From 85bec3aaf0fd02a84ac71cf86d4d4e0b57d7a3aa Mon Sep 17 00:00:00 2001 From: yenicelik Date: Wed, 15 Feb 2023 15:20:16 +0100 Subject: [PATCH] currently also have to specify the admin user calling the request. also added a tiny manual test to imitate user. will add trails next --- scripts/manual-tests/16-change-user-tier.sh | 2 +- scripts/manual-tests/19-admin-imitate-user.sh | 33 ++++++++++++------- web3_proxy/src/admin_queries.rs | 8 ++--- web3_proxy/src/frontend/admin.rs | 6 +--- web3_proxy/src/frontend/mod.rs | 4 +-- 5 files changed, 30 insertions(+), 23 deletions(-) diff --git a/scripts/manual-tests/16-change-user-tier.sh b/scripts/manual-tests/16-change-user-tier.sh index 3270e3e3..2505935b 100644 --- a/scripts/manual-tests/16-change-user-tier.sh +++ b/scripts/manual-tests/16-change-user-tier.sh @@ -1,5 +1,5 @@ -# docker-compose up -d # rm -rf data/ +# docker-compose up -d # sea-orm-cli migrate up # Use CLI to create the admin that will call the endpoint diff --git a/scripts/manual-tests/19-admin-imitate-user.sh b/scripts/manual-tests/19-admin-imitate-user.sh index 22777444..de20f3c5 100644 --- a/scripts/manual-tests/19-admin-imitate-user.sh +++ b/scripts/manual-tests/19-admin-imitate-user.sh @@ -1,27 +1,38 @@ -# Admin can login as a user ... (but again, we must first have logged in -# docker-compose up -d # rm -rf data/ +# docker-compose up -d # sea-orm-cli migrate up +# Use CLI to create the admin that will call the endpoint RUSTFLAGS="--cfg tokio_unstable" cargo run create_user --address 0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a RUSTFLAGS="--cfg tokio_unstable" cargo run change_admin_status 0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a true +# Use CLI to create the user whose role will be changed via the endpoint +RUSTFLAGS="--cfg tokio_unstable" cargo run create_user --address 0x077e43dcca20da9859daa3fd78b5998b81f794f7 + # Run the proxyd instance -# cargo run --release -- proxyd +RUSTFLAGS="--cfg tokio_unstable" cargo run --release -- proxyd # Check if the instance is running -# curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"web3_clientVersion","id":1}' 127.0.0.1:8544 +curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"web3_clientVersion","id":1}' 127.0.0.1:8544 -# Login as user first -curl -X GET "127.0.0.1:8544/user/login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a" -#curl -X POST -H "Content-Type: application/json" --data '{}' 127.0.0.1:8544/user/login -curl -X GET "127.0.0.1:8544/user/login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a/" +# Open this website to get the nonce to log in +curl \ +-H "Authorization: Bearer 01GSANKVBB22D5P2351P4Y42NV" \ +-X GET "http://127.0.0.1:8544/admin/imitate-login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a/0x077e43dcca20da9859daa3fd78b5998b81f794f7" + +# Use this site to sign a message +# https://www.myetherwallet.com/wallet/sign (whatever is output with the above code) +curl -X POST http://127.0.0.1:8544/admin/imitate-login \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer 01GSANKVBB22D5P2351P4Y42NV" \ + -d '{"address": "0xeb3e928a2e54be013ef8241d4c9eaf4dfae94d5a", "msg": "0x6c6c616d616e6f6465732e636f6d2077616e747320796f7520746f207369676e20696e207769746820796f757220457468657265756d206163636f756e743a0a3078654233453932384132453534424530313345463832343164344339456146344466414539344435610a0af09fa699f09fa699f09fa699f09fa699f09fa6990a0a5552493a2068747470733a2f2f6c6c616d616e6f6465732e636f6d2f0a56657273696f6e3a20310a436861696e2049443a20310a4e6f6e63653a20303147534150545132413932415332435752563158504d4347470a4973737565642041743a20323032332d30322d31355431343a31343a33352e3835303636385a0a45787069726174696f6e2054696d653a20323032332d30322d31355431343a33343a33352e3835303636385a", "sig": "d5fed789e98769b8b726a79f222f2e06476de15948d35c167c4f294bb98edf42244edc703b6d729e5d08bd73c318fc9729b985022229c7669a945d64da47ab641c", "version": "3", "signer": "MEW"}' # Now modify the user role and check this in the database +# 01GSAMMWQ41TVVH3DH8MSEP8X6 # Now we can get a bearer-token to imitate the user -curl -X GET "127.0.0.1:8544/admin/imitate-login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a" -#curl -X POST -H "Content-Type: application/json" --data '{}' 127.0.0.1:8544/user/login -curl -X GET "127.0.0.1:8544/admin/imitate-login/0xeB3E928A2E54BE013EF8241d4C9EaF4DfAE94D5a/" +curl \ +-H "Authorization: Bearer 01GSAPZNVZ96ADJAEZ1VTRSA5T" \ +-X GET "127.0.0.1:8544/user/keys" # docker-compose down diff --git a/web3_proxy/src/admin_queries.rs b/web3_proxy/src/admin_queries.rs index ff2b7841..15966188 100644 --- a/web3_proxy/src/admin_queries.rs +++ b/web3_proxy/src/admin_queries.rs @@ -65,7 +65,7 @@ pub async fn query_admin_modify_usertier<'a>( // Check if the caller is an admin (i.e. if he is in an admin table) let admin: admin::Model = admin::Entity::find() .filter(admin::Column::UserId.eq(caller_id)) - .one(db_replica.conn()) + .one(&db_conn) .await? .ok_or(FrontendErrorResponse::AccessDenied)?; @@ -74,7 +74,7 @@ pub async fn query_admin_modify_usertier<'a>( // Fetch the admin, and the user let user: user::Model = user::Entity::find() .filter(user::Column::Address.eq(user_address)) - .one(db_replica.conn()) + .one(&db_conn) .await? .ok_or(FrontendErrorResponse::BadRequest("No user with this id found".to_string()))?; // Return early if the target user_tier_id is the same as the original user_tier_id @@ -86,7 +86,7 @@ pub async fn query_admin_modify_usertier<'a>( // Now we can modify the user's tier let new_user_tier: user_tier::Model = user_tier::Entity::find() .filter(user_tier::Column::Title.eq(user_tier_title.clone())) - .one(db_replica.conn()) + .one(&db_conn) .await? .ok_or(FrontendErrorResponse::BadRequest("User Tier name was not found".to_string()))?; @@ -105,7 +105,7 @@ pub async fn query_admin_modify_usertier<'a>( // Query the login table, and get all bearer tokens by this user let bearer_tokens = login::Entity::find() .filter(login::Column::UserId.eq(user.id)) - .all(db_replica.conn()) + .all(&db_conn) .await?; // Now delete these tokens ... diff --git a/web3_proxy/src/frontend/admin.rs b/web3_proxy/src/frontend/admin.rs index 8ef18785..c0082f48 100644 --- a/web3_proxy/src/frontend/admin.rs +++ b/web3_proxy/src/frontend/admin.rs @@ -173,11 +173,7 @@ pub async fn admin_login_get( .filter(user::Column::Address.eq(user_address)) .one(db_replica.conn()) .await? - .ok_or(FrontendErrorResponse::StatusCode( - StatusCode::BAD_REQUEST, - "Could not find user in db".to_string(), - None, - ))?; + .ok_or(FrontendErrorResponse::BadRequest("Could not find user in db".to_string()))?; // Can there be two login-sessions at the same time? // I supposed if the user logs in, the admin would be logged out and vice versa diff --git a/web3_proxy/src/frontend/mod.rs b/web3_proxy/src/frontend/mod.rs index 140e936c..a9b29b51 100644 --- a/web3_proxy/src/frontend/mod.rs +++ b/web3_proxy/src/frontend/mod.rs @@ -170,9 +170,9 @@ pub async fn serve(port: u16, proxy_app: Arc) -> anyhow::Result<() .route("/user/stats/detailed", get(users::user_stats_detailed_get)) .route("/user/logout", post(users::user_logout_post)) .route("/admin/modify_role", get(admin::admin_change_user_roles)) - .route("/admin/imitate-login/:user_address", get(admin::admin_login_get)) + .route("/admin/imitate-login/:admin_address/:user_address", get(admin::admin_login_get)) .route( - "/admin/imitate-login/:user_address/:message_eip", + "/admin/imitate-login/:admin_address/:user_address/:message_eip", get(admin::admin_login_get), ) .route("/admin/imitate-login", post(admin::admin_login_post))