tornadocontrib/web3-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changes from review. will test now

Browse Source
This commit is contained in:
yenicelik 2023-02-10 17:48:51 +00:00
parent cc41e54cbf
commit 8562fc3384
8 changed files with 93 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/apply-migrations.sh
View File

@ -1,3 +1,3 @@
sea-orm-cli migrate up
# sea-orm-cli generate entity -t <table_name>
# sea-orm-cli migrate up
# sea-orm-cli generate entity -u mysql://root:dev_web3_proxy@127.0.0.1:13306/dev_web3_proxy -o entities/src --with-serde both
# sea-orm-cli generate entity -t <table_name>

0
scripts/manual-tests/16-change-user-tier.sh Normal file
View File

0
scripts/manual-tests/19-admin-imitate-user.sh Normal file
View File

82
web3_proxy/src/admin_queries.rs
View File

@ -8,8 +8,10 @@ use axum::{
TypedHeader,
};
use axum::response::{IntoResponse, Response};
use entities::{admin, user, user_tier};
use entities::{admin, login, user, user_tier};
use ethers::prelude::Address;
use ethers::types::Bytes;
use ethers::utils::keccak256;
use hashbrown::HashMap;
use http::StatusCode;
use migration::sea_orm::{self, ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter};
@ -32,29 +34,13 @@ pub async fn query_admin_modify_usertier<'a>(
// Quickly return if any of the input tokens are bad
let user_address: Vec<u8> = params
.get("user_address")
.ok_or_else(||
FrontendErrorResponse::StatusCode(
StatusCode::BAD_REQUEST,
"Unable to find user_address key in request".to_string(),
None,
)
)?
.ok_or_else(|| FrontendErrorResponse::BadRequest("Unable to find user_address key in request".to_string()))?
.parse::<Address>()
.map_err(|err| {
FrontendErrorResponse::StatusCode(
StatusCode::BAD_REQUEST,
"Unable to parse user_address as an Address".to_string(),
Some(err.into()),
)
})?
.map_err(|_| FrontendErrorResponse::BadRequest("Unable to parse user_address as an Address".to_string()))?
.to_fixed_bytes().into();
let user_tier_title = params
.get("user_tier_title")
.ok_or_else(|| FrontendErrorResponse::StatusCode(
StatusCode::BAD_REQUEST,
"Unable to get the user_tier_title key from the request".to_string(),
None,
))?;
.ok_or_else(||FrontendErrorResponse::BadRequest("Unable to get the user_tier_title key from the request".to_string()))?;
// Prepare output body
let mut response_body = HashMap::new();
@ -78,22 +64,18 @@ pub async fn query_admin_modify_usertier<'a>(
// Check if the caller is an admin (i.e. if he is in an admin table)
let admin: admin::Model = admin::Entity::find()
.filter(admin::Column::UserId.eq(caller_id))
.one(&db_conn)
.one(db_replica.conn())
.await?
.ok_or(AccessDenied.into())?;
.ok_or(AccessDenied)?;
// If we are here, that means an admin was found, and we can safely proceed
// Fetch the admin, and the user
let user: user::Model = user::Entity::find()
.filter(user::Column::Address.eq(user_address))
.one(&db_conn)
.one(db_replica.conn())
.await?
.ok_or(FrontendErrorResponse::StatusCode(
StatusCode::BAD_REQUEST,
"No user with this id found".to_string(),
None,
))?;
.ok_or(FrontendErrorResponse::BadRequest("No user with this id found".to_string()))?;
// Return early if the target user_tier_id is the same as the original user_tier_id
response_body.insert(
"user_tier_title",
@ -101,20 +83,16 @@ pub async fn query_admin_modify_usertier<'a>(
);
// Now we can modify the user's tier
let new_user_tier: user_tier::Model = !user_tier::Entity::find()
let new_user_tier: user_tier::Model = user_tier::Entity::find()
.filter(user_tier::Column::Title.eq(user_tier_title.clone()))
.one(&db_conn)
.one(db_replica.conn())
.await?
.ok_or(|| FrontendErrorResponse::StatusCode(
StatusCode::BAD_REQUEST,
"User Tier name was not found".to_string(),
None,
))?;
.ok_or(FrontendErrorResponse::BadRequest("User Tier name was not found".to_string()))?;
if user.user_tier_id == new_user_tier.id {
info!("user already has that tier");
} else {
let mut user = user.into_active_model();
let mut user = user.clone().into_active_model();
user.user_tier_id = sea_orm::Set(new_user_tier.id);
@ -123,11 +101,35 @@ pub async fn query_admin_modify_usertier<'a>(
info!("user's tier changed");
}
// Finally, remove the user from redis
// TODO: Also remove the user from the redis
// redis_conn.zrem();
// redis_conn.get::<_, u64>(&user.) // TODO: Where do i find the bearer token ...
// Query the login table, and get all bearer tokens by this user
let bearer_tokens = login::Entity::find()
.filter(login::Column::UserId.eq(user.id))
.all(db_replica.conn())
.await?;
// TODO: Remove from Redis
// Remove multiple items simultaneously, but this should be quick let's not prematurely optimize
let recent_user_id_key = format!("recent_users:id:{}", app.config.chain_id);
let salt = app
.config
.public_recent_ips_salt
.as_ref()
.expect("public_recent_ips_salt must exist in here");
// TODO: How do I remove the redis items (?)
for bearer_token in bearer_tokens {
let salted_user_id = format!("{}:{}", salt, bearer_token.user_id);
let hashed_user_id = Bytes::from(keccak256(salted_user_id.as_bytes()));
redis_conn
.zrem(&recent_user_id_key, hashed_user_id.to_string())
.await?;
}
// Now delete these tokens ...
login::Entity::delete_many()
.filter(login::Column::UserId.eq(user.id))
.exec(&db_conn)
.await?;
Ok(Json(&response_body).into_response())

59
web3_proxy/src/bin/web3_proxy_cli/change_user_admin_status.rs
View File

@ -1,7 +1,9 @@
use anyhow::Context;
use argh::FromArgs;
use entities::{admin, login, user};
use ethers::types::Address;
use ethers::types::{Address, Bytes};
use ethers::utils::keccak256;
use http::StatusCode;
use log::{debug, info};
use migration::sea_orm::{
self, ActiveModelTrait, ColumnTrait, DatabaseConnection, EntityTrait, ModelTrait, IntoActiveModel,
@ -34,17 +36,19 @@ impl ChangeUserAdminStatusSubCommand {
.filter(user::Column::Address.eq(address.clone()))
.one(db_conn)
.await?
.context("No user found with that address")?;
// Check if there is a record in the database
let mut admin = admin::Entity::find()
.filter(admin::Column::UserId.eq(address))
.all(db_conn)
.await?;
.context(format!("No user with this id found {:?}", address))?;
debug!("user: {:#?}", user);
match admin.pop() {
// Check if there is a record in the database
match admin::Entity::find()
.filter(admin::Column::UserId.eq(address))
.one(db_conn)
.await? {
Some(old_admin) if !should_be_admin => {
// User is already an admin, but shouldn't be
old_admin.delete(db_conn).await?;
}
None if should_be_admin => {
// User is not an admin yet, but should be
let new_admin = admin::ActiveModel {
@ -52,19 +56,42 @@ impl ChangeUserAdminStatusSubCommand {
..Default::default()
};
new_admin.insert(db_conn).await?;
},
Some(old_admin) if !should_be_admin => {
// User is already an admin, but shouldn't be
old_admin.delete(db_conn).await?;
},
_ => {}
}
_ => {
// Do nothing in this case
debug!("no change needed for: {:#?}", user);
// Early return
return Ok(());
}
}
// Get the bearer tokens of this user and delete them ...
let bearer_tokens = login::Entity::find()
.filter(login::Column::UserId.eq(user.id))
.all(db_conn)
.await?;
// // TODO: Remove from Redis
// // Remove multiple items simultaneously, but this should be quick let's not prematurely optimize
// let recent_user_id_key = format!("recent_users:id:{}", app.config.chain_id);
// let salt = app
// .config
// .public_recent_ips_salt
// .as_ref()
// .expect("public_recent_ips_salt must exist in here");
//
// // TODO: Also clear redis ...
// let salted_user_id = format!("{}:{}", salt, bearer_token.user_id);
// let hashed_user_id = Bytes::from(keccak256(salted_user_id.as_bytes()));
// redis_conn
// .zrem(&recent_user_id_key, hashed_user_id.to_string())
// .await?;
// Remove any user logins from the database (incl. bearer tokens)
let delete_result = login::Entity::delete_many()
.filter(login::Column::UserId.eq(user.id))
.exec(db_conn)
.await;
.await?;
debug!("cleared modified logins: {:?}", delete_result);

2
web3_proxy/src/bin/web3_proxy_cli/main.rs
View File

@ -309,7 +309,7 @@ fn main() -> anyhow::Result<()> {
SubCommand::ChangeUserTierByAddress(x) => {
let db_url = cli_config
.db_url
.expect("'--config' (with a db) or '--db-url' is required to run proxyd");
.expect("'--config' (with a db) or '--db-url' is required to run change_user_admin_status");
let db_conn = get_db(db_url, 1, 1).await?;

6
web3_proxy/src/frontend/admin.rs
View File

@ -17,7 +17,7 @@ use axum::{
response::IntoResponse,
Extension, Json, TypedHeader,
};
use axum_client_ip::ClientIp;
use axum_client_ip::InsecureClientIp;
use axum_macros::debug_handler;
use chrono::{TimeZone, Utc};
use entities::sea_orm_active_enums::{LogLevel, Role};
@ -67,7 +67,7 @@ pub async fn admin_change_user_roles(
#[debug_handler]
pub async fn admin_login_get(
Extension(app): Extension<Arc<Web3ProxyApp>>,
ClientIp(ip): ClientIp,
InsecureClientIp(ip): InsecureClientIp,
Path(mut params): Path<HashMap<String, String>>,
) -> FrontendResult {
// First check if the login is authorized
@ -229,7 +229,7 @@ pub async fn admin_login_get(
#[debug_handler]
pub async fn admin_login_post(
Extension(app): Extension<Arc<Web3ProxyApp>>,
ClientIp(ip): ClientIp,
InsecureClientIp(ip): InsecureClientIp,
Query(query): Query<PostLoginQuery>,
Json(payload): Json<PostLogin>,
) -> FrontendResult {

2
web3_proxy/src/frontend/mod.rs
View File

@ -171,7 +171,7 @@ pub async fn serve(port: u16, proxy_app: Arc<Web3ProxyApp>) -> anyhow::Result<()
.route("/admin/modify_role", get(admin::admin_change_user_roles))
.route("/admin/imitate-login/:user_address", get(admin::admin_login_get))
.route(
"/user/imitate-login/:user_address/:message_eip",
"/admin/imitate-login/:user_address/:message_eip",
get(admin::admin_login_get),
)
.route("/admin/imitate-login", post(admin::admin_login_post))