bot-api-go-client/safe_user.go at master · MixinNetwork/bot-api-go-client · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package bot

import (
	"context"
	"crypto/ed25519"
	"encoding/base64"
	"encoding/binary"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"time"

	"github.com/MixinNetwork/mixin/crypto"
)

func RegisterSafeWithSetupPin(ctx context.Context, su *SafeUser) (*User, error) {
	seed, err := hex.DecodeString(su.SpendPrivateKey)
	if err != nil {
		return nil, err
	}
	private := ed25519.NewKeyFromSeed(seed)
	spendPublicKey := private.Public().(ed25519.PublicKey)

	counter := make([]byte, 8)
	binary.BigEndian.PutUint64(counter, 1)
	pubTipBuf := append(spendPublicKey, counter...)
	encryptedPin, err := EncryptEd25519PIN(hex.EncodeToString(pubTipBuf), uint64(time.Now().UnixNano()), su)
	if err != nil {
		return nil, err
	}
	err = UpdatePin(ctx, "", encryptedPin, su)
	if err != nil {
		return nil, fmt.Errorf("update pin error: %w", err)
	}
	return RegisterSafeBareUser(ctx, su)
}

func RegisterSafeBareUser(ctx context.Context, su *SafeUser) (*User, error) {
	s, err := hex.DecodeString(su.SpendPrivateKey)
	if err != nil {
		return nil, err
	}
	private := ed25519.NewKeyFromSeed(s)
	h := crypto.Sha256Hash([]byte(su.UserId))
	signBytes := ed25519.Sign(private, h[:])
	signature := base64.RawURLEncoding.EncodeToString(signBytes[:])
	publicKey := hex.EncodeToString(private[32:])
	tipBody := TIPBodyForSequencerRegister(su.UserId, publicKey)
	sigBuf := ed25519.Sign(private, tipBody)

	encryptedPIN, err := EncryptEd25519PIN(hex.EncodeToString(sigBuf), uint64(time.Now().UnixNano()), su)
	if err != nil {
		return nil, err
	}
	data, _ := json.Marshal(map[string]string{
		"public_key": publicKey,
		"signature":  signature,
		"pin_base64": encryptedPIN,
	})

	token, err := SignAuthenticationToken("POST", "/safe/users", string(data), su)
	if err != nil {
		return nil, err
	}
	body, err := Request(ctx, "POST", "/safe/users", data, token)
	if err != nil {
		return nil, err
	}
	var resp struct {
		Data  *User  `json:"data"`
		Error *Error `json:"error,omitempty"`
	}
	err = json.Unmarshal(body, &resp)
	if err != nil {
		return nil, err
	}
	if resp.Error != nil {
		return nil, resp.Error
	}
	return resp.Data, nil
}

// If you want to register safe user, you need to call UpdateTipPin upgrade TIP PIN first.
// Deprecated, use RegisterSafeBareUser instead.
func RegisterSafe(ctx context.Context, spendPrivateKeyOrSeed string, su *SafeUser) (*UserMeView, error) {
	spend, err := hex.DecodeString(spendPrivateKeyOrSeed)
	if err != nil {
		return nil, err
	}
	var private ed25519.PrivateKey
	switch len(spend) {
	case ed25519.SeedSize:
		private = ed25519.NewKeyFromSeed(spend)
	case ed25519.PrivateKeySize:
		private = ed25519.PrivateKey(spend)
	default:
		return nil, fmt.Errorf("invalid seed length")
	}
	h := crypto.Sha256Hash([]byte(su.UserId))
	signBytes := ed25519.Sign(private, h[:])
	signature := base64.RawURLEncoding.EncodeToString(signBytes[:])
	publicKey := hex.EncodeToString(private[32:])
	tipBody := TIPBodyForSequencerRegister(su.UserId, publicKey)
	pinBuf, err := hex.DecodeString(su.SpendPrivateKey)
	if err != nil {
		return nil, err
	}
	if su.SpendPrivateKey != hex.EncodeToString(private) {
		panic("please use the same spend private key with tip private key, spend private key must not be empty")
	}
	sigBuf := ed25519.Sign(ed25519.PrivateKey(pinBuf), tipBody)

	encryptedPIN, err := EncryptEd25519PIN(hex.EncodeToString(sigBuf), uint64(time.Now().UnixNano()), su)
	if err != nil {
		return nil, err
	}
	data, _ := json.Marshal(map[string]string{
		"public_key": publicKey,
		"signature":  signature,
		"pin_base64": encryptedPIN,
	})

	token, err := SignAuthenticationToken("POST", "/safe/users", string(data), su)
	if err != nil {
		return nil, err
	}
	body, err := Request(ctx, "POST", "/safe/users", data, token)
	if err != nil {
		return nil, err
	}
	var resp struct {
		Data  *UserMeView `json:"data"`
		Error *Error      `json:"error,omitempty"`
	}
	err = json.Unmarshal(body, &resp)
	if err != nil {
		return nil, err
	}
	if resp.Error != nil {
		return nil, resp.Error
	}
	return resp.Data, nil
}