl · Apr 24, 2024 · 564ee35 · 564ee35
1 parent afbd4e7
commit 564ee35
Show file tree

Hide file tree

Showing 49 changed files with 3,217 additions and 12,179 deletions.
diff --git a/app/controllers/api/nextv1/channels_controller.rb b/app/controllers/api/nextv1/channels_controller.rb
@@ -0,0 +1,27 @@
+class Api::Nextv1::ChannelsController < Api::Nextv1::BaseController
+  include ChannelsHelper
+
+  before_action :authenticate_publisher!
+
+  before_action :setup_current_channel
+
+  attr_reader :current_channel
+
+  def destroy
+    success = DeletePublisherChannelJob.perform_now(current_channel.id)
+
+    if success
+      head :no_content
+    else
+      render(json: {errors: current_channel.errors}, status: 400)
+    end
+  end
+
+  private
+
+  def setup_current_channel
+    @current_channel = current_publisher.channels.find(params[:id])
+  rescue ActiveRecord::RecordNotFound
+    render(json: {}, status: 404)
+  end
+end
diff --git a/app/controllers/api/nextv1/connection/bitflyer_connections_controller.rb b/app/controllers/api/nextv1/connection/bitflyer_connections_controller.rb
@@ -0,0 +1,57 @@
+require "uri"
+require "net/http"
+require "json"
+require "digest"
+require "base64"
+
+class Api::Nextv1::Connection::BitflyerConnectionsController < Api::Nextv1::Oauth2Controller
+  def destroy
+    I18n.locale = :ja
+    bitflyer_connection = current_publisher.bitflyer_connection
+
+    # Destroy our database records
+    if bitflyer_connection.destroy
+      render(json: {}, status: 200)
+    else
+      render(json: {errors: I18n.t(
+          "publishers.gemini_connections.destroy.error",
+          errors: bitflyer_connection.errors.full_messages.join(", ")
+        )}, status: 417)
+    end
+  end
+
+  private
+
+  # 1.) Set required state for Oauth2 Implementation
+  # @debug is an optional flag that will return a json response from the callback
+  # Helpful for explicit debugging and introspection of access token request response values.
+  def set_controller_state
+    @klass = BitflyerConnection
+    @access_token_response = Oauth2::Responses::BitflyerAccessTokenResponse
+  end
+
+  # 2.) Bitflyer uses code exchange verification: https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+  def code_challenge
+    Digest::SHA256.base64digest(code_verifier).chomp("=").tr("+", "-").tr("/", "_")
+  end
+
+  # One way encoded(Varies through time + unique to provider + random/varies through sesion)
+  def code_verifier
+    Digest::SHA256.base64digest(current_publisher.current_sign_in_at.to_s + current_publisher.id + current_publisher.session_salt.to_s)
+  end
+
+  # 3.) Generate auth_url using code_challange verification
+  def authorization_url
+    @_authorization_url ||= client.authorization_code_url(
+      state: @state,
+      scope: @klass.oauth2_config.scope,
+      code_challenge: code_challenge,
+      code_challenge_method: "S256"
+    )
+  end
+
+  # 4.) Make request using code_verifier
+  def access_token_request
+    client.access_token(params.require(:code), code_verifier: code_verifier)
+  end
+end
diff --git a/app/controllers/api/nextv1/connection/gemini_connections_controller.rb b/app/controllers/api/nextv1/connection/gemini_connections_controller.rb
@@ -0,0 +1,26 @@
+class Api::Nextv1::Connection::GeminiConnectionsController < Api::Nextv1::Oauth2Controller
+  def destroy
+    gemini_connection = current_publisher.gemini_connection
+
+    # Destroy our database records
+    if gemini_connection.destroy
+      render(json: {}, status: 200)
+    else
+      render(json: {errors: I18n.t(
+          "publishers.gemini_connections.destroy.error",
+          errors: gemini_connection.errors.full_messages.join(", ")
+        )}, status: 417)
+    end
+  end
+
+  private
+
+  # 1.) Set required state for Oauth2 Implementation
+  # @debug is an optional flag that will return a json response from the callback
+  # Helpful for explicit debugging and introspection of access token request response values.
+  def set_controller_state
+    @klass = GeminiConnection
+    # @debug = true
+  end
+end
+
diff --git a/app/controllers/api/nextv1/connection/uphold_connections_controller.rb b/app/controllers/api/nextv1/connection/uphold_connections_controller.rb
@@ -0,0 +1,63 @@
+
+# NOTE: To test this locally you have to  access the app from 127.0.0.1: Uphold does not allow localhost has a valid domain
+# and when you redirect back to 127.0.0.1 all your relevant cookies are lost.
+#
+# When you login through the email url, you need to copy the url and replace localhost with 127.0.0.1
+# and create your session with that domain.
+#
+# Took me a while to figure that out.
+
+class Api::Nextv1::Connection::UpholdConnectionsController < Api::Nextv1::Oauth2Controller
+  include PublishersHelper
+
+  def show
+    publisher = current_publisher
+    render(json: {
+      uphold_status: publisher.uphold_connection&.uphold_status.to_s,
+      uphold_is_member: publisher.uphold_connection&.is_member? || false,
+      uphold_status_summary: uphold_status_summary(publisher),
+      uphold_status_description: uphold_status_description(publisher),
+      default_currency: publisher.uphold_connection&.default_currency,
+      uphold_username: publisher.uphold_connection&.uphold_details&.username
+    }, status: 200)
+  end
+
+  # TODO: Do we update connections???
+  # def update
+  #   uphold_connection = current_publisher.uphold_connection
+  #   return if uphold_connection.blank?
+
+  #   send_emails = DateTime.now
+
+  #   case params[:send_emails]
+  #   when "forever"
+  #     send_emails = UpholdConnection::FOREVER_DATE
+  #   when "next_year"
+  #     send_emails = 1.year.from_now
+  #   end
+
+  #   uphold_connection.update(send_emails: send_emails)
+  # end
+
+  # publishers/disconnect_uphold
+  def destroy
+    # You can't remove your connection if you've been banned/suspended.
+    # This is how we prevent you from reusing the connection.
+    if !current_publisher.authorized_to_act? #
+      head :unauthorized and return
+    end
+
+    current_publisher&.uphold_connection&.destroy
+    head :ok
+  end
+
+  private
+
+  # 1.) Set required state for Oauth2 Implementation
+  # @debug is an optional flag that will return a json response from the callback
+  # Helpful for explicit debugging and introspection of access token request response values.
+  def set_controller_state
+    @klass = UpholdConnection
+    @klass.strict_create = true # toggle various restrictions on creating wallets. Useful for debugging.
+  end
+end
diff --git a/app/controllers/api/nextv1/crypto_address_for_channels_controller.rb b/app/controllers/api/nextv1/crypto_address_for_channels_controller.rb
@@ -0,0 +1,119 @@
+require "eth"
+require "rbnacl"
+require "base58"
+
+class Api::Nextv1::CryptoAddressForChannelsController < Api::Nextv1::BaseController
+  include PublishersHelper
+  include Eth
+
+  def index
+    current_channel = current_publisher.channels.find(params[:channel_id])
+    @crypto_addresses_for_channel = CryptoAddressForChannel.where(channel: current_channel)
+    render(json: @crypto_addresses_for_channel)
+  end
+
+  def generate_nonce
+    nonce = SecureRandom.uuid
+    Rails.cache.write(nonce, current_publisher.id)
+    render json: {nonce: nonce}
+  end
+
+  def create
+    signature = params[:transaction_signature]
+    account_address = params[:account_address]
+    chain = params[:chain]
+    message = params[:message]
+    current_channel = current_publisher.channels.find(params[:channel_id])
+    @errors = []
+
+    # check that the message is a valid nonce and delete after use
+    valid_message = if Rails.cache.read(message) == current_publisher.id
+      !!Rails.cache.delete(message)
+    else
+      @errors << "message is invalid"
+      false
+    end
+
+    # check to make sure the user owns the address
+    verified = valid_message &&
+      case chain
+      when "SOL"
+        verify_solana_address(signature, account_address, message)
+      when "ETH"
+        verify_ethereum_address(signature, account_address, message)
+      else
+        @errors << "address could not be verified"
+        false
+      end
+
+    # Create new crypto address, and remove any other addresses on the same chain for the channel
+    success = verified && replace_crypto_address_for_channel(account_address, chain, current_channel)
+
+    if success
+      render(json: {crypto_address_for_channel: success}, status: 201)
+    else
+      render(json: {errors: @errors}, status: 400)
+    end
+  end
+
+  def change_address
+    account_address = params[:address]
+    chain = params[:chain]
+    current_channel = current_publisher.channels.find(params[:channel_id])
+
+    success = replace_crypto_address_for_channel(account_address, chain, current_channel)
+
+    if success
+      render(json: {crypto_address_for_channel: success}, status: 200)
+    else
+      render(json: {errors: "address could not be updated"}, status: 400)
+    end
+  end
+
+  def destroy
+    chain = params[:chain]
+    current_channel = current_publisher.channels.find(params[:channel_id])
+
+    begin
+      CryptoAddressForChannel.where(chain: chain, channel: current_channel).first&.destroy!
+      render(json: {crypto_address_for_channel: true}, status: 200)
+    rescue => e
+      render(json: {errors: "address could not be deleted"}, status: 400)
+    end
+  end
+
+  def verify_solana_address(signature, address, message)
+    verify_key = RbNaCl::VerifyKey.new(Base58.base58_to_binary(address, :bitcoin))
+    verify_key.verify(Base58.base58_to_binary(signature, :bitcoin), message)
+  rescue => e
+    LogException.perform(e, publisher: current_publisher)
+    false
+  end
+
+  def verify_ethereum_address(signature, address, message)
+    signature_pubkey = Eth::Signature.personal_recover message, signature
+    signature_address = Eth::Util.public_key_to_address signature_pubkey
+    # Eth addresses are case insensitive
+    signature_address.address.downcase == address.downcase
+  rescue => e
+    LogException.perform(e, publisher: current_publisher)
+    false
+  end
+
+  def replace_crypto_address_for_channel(account_address, chain, channel)
+    ActiveRecord::Base.transaction do
+      crypto_address = CryptoAddress.where(publisher: current_publisher, address: account_address, chain: chain, verified: true).first_or_create!
+      existing_address = CryptoAddressForChannel.where(chain: chain, channel: channel)
+
+      if existing_address.length > 0
+        existing_address.first.destroy!
+      end
+
+      CryptoAddressForChannel.create!(chain: chain, crypto_address: crypto_address, channel: channel)
+    end
+  rescue => e
+    LogException.perform(e, publisher: current_publisher)
+    false
+  end
+
+end
diff --git a/app/controllers/api/nextv1/crypto_addresses_controller.rb b/app/controllers/api/nextv1/crypto_addresses_controller.rb
@@ -0,0 +1,23 @@
+class Api::Nextv1::CryptoAddressesController < Api::Nextv1::BaseController
+  include PublishersHelper
+
+  def index
+      @crypto_addresses = CryptoAddress.where(publisher_id: current_publisher.id)
+      render(json: @crypto_addresses)
+    end
+
+  def destroy
+    begin
+      @crypto_address = current_publisher.crypto_addresses.find(params[:id])
+    rescue ActiveRecord::RecordNotFound
+      return render json: {}, status: 404
+    end
+
+    begin
+      @crypto_address.destroy!
+      render(json: {crypto_address: true}, status: 200)
+    rescue => e
+      render(json: {errors: "address could not be deleted"}, status: 400)
+    end
+  end
+end