From e8d7ddb226599bcd05d935f9a9e5bf368df5419f Mon Sep 17 00:00:00 2001 From: emmdim Date: Fri, 25 Oct 2024 18:51:23 +0200 Subject: [PATCH] Implements initial version subscriiption validations, using the censussize --- api/api_test.go | 2 +- api/transaction.go | 15 +++++++++++++++ cmd/service/main.go | 1 + db/helpers.go | 18 ++++++++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) diff --git a/api/api_test.go b/api/api_test.go index a227759..4c4ce39 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -109,7 +109,7 @@ func TestMain(m *testing.M) { // set reset db env var to true _ = os.Setenv("VOCDONI_MONGO_RESET_DB", "true") // create a new MongoDB connection with the test database - if testDB, err = db.New(mongoURI, test.RandomDatabaseName()); err != nil { + if testDB, err = db.New(mongoURI, test.RandomDatabaseName(), "subscriptions.json"); err != nil { panic(err) } defer testDB.Close() diff --git a/api/transaction.go b/api/transaction.go index 669f044..49bd9cf 100644 --- a/api/transaction.go +++ b/api/transaction.go @@ -69,6 +69,12 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) { } // check if the api is not in transparent mode if !a.transparentMode { + // get subscirption plan + plan, err := a.db.Subscription(org.Subscription.SubscriptionID) + if err != nil { + ErrNoOrganizationSubscription.Withf("could not get organization subscription: %v", err).Write(w) + return + } switch tx.Payload.(type) { case *models.Tx_SetAccount: txSetAccount := tx.GetSetAccount() @@ -114,9 +120,14 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) { ErrInvalidTxFormat.With("missing fields").Write(w) return } + if hasPermission, err := a.db.CheckSubscriptionPermissions(tx, txNewProcess.Txtype, org, plan); !hasPermission || err != nil { + ErrUnauthorized.Withf("user does not have permission to sign transactions: %v", err).Write(w) + return + } // check the tx subtype switch txNewProcess.Txtype { case models.TxType_NEW_PROCESS: + // generate a new faucet package if it's not present and include it in the tx if txNewProcess.FaucetPackage == nil { // get the tx cost for the tx type @@ -162,6 +173,10 @@ func (a *API) signTxHandler(w http.ResponseWriter, r *http.Request) { ErrInvalidTxFormat.With("invalid tx type").Write(w) return } + if hasPermission, err := a.db.CheckSubscriptionPermissions(tx, txSetProcess.Txtype, org, plan); !hasPermission || err != nil { + ErrUnauthorized.Withf("user does not have permission to sign transactions: %v", err).Write(w) + return + } // check the tx subtype switch txSetProcess.Txtype { case models.TxType_SET_PROCESS_STATUS: diff --git a/cmd/service/main.go b/cmd/service/main.go index b4815e7..0994271 100644 --- a/cmd/service/main.go +++ b/cmd/service/main.go @@ -47,6 +47,7 @@ func main() { if err := viper.BindPFlags(flag.CommandLine); err != nil { panic(err) } + log.SetCometLogLevel("debug") viper.AutomaticEnv() // read the configuration host := viper.GetString("host") diff --git a/db/helpers.go b/db/helpers.go index bb2c8c6..51824cc 100644 --- a/db/helpers.go +++ b/db/helpers.go @@ -12,6 +12,7 @@ import ( "go.mongodb.org/mongo-driver/mongo" "go.mongodb.org/mongo-driver/mongo/options" "go.vocdoni.io/dvote/log" + "go.vocdoni.io/proto/build/go/models" ) // initCollections creates the collections in the MongoDB database if they @@ -246,3 +247,20 @@ func readSubscriptionJSON(subscriptionsFile string) ([]*Subscription, error) { } return subscriptions, nil } + +func (ms *MongoStorage) CheckSubscriptionPermissions( + tx *models.Tx, + txType models.TxType, + org *Organization, + plan *Subscription, +) (bool, error) { + + switch txType { + case models.TxType_NEW_PROCESS, models.TxType_SET_PROCESS_CENSUS: + newProcess := tx.GetNewProcess() + if newProcess.Process.MaxCensusSize > uint64(org.Subscription.MaxCensusSize) { + return false, fmt.Errorf("MaxCensusSize is greater than the allowed") + } + } + return true, nil +}