Merge branch 'master' of https://github.com/gradido/gradido

README.md

@@ -15,8 +15,10 @@ Currently we only support `docker` as environment to run all services, since man
 - [docker](https://www.docker.com/)
 
 ## How to run?
-
-`docker-compose up`
+```bash
+git submodule update --recursive --init
+docker-compose up
+```
 
 ## Useful Links
 

community_server

@@ -1 +1 @@
-Subproject commit 3bbd8d0b7cc5ba2f03a1d7e8c95f0f9290ae265a
+Subproject commit 7ebc7909eaf9e74ca81f561b0aac64797c3d0112

configs/login_server/grd_login.properties

@@ -47,3 +47,4 @@ session.timeout = 15
 # Disabling security features for faster develop and testing
 unsecure.allow_passwort_via_json_request = 1
 unsecure.allow_auto_sign_transactions = 1
+unsecure.allow_cors_all = 1

docu/community-server.api.md

@@ -0,0 +1,96 @@
+# community server api
+
+In this examples I assume that you use gradido with or docker-compose build on your local maschine
+
+## Konto Overview
+return current account balance
+
+GET http://localhost/state-balances/ajaxGetBalance/-127182
+
+If session is valid, return:
+```json
+{"state":"success","balance":174500}
+```
+- balance: Gradido Cent, 4 Nachkommastellen (2 Reserve), 174500 = 17,45 GDD
+
+## List Transactions
+List all transactions from logged in user, currently without paging 
+Ajax:
+GET http://localhost/state-balances/ajaxListTransactions/-127182
+
+Antwort: 
+Wenn alles okay: 
+```json
+{"state":"success", "transactions": 
+	[
+		{
+			"name": "Max Mustermann",
+			"email": "Maxim Mustermann", 
+			"type": "send",
+			"transaction_id": 2,
+			"date": "2021-02-19T13:25:36+00:00",
+			"balance": 1920000,
+			"memo": "a piece of cake :)",
+			"pubkey": "038a6f93270dc57b91d76bf110ad3863fcb7d1b08e7692e793fcdb4467e5b6a7"
+		 }
+	],
+	"transactionExecutingCount": 0,
+	"count": 1,
+	"gdtSum": 0,
+	"timeUsed": 0.04562687873840332
+}
+```
+
+- name: name of other involved party or empty if unknown (if other party don't belong to group)
+  - if type is send, name is name of receiver 
+  - if type is receive, name is name of sender 
+  - if type is creation currently I use a static string ("Gradido Akademie)
+- email: optional, only if type is send or receive and other user is known
+- pubkey: optional, only if type is send or receive and other user isn't known 
+- type: type of transaction
+  - creation: user has get gradidos created
+  - send: user has send another user gradidos
+  - receiver: user has received gradidos from another user
+- transaction_id: id of transaction in db, in stage2 also the hedera sequence number of transaction 
+- date: date of ordering transaction (booking date)
+- balance: Gradido Cent, 4 Nachkommastellen (2 Reserve), 1920000 = 192,00 GDD
+- memo: Details about transaction
+- pubkey: optional, if other party isn't known, hexadecimal representation of 32 Byte public key of user [0-9a-f]
+
+- transactionExecutingCount: how many transaction for this user currently pending and waiting for signing
+- count: sum of finished transactions user is involved
+- gdtSum: sum of gdt of user in cent with 2 places (Nachkommastellen)
+- timeUsed: time used for getting data from db in seconds, only for analyse backend performance
+
+## Send Coins Transaction
+Make a simple GDD Transaction, send Coins from one user to other. 
+With new Option set in Login-Server: 
+```ini
+unsecure.allow_auto_sign_transactions = 1
+```
+transactions can be auto-signed directly with handing in transaction.
+Normally a forwarding to login-server check transactions side is neccessary to minimize security risks.
+
+POST http://localhost/transaction-send-coins/ajaxCreate
+```json
+{"session_id" : -127182, "amount": 2000000, "email": "maxim.mustermann@gmail.com", "memo":"Thank you :)", "auto_sign": true}
+```
+- amout: amount to transfer, 2000000 = 200,00 GDD
+- email: receiver email address, must be differ from user email
+- memo: Details about transaction 
+- auto_sign: set to true to directly sign transaction if unsecure.allow_auto_sign_transactions = 1 is set
+
+return if everything is ok:
+```json
+{"state":"success", "timeUsed": 0.0122}
+```
+- timeUsed: time used for getting data from db in seconds, only for analyse backend performance
+
+Than the transaction was created on community server, send to login-server, signed (if unsecure.allow_auto_sign_transactions = 1 and auto_sign = true)
+and send back to community server and put into db. 
+After you get this answear you see the new transaction if you list transactions or call for the balance.
+
+Without auto-sign the transaction is pending on login-server and waits for the user to review it at 
+http://localhost/account/checkTransactions
+
+

docu/frontend_vue.drawio

@@ -0,0 +1,91 @@
+<mxfile host="65bd71144e" modified="2021-02-22T13:31:37.040Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) VSCodium/1.53.2 Chrome/87.0.4280.141 Electron/11.2.1 Safari/537.36" version="13.10.0" etag="y7D72XAZD3U_veQjI8Ph" type="embed">
+    <diagram id="nu_qrMNyk8VmQGza-vUj" name="Page-1">
+        <mxGraphModel dx="804" dy="373" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" background="#333333" math="0" shadow="0">
+            <root>
+                <mxCell id="0"/>
+                <mxCell id="1" parent="0"/>
+                <mxCell id="6" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="2" target="4">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="2" value="Client&lt;br&gt;(Browser)" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="130" y="160" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="4" value="Vue Frontend" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="350" y="160" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="9" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="5" target="7">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="10" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="5" target="8">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="5" value="Vue Backend" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="420" y="160" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="7" value="Login&lt;br&gt;Server" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="560" y="120" width="90" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="8" value="Community Server" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="560" y="200" width="90" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="20" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="11" target="14">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="11" value="JWT" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="250" y="330" width="40" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="12" value="Client&lt;br&gt;(Browser)" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="130" y="330" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="13" value="Vue" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="414" y="330" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="14" value="Generiert JWT&lt;br&gt;mit SessionID" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="344" y="330" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="18" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="15" target="16">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="19" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="15" target="17">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="15" value="SessionID&lt;br&gt;From&lt;br&gt;LoginServer" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="484" y="330" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="16" value="Login&lt;br&gt;Server" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="610" y="290" width="90" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="17" value="Community Server" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="610" y="370" width="90" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="31" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="22" target="24">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="22" value="SessionID in Cookie" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="220" y="500" width="69" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="23" value="Client&lt;br&gt;(Browser)" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="129" y="500" width="91" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="24" value="Vue" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="385" y="500" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="26" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="28" target="29">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="27" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="28" target="30">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="28" value="SessionID&lt;br&gt;From&lt;br&gt;LoginServer" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="455" y="500" width="70" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="29" value="Login&lt;br&gt;Server" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="609" y="460" width="90" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="30" value="Community Server" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="609" y="540" width="90" height="60" as="geometry"/>
+                </mxCell>
+            </root>
+        </mxGraphModel>
+    </diagram>
+</mxfile>

docu/login_server.api.md

@@ -0,0 +1,103 @@
+# login server api
+
+Gradido js-Frontend vereinfachte Zusammenarbeit mit Login-Server und Community-Server
+
+Es ist mit einer Zusatz-Option möglich das Login und Registrieren via ajax-Request passiern kann.
+Dafür muss in der Login-Server Config 
+
+```ini
+unsecure.allow_passwort_via_json_request   = 1 
+```
+
+gesetzt sein. 
+
+mit:
+```ini
+unsercure.allow_cors_all = 1
+```
+Wird bei allen JSON-Requests zum Header: Access-Control-Allow-Origin:* 
+hinzugefügt. 
+
+In diesen Beispielen gehe ich jetzt davon aus, das du das gesamte Gradido Projekt mit Docker gebaut hast und auf dem lokalen Rechner laufen lässt.
+
+Login
+Einloggen über: 
+
+
+## unsecureLogin
+
+POST http://localhost/login_api/unsecureLogin 
+```json
+data: {"email": "max.musterman@gmail.de", "password": "123abcDE&"}
+```
+
+Wenn alles okay ist erhältst du zum Beispiel:
+```json
+{"state":"success", "session_id": -127182, "clientIP":"52.68.96.58",
+  "user": {
+	"created": 1293872400,
+	"disabled": false, 
+	"email": "max.musterman@gmail.de",
+	"email_checked": true,
+	"first_name": "Max",
+	"group_alias": "gdd1",
+	"ident_hash": 1829912,
+	"public_hex": "c6e7d6a697fa74d6c247580edf1546989d43487575e21e398abe3cc2094bd63e",
+	"last_name": "Musterman",
+	"role": "none",
+	"username": "",
+	"balance": 174500,
+	"id": 1,
+	"errorCount": 0
+}}
+```
+- clientIP: should be the same as where the js-client is running, else maybe a man-in-the-middle attacks is happening or 
+nginx was wrong configured.
+- session_id: can be also negative
+- created: unix timestamp in seconds
+- disabled: if set to true, login and every transaction must fail. Currently used if use would like to have there account deleted. 
+- email_checked: true if user has already clicked on email verification code link in his emails, needed for tranactions
+- ident_hash: string hash from email, used for speed up creation validation
+- public_hex: hexadecimal representation of 32 Byte public key of user [0-9a-f]
+- role: not intended for future use, just ignore, login-server admin will be independently from community-server admin 
+- username: for later use 
+- balance: Gradido Cent, 4 Nachkommastellen (2 Reserve), 174500 = 17,45 GDD
+- id: login-server user id, only needed for debugging
+- errorCount: errors occured in this session, should be normally 0
+
+Anmelden
+Registrieren kannst du einen neuen Benutzer mit: 
+
+
+## createUser
+
+POST http://localhost/login_api/createUser
+```json
+data: {"email":"max.musterman@gmail.de", "first_name":"Max", "last_name":"Musterman" ,
+          "emailType": 2, "password":"123abcDE&"}
+```
+
+- emailType: control email-text sended with email verification code
+  - 2: default, if user has registered directly
+  - 5: if user was registered by an admin 
+
+Wenn alles okay ist erhältst du:
+```json
+{"state":"success"}
+```
+
+Dann wurde für den Benutzer ein neues Konto angelegt, seine Schlüssel generiert und ihm eine Bestätigungs-Email geschickt. 
+
+
+## Logout
+
+Abmelden
+POST http://localhost/login_api/logout
+```json
+data: {"session_id": -127182}
+```
+
+Wenn alles okay ist erhältst du:
+```json
+{"state":"success"}
+```

login_server

@@ -1 +1 @@
-Subproject commit a89e0c8e1360edfac81b3e73923690f7f1da7b5e
+Subproject commit 9b9115290c8d2ead756d64b70ae63a6571aa4693

logs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore