diff --git a/config/routes.php b/config/routes.php index 27d998f2c..92efb56ea 100644 --- a/config/routes.php +++ b/config/routes.php @@ -58,6 +58,7 @@ Router::scope('/', function (RouteBuilder $routes) { // Skip token check for API URLs. //die($request->getParam('controller')); $whitelist = ['JsonRequestHandler', 'ElopageWebhook']; + $ajaxWhitelist = ['TransactionSendCoins']; foreach($whitelist as $entry) { if($request->getParam('controller') === $entry) { @@ -74,9 +75,19 @@ Router::scope('/', function (RouteBuilder $routes) { $ip = gethostbyname($allowed); if($ip === $callerIp) return true; } + die("caller ip: $callerIp
"); } } } + // disable csfr for all ajax requests in ajax whitelisted controller + foreach($ajaxWhitelist as $entry) { + if($request->getParam('controller') === $entry) { + $action = $request->getParam('action'); + if(preg_match('/^ajax/', $action)) { + return true; + } + } + } }); // Register scoped middleware for in scopes. diff --git a/src/Controller/TransactionSendCoinsController.php b/src/Controller/TransactionSendCoinsController.php index 40cccb90e..6b9dec4b2 100644 --- a/src/Controller/TransactionSendCoinsController.php +++ b/src/Controller/TransactionSendCoinsController.php @@ -37,6 +37,7 @@ class TransactionSendCoinsController extends AppController //$this->Auth->allow(['add', 'edit']); $this->Auth->allow('create'); $this->Auth->allow('createRaw'); + $this->Auth->allow('ajaxCreate'); $this->set( 'naviHierarchy', (new NaviHierarchy())-> @@ -288,6 +289,126 @@ class TransactionSendCoinsController extends AppController $this->set('timeUsed', microtime(true) - $startTime); } + + public function ajaxCreate() + { + if ($this->request->is('post')) { + $startTime = microtime(true); + $jsonData = $this->request->input('json_decode', true); + $session_id = $jsonData['session_id']; + if(!$session_id) { + return $this->returnJson(['state' => 'error', 'msg' => 'invalid session id']); + } + + $login_result = $this->requestLogin($session_id, false); + if($login_result !== true) { + return $this->returnJson($login_result); + } + $session = $this->getRequest()->getSession(); + $user = $session->read('StateUser'); + + $receiverPubKeyHex = ''; + $senderPubKeyHex = $user['public_hex']; + + if(!isset($user['balance']) || $jsonData['amount'] > $user['balance']) { + return $this->returnJson(['state' => 'error', 'msg' => 'not enough GDD']); + } + + $receiverEmail = $jsonData['email']; + if($receiverEmail === $user['email']) { + return $this->returnJson(['state' => 'error', 'msg' => 'sender and receiver email are the same']); + } + + $requestAnswear = $this->JsonRequestClient->sendRequest(json_encode([ + 'session_id' => $session_id, + 'email' => $receiverEmail, + 'ask' => ['user.pubkeyhex', 'user.disabled'] + ]), '/getUserInfos'); + if('success' == $requestAnswear['state'] && 'success' == $requestAnswear['data']['state']) { + // will be allways 64 byte long, even if it is empty + $receiverPubKeyHex = $requestAnswear['data']['userData']['pubkeyhex']; + } else { + return $this->returnJson([ + 'state' => 'error', + 'msg' => 'receiver email not found on login-server', + 'details' => $requestAnswear, + 'timeUsed' => microtime(true) - $startTime + ]); + } + if($requestAnswear['data']['userData']['disabled']) { + return $this->returnJson([ + 'state' => 'error', + 'msg' => 'receiver is currently disabled, he cannot receive payments', + 'timeUsed' => microtime(true) - $startTime + ]); + } + + + //var_dump($sessionStateUser); + + $builderResult = TransactionTransfer::build( + $jsonData['amount'], + $jsonData['memo'], + $receiverPubKeyHex, + $senderPubKeyHex + ); + if($builderResult['state'] === 'success') { + + $http = new Client(); + try { + $loginServer = Configure::read('LoginServer'); + $url = $loginServer['host'] . ':' . $loginServer['port']; + + $response = $http->post($url . '/checkTransaction', json_encode([ + 'session_id' => $session_id, + 'transaction_base64' => base64_encode($builderResult['transactionBody']->serializeToString()), + 'balance' => $user['balance'] + ]), ['type' => 'json']); + $json = $response->getJson(); + if($json['state'] != 'success') { + if($json['msg'] == 'session not found') { + $session->destroy(); + return $this->returnJson([ + 'state' => 'error', + 'msg' => 'session not found', + 'details' => $session_id, + 'timeUsed' => microtime(true) - $startTime + ]); + //$this->Flash->error(__('session not found, please login again')); + } else { + return $this->returnJson([ + 'state' => 'error', + 'msg' => 'login server return error', + 'details' => $json, + 'timeUsed' => microtime(true) - $startTime + ]); + } + } else { + return $this->returnJson(['state' => 'success', 'timeUsed' => microtime(true) - $startTime]); + } + + } catch(\Exception $e) { + $msg = $e->getMessage(); + //$this->Flash->error(__('error http request: ') . $msg); + return $this->returnJson([ + 'state' => 'error', + 'msg' => 'error http request', + 'details' => $msg, + 'timeUsed' => microtime(true) - $startTime + ]); + } + + } else { + return $this->returnJson([ + 'state' => 'error', + 'msg' => 'no valid receiver public key given', + 'details' => $receiverPubKeyHex, + 'timeUsed' => microtime(true) - $startTime + ]); + } + } + return $this->returnJson(['state' => 'error', 'msg' => 'no post request']); + } public function createRaw() { diff --git a/src/Model/Transactions/TransactionBody.php b/src/Model/Transactions/TransactionBody.php index 0dca15637..8164f33f7 100644 --- a/src/Model/Transactions/TransactionBody.php +++ b/src/Model/Transactions/TransactionBody.php @@ -79,7 +79,7 @@ class TransactionBody extends TransactionBase { if ($transactionsTable->save($transactionEntity)) { // success $this->mTransactionID = $transactionEntity->id; - if(!$this->mSpecificTransaction->save($transactionEntity->id, $firstPublic)) { + if(!$this->mSpecificTransaction->save($transactionEntity->id, $firstPublic, $transactionEntity->received)) { $this->addErrors($this->mSpecificTransaction->getErrors()); return false; } diff --git a/src/Model/Transactions/TransactionCreation.php b/src/Model/Transactions/TransactionCreation.php index d9caa9f7b..62d5d03b8 100644 --- a/src/Model/Transactions/TransactionCreation.php +++ b/src/Model/Transactions/TransactionCreation.php @@ -225,7 +225,7 @@ class TransactionCreation extends TransactionBase { } // update state balance - if(false === $this->updateStateBalance($receiverUserId, $this->getAmount())) { + if(false === $this->updateStateBalance($receiverUserId, $this->getAmount(), $transactionCreationEntity->target_date)) { return false; } diff --git a/src/Model/Transactions/TransactionTransfer.php b/src/Model/Transactions/TransactionTransfer.php index c89a0f175..dff3d876d 100644 --- a/src/Model/Transactions/TransactionTransfer.php +++ b/src/Model/Transactions/TransactionTransfer.php @@ -158,7 +158,7 @@ class TransactionTransfer extends TransactionBase { return true; } - public function save($transaction_id, $firstPublic) { + public function save($transaction_id, $firstPublic, $received) { static $functionName = 'TransactionCreation::save'; @@ -182,11 +182,11 @@ class TransactionTransfer extends TransactionBase { return false; } - $finalSenderBalance = $this->updateStateBalance($senderUserId, -$senderAmount->getAmount()); + $finalSenderBalance = $this->updateStateBalance($senderUserId, -$senderAmount->getAmount(), $received); if(false === $finalSenderBalance) { return false; } - if(false === $this->updateStateBalance($receiverUserId, $receiverAmount->getAmount())) { + if(false === $this->updateStateBalance($receiverUserId, $receiverAmount->getAmount(), $received)) { return false; }