Merge pull request #316 from BrightID/dev

Dev

config.env

@@ -1,5 +1,6 @@
 BN_WS_OPERATIONS_TIME_WINDOW=900
 BN_WS_OPERATIONS_LIMIT=60
+BN_WS_APPS_OPERATIONS_LIMIT=500
 # Update this port in web/brightid-nginx.conf and docker-compose.yml too
 BN_WS_PROFILE_SERVICE_PORT=3000
 BN_ARANGO_PROTOCOL=http
@@ -26,6 +27,7 @@ BN_UPDATER_IDCHAIN_WSS=wss://idchain.one/ws/
 BN_UPDATER_SEED_GROUPS_WS_URL=wss://idchain.one/ws/
 BN_ARANGO_EXTRA_OPTS=
 BN_DEVELOPMENT=false
+BN_PEERS=
 # passwords
 BN_SEED=
 BN_WS_PRIVATE_KEY=

config.env.test

@@ -1,5 +1,6 @@
 BN_WS_OPERATIONS_TIME_WINDOW=900
 BN_WS_OPERATIONS_LIMIT=60
+BN_WS_APPS_OPERATIONS_LIMIT=500
 # Update this port in web/brightid-nginx.conf and docker-compose.yml too
 BN_WS_PROFILE_SERVICE_PORT=3000
 BN_ARANGO_PROTOCOL=http
@@ -26,6 +27,7 @@ BN_UPDATER_IDCHAIN_WSS=wss://idchain.one/ws/
 BN_UPDATER_SEED_GROUPS_WS_URL=wss://idchain.one/ws/
 BN_ARANGO_EXTRA_OPTS=
 BN_DEVELOPMENT=true
+BN_PEERS=
 # passwords
 BN_SEED=
 BN_WS_PRIVATE_KEY=

consensus/receiver.py

@@ -6,6 +6,7 @@
 import hashlib
 import shutil
 import requests
+import traceback
 from arango import ArangoClient, errno
 from web3 import Web3
 from web3.middleware import geth_poa_middleware
@@ -22,14 +23,14 @@
 def hash(op):
     blockTime = op['blockTime']
     op = {k: op[k] for k in op if k not in (
-        'sig', 'sig1', 'sig2', 'hash', 'blockTime')}
+        'sig', 'sig1', 'sig2', 'sig3', 'sig4', 'sig5', 'hash', 'blockTime')}
     if op['name'] == 'Set Signing Key':
         del op['id1']
         del op['id2']
     # in next release checking blockTime should be removed
     if op['name'] == 'Social Recovery' and op['v'] == 6 and blockTime > 1637380189000:
-        del op['id1']
-        del op['id2']
+        for k in ['id1', 'id2', 'id3', 'id4', 'id5']:
+            op.pop(k, None)
     message = json.dumps(op, sort_keys=True, separators=(',', ':'))
     m = hashlib.sha256()
     m.update(message.encode('ascii'))
@@ -180,4 +181,5 @@ def wait():
             main()
         except Exception as e:
             print(f'Error: {e}')
+            print(f'Traceback: {traceback.format_exc()}')
             time.sleep(10)

docker-compose.yml

@@ -82,6 +82,7 @@ services:
     image: nginx
     volumes:
       - ./web/brightid-nginx.conf:/etc/nginx/nginx.conf
+      - ./web/index.html:/var/www/html/index.html
     network_mode: host
     env_file:
       - config.env

web/brightid-nginx.conf

@@ -36,6 +36,8 @@ http {
     server {
         listen 80;
 
+        root /var/www/html/;
+
         location /profile/ {
             client_max_body_size 100k;
             proxy_pass http://127.0.0.1:3000/;

web/index.html

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>BrightID Node</title>
+    <link
+      rel="stylesheet"
+      href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css"
+      integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm"
+      crossorigin="anonymous"
+    />
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
+  </head>
+
+  <body style="font-family: Poppins, sans-serif;">
+    <a id="brightid_logo" href="https://www.brightid.org/"
+      ><img
+        src="https://uploads-ssl.webflow.com/5e54622b3f6e65be8baf0653/5fdc4719cf8bf208a98162f2_brightid%20final%20logo-01.png"
+        loading="lazy"
+        width="103"
+    /></a>
+    <h1 style="text-align: center;">BrightID Node</h1>
+    <br />
+    <table
+      class="table table-bordered"
+      style="table-layout: fixed; word-wrap: break-word"
+      id="table"
+    ></table>
+
+    <script>
+      $(document).ready(function () {
+        $.get(
+          "/brightid/v6/state",
+          function (res) {
+            for (let [key, value] of Object.entries(res.data)) {
+              if (key == "wISchnorrPublic") {
+                value = { y: value.y };
+              }
+              let row = $("<tr/>");
+              $("#table").append(
+                `<tr> <th scope="row" width="20%">${key}</th> <td  width="70%">${
+                  typeof value === "object"
+                    ? JSON.stringify(value, null, 4)
+                    : value
+                }</td> </tr>`
+              );
+            }
+          }
+        );
+      });
+    </script>
+  </body>
+</html>

web_services/docker-entrypoint.sh

@@ -12,6 +12,7 @@ foxx config /brightid5 privateKey=$BN_WS_PRIVATE_KEY
 foxx config /brightid5 ethPrivateKey=$BN_WS_ETH_PRIVATE_KEY
 foxx config /brightid5 operationsTimeWindow=$BN_WS_OPERATIONS_TIME_WINDOW
 foxx config /brightid5 operationsLimit=$BN_WS_OPERATIONS_LIMIT
+foxx config /brightid5 appsOperationsLimit=$BN_WS_APPS_OPERATIONS_LIMIT
 
 foxx upgrade /apply5 /code/foxx/apply5.zip ||
 foxx install /apply5 /code/foxx/apply5.zip
@@ -25,7 +26,9 @@ foxx config /brightid6 ethPrivateKey=$BN_WS_ETH_PRIVATE_KEY
 foxx config /brightid6 consensusSenderPrivateKey=$BN_CONSENSUS_PRIVATE_KEY
 foxx config /brightid6 operationsTimeWindow=$BN_WS_OPERATIONS_TIME_WINDOW
 foxx config /brightid6 operationsLimit=$BN_WS_OPERATIONS_LIMIT
+foxx config /brightid6 appsOperationsLimit=$BN_WS_APPS_OPERATIONS_LIMIT
 foxx config /brightid6 development=$BN_DEVELOPMENT
+foxx config /brightid6 peers=$BN_PEERS
 
 foxx upgrade /apply6 /code/foxx/apply6.zip ||
 foxx install /apply6 /code/foxx/apply6.zip

web_services/foxx/brightid/db.js

@@ -618,6 +618,11 @@ function setSigningKey(signingKey, key, timestamp) {
     signingKeys: [signingKey],
     updateTime: timestamp,
   });
+
+  // remove pending invites, because they can not be decrypted anymore by the new signing key
+  invitationsColl.removeByExample({
+    _from: "users/" + key,
+  });
 }
 
 function getSponsorship(appUserId) {
@@ -963,7 +968,7 @@ function sponsorRequestedRecently(op) {
   const lastSponsorTimestamp = query`
     FOR o in ${operationsColl}
       FILTER o.name == "Sponsor"
-      AND o.appUserId == ${op.appUserId}
+      AND o.appUserId IN ${[op.appUserId, op.appUserId.toLowerCase()]}
       SORT o.timestamp ASC
       RETURN o.timestamp
   `
@@ -973,6 +978,32 @@ function sponsorRequestedRecently(op) {
   return lastSponsorTimestamp && Date.now() - lastSponsorTimestamp < timeWindow;
 }
 
+function getRequiredRecoveryNum(id) {
+  const user = getUser(id);
+  if (
+    "nextRequiredRecoveryNum" in user &&
+    user.requiredRecoveryNumSetAfter <= Date.now()
+  ) {
+    user.requiredRecoveryNum = user.nextRequiredRecoveryNum;
+    delete user.nextRequiredRecoveryNum;
+    delete user.requiredRecoveryNumSetAfter;
+    usersColl.replace(id, user);
+  }
+  return user.requiredRecoveryNum || 2;
+}
+
+function setRequiredRecoveryNum(id, requiredRecoveryNum, timestamp) {
+  const recoveryConnections = getRecoveryConnections(id);
+  if (recoveryConnections.length < requiredRecoveryNum) {
+    throw new errors.InvalidNumberOfSignersError();
+  }
+
+  usersColl.update(id, {
+    nextRequiredRecoveryNum: requiredRecoveryNum,
+    requiredRecoveryNumSetAfter: Date.now() + 7 * 24 * 60 * 60 * 1000,
+  });
+}
+
 module.exports = {
   connect,
   createGroup,
@@ -1017,4 +1048,6 @@ module.exports = {
   isEthereumAddress,
   getAppUserIds,
   sponsorRequestedRecently,
+  setRequiredRecoveryNum,
+  getRequiredRecoveryNum,
 };

web_services/foxx/brightid/errors.js

@@ -55,6 +55,8 @@ const CACHED_PARAMS_NOT_FOUND = 65;
 const FORBIDDEN_CONNECTION = 66;
 const UNSINGABLE_APP_USER_ID = 67;
 const SPONSOR_REQUESTED_RECENTLY = 68;
+const WRONG_NUMBER_OF_SIGNERS = 69;
+const INVALID_NUMBER_OF_SIGNERS = 70;
 
 class BrightIDError extends Error {
   constructor() {
@@ -581,7 +583,26 @@ class SponsorRequestedRecently extends ForbiddenError {
   constructor() {
     super();
     this.errorNum = SPONSOR_REQUESTED_RECENTLY;
-    this.message = `The app has sent this sponsor request recently.`;
+    this.message = "The app has sent this sponsor request recently.";
+  }
+}
+
+class WrongNumberOfSignersError extends ForbiddenError {
+  constructor(missedAttr, requiredRecoveryNum) {
+    super();
+    this.errorNum = WRONG_NUMBER_OF_SIGNERS;
+    this.message = `${missedAttr} is missed while ${requiredRecoveryNum} signers are required.`;
+    this.missedAttr = missedAttr;
+    this.requiredRecoveryNum = requiredRecoveryNum;
+  }
+}
+
+class InvalidNumberOfSignersError extends ForbiddenError {
+  constructor() {
+    super();
+    this.errorNum = INVALID_NUMBER_OF_SIGNERS;
+    this.message =
+      "The number of signers should be equal or less than the number of recovery connections.";
   }
 }
 
@@ -642,6 +663,8 @@ module.exports = {
   FORBIDDEN_CONNECTION,
   UNSINGABLE_APP_USER_ID,
   SPONSOR_REQUESTED_RECENTLY,
+  WRONG_NUMBER_OF_SIGNERS,
+  INVALID_NUMBER_OF_SIGNERS,
   BrightIDError,
   BadRequestError,
   InternalServerError,
@@ -704,4 +727,6 @@ module.exports = {
   ForbiddenConnectionError,
   UnsingableAppUserIdError,
   SponsorRequestedRecently,
+  WrongNumberOfSignersError,
+  InvalidNumberOfSignersError,
 };

web_services/foxx/brightid/index.js

@@ -41,7 +41,6 @@ const handlers = {
     const op = req.body;
     const message = operations.getMessage(op);
     op.hash = hash(message);
-
     if (operationsHashesColl.exists(op.hash)) {
       throw new errors.OperationAppliedBeforeError(op.hash);
     } else if (JSON.stringify(op).length > MAX_OP_SIZE) {
@@ -53,7 +52,9 @@ const handlers = {
 
     // allow limited number of operations to be posted in defined time window
     const timeWindow = module.context.configuration.operationsTimeWindow * 1000;
-    const limit = module.context.configuration.operationsLimit;
+    const limit = ["Sponsor", "Spend Sponsorship"].includes(op.name)
+      ? module.context.configuration.appsOperationsLimit
+      : module.context.configuration.operationsLimit;
     operations.checkLimits(op, timeWindow, limit);
 
     op.state = "init";
@@ -150,6 +151,7 @@ const handlers = {
       });
     data.createdAt = user.createdAt;
     data.signingKeys = user.signingKeys;
+    data.requiredRecoveryNum = db.getRequiredRecoveryNum(id);
 
     if (requestor && usersColl.exists(requestor)) {
       const requestorConnections = db.userConnections(requestor, "outbound");
@@ -515,6 +517,13 @@ const handlers = {
       },
     });
   },
+
+  peersGet: function (req, res) {
+    const conf = module.context.configuration;
+    res.send({
+      peers: conf.peers ? conf.peers.split(",") : [],
+    });
+  },
 };
 
 router
@@ -830,6 +839,11 @@ router
   .response(schemas.sponsorshipGetResponse)
   .error(404, "App generated id not found");
 
+router
+  .get("/peers", handlers.peersGet)
+  .summary("Gets other nodes this node trusts")
+  .response(schemas.peersGetResponse);
+
 module.context.use(function (req, res, next) {
   try {
     next();

web_services/foxx/brightid/initdb.js

@@ -52,6 +52,8 @@ const indexes = [
   { collection: "operations", fields: ["state"], type: "persistent" },
   { collection: "operations", fields: ["name"], type: "persistent" },
   { collection: "operations", fields: ["timestamp"], type: "persistent" },
+  { collection: "operations", fields: ["contextId"], type: "persistent" },
+  { collection: "operations", fields: ["appUserId"], type: "persistent" },
   {
     collection: "cachedParams",
     fields: ["creationDate"],

web_services/foxx/brightid/manifest.json

@@ -3,7 +3,7 @@
   "name": "BrightID-Node",
   "description": "Read and update the anonymous social graph stored on BrightID nodes.",
   "license": "ISC",
-  "version": "6.13.1",
+  "version": "6.14.0",
   "tests": ["tests/*.js"],
   "scripts": {
     "setup": "initdb.js"
@@ -44,6 +44,16 @@
       "type": "int",
       "required": false
     },
+    "appsOperationsLimit": {
+      "description": "Maximum number of operations each app can send in configured time window",
+      "type": "int",
+      "required": false
+    },
+    "peers": {
+      "description": "other nodes that this node trusts (comma-separated string)",
+      "type": "string",
+      "required": false
+    },
     "development": {
       "description": "true if the node is in development mode",
       "type": "boolean",

web_services/foxx/brightid/manifest_apply.json

@@ -2,7 +2,7 @@
   "main": "apply.js",
   "name": "apply",
   "description": "Allows BrightID consensus module to apply operations to the database.",
-  "version": "6.13.1",
+  "version": "6.14.0",
   "scripts": {
     "setup": "initdb.js"
   }