Merge pull request #55 from lightsparkdev/fix/demovaspupdate

Update the demo vasp's UMA SDK and fix localhost domain logic.
lightsparkdev · Jan 19, 2024 · 12e2b5a · 12e2b5a
2 parents c27a940 + 1e5d37f
commit 12e2b5a
Show file tree

Hide file tree

Showing 7 changed files with 218 additions and 22 deletions.
diff --git a/examples/uma-server/config.go b/examples/uma-server/config.go
@@ -18,6 +18,7 @@ type UmaConfig struct {
 	UmaSigningPrivKeyHex    string
 	NodeMasterSeedHex       string
 	ClientBaseURL           string
+	SenderVaspDomain        string
 }
 
 func (c *UmaConfig) UmaEncryptionPubKeyBytes() ([]byte, error) {
@@ -77,5 +78,6 @@ func NewConfig() UmaConfig {
 		UmaSigningPrivKeyHex:    os.Getenv("LIGHTSPARK_UMA_SIGNING_PRIVKEY"),
 		NodeMasterSeedHex:       os.Getenv("LIGHTSPARK_UMA_MASTER_SEED"),
 		ClientBaseURL:           fmt.Sprintf("https://%s/graphql/server/rc", os.Getenv("LIGHTSPARK_EXAMPLE_BASE_URL")),
+		SenderVaspDomain:        os.Getenv("LIGHTSPARK_UMA_VASP_DOMAIN"),
 	}
 }
diff --git a/examples/uma-server/go.mod b/examples/uma-server/go.mod
@@ -8,15 +8,15 @@ require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/google/uuid v1.3.1
 	github.com/lightsparkdev/go-sdk v0.8.0
-	github.com/uma-universal-money-address/uma-go-sdk v0.6.0
+	github.com/uma-universal-money-address/uma-go-sdk v0.6.2
 )
 
 require (
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/ecies/go/v2 v2.0.7 // indirect
-	github.com/ethereum/go-ethereum v1.13.5 // indirect
+	github.com/ecies/go/v2 v2.0.9 // indirect
+	github.com/ethereum/go-ethereum v1.13.8 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
@@ -34,7 +34,7 @@ require (
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.16.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/net v0.19.0 // indirect
 	golang.org/x/sys v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect

diff --git a/examples/uma-server/go.sum b/examples/uma-server/go.sum
diff --git a/examples/uma-server/server.go b/examples/uma-server/server.go
@@ -5,6 +5,7 @@ import (
 	"github.com/uma-universal-money-address/uma-go-sdk/uma"
 	"log"
 	"os"
+	"time"
 )
 
 /**
@@ -27,10 +28,12 @@ func main() {
 	log.Printf("Starting server with config: %+v", config)
 	engine := gin.Default()
 	pubKeyCache := uma.NewInMemoryPublicKeyCache()
+	oneDayAgo := time.Now().AddDate(0, 0, -1)
 	vasp1 := NewVasp1(&config, pubKeyCache)
 	vasp2 := Vasp2{
 		config:      &config,
 		pubKeyCache: pubKeyCache,
+		nonceCache:  uma.NewInMemoryNonceCache(oneDayAgo),
 	}
 
 	// VASP1 Routes:

diff --git a/examples/uma-server/validators.go b/examples/uma-server/validators.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"errors"
+	"github.com/uma-universal-money-address/uma-go-sdk/uma"
 	"regexp"
 	"strings"
 )
@@ -33,9 +34,11 @@ func ValidateUserName(userName string) error {
 }
 
 func ValidateDomain(domain string) error {
+	hostWithoutPort := strings.Split(domain, ":")[0]
+	isLocalDomain := uma.IsDomainLocalhost(hostWithoutPort)
 	localHostWithPortRegex := regexp.MustCompile(`^localhost(:[0-9]+)?$`)
 	domainRegex := regexp.MustCompile(`^([a-zA-Z0-9_]{1}[a-zA-Z0-9_-]{0,62}){1}(\.[a-zA-Z0-9_]{1}[a-zA-Z0-9_-]{0,62})*[._]?$`)
-	if !domainRegex.MatchString(domain) && !localHostWithPortRegex.MatchString(domain) {
+	if !domainRegex.MatchString(domain) && !localHostWithPortRegex.MatchString(domain) && !isLocalDomain {
 		return errors.New("invalid VASP domain")
 	}
 	return nil

diff --git a/examples/uma-server/vasp1.go b/examples/uma-server/vasp1.go
@@ -26,14 +26,17 @@ type Vasp1 struct {
 	config       *UmaConfig
 	pubKeyCache  uma.PublicKeyCache
 	requestCache *Vasp1RequestCache
+	nonceCache   uma.NonceCache
 	client       *services.LightsparkClient
 }
 
 func NewVasp1(config *UmaConfig, pubKeyCache uma.PublicKeyCache) *Vasp1 {
+	oneDayAgo := time.Now().AddDate(0, 0, -1)
 	return &Vasp1{
 		config:       config,
 		pubKeyCache:  pubKeyCache,
 		requestCache: NewVasp1RequestCache(),
+		nonceCache:   uma.NewInMemoryNonceCache(oneDayAgo),
 		client:       services.NewLightsparkClient(config.ApiClientID, config.ApiClientSecret, &config.ClientBaseURL),
 	}
 }
@@ -52,12 +55,9 @@ func (v *Vasp1) handleClientUmaLookup(context *gin.Context) {
 	receiverId := addressParts[0]
 	receiverVasp := addressParts[1]
 	signingKey, err := v.config.UmaSigningPrivKeyBytes()
-	port := os.Getenv("PORT")
-	if port == "" {
-		port = "8081"
-	}
+
 	lnurlpRequest, err := uma.GetSignedLnurlpRequestUrl(
-		signingKey, receiverAddress, "localhost:"+port, true, nil)
+		signingKey, receiverAddress, v.getVaspDomain(context), true, nil)
 
 	resp, err := http.Get(lnurlpRequest.String())
 	if err != nil {
@@ -120,7 +120,7 @@ func (v *Vasp1) handleClientUmaLookup(context *gin.Context) {
 		})
 		return
 	}
-	err = uma.VerifyUmaLnurlpResponseSignature(lnurlpResponse, receiverSigningPubKey)
+	err = uma.VerifyUmaLnurlpResponseSignature(lnurlpResponse, receiverSigningPubKey, v.nonceCache)
 	if err != nil {
 		context.JSON(http.StatusInternalServerError, gin.H{
 			"status": "ERROR",
@@ -168,14 +168,11 @@ func (v *Vasp1) handleUnsupportedVersionResponse(response *http.Response, signin
 		})
 		return nil, true
 	}
-	port := os.Getenv("PORT")
-	if port == "" {
-		port = "8081"
-	}
+
 	lnurlpRequest, err := uma.GetSignedLnurlpRequestUrl(
 		signingKey,
 		receiverAddress,
-		"localhost:"+port,
+		v.getVaspDomain(context),
 		true,
 		highestSupportedVersion,
 	)
@@ -201,7 +198,7 @@ func (v *Vasp1) handleUnsupportedVersionResponse(response *http.Response, signin
 
 func (v *Vasp1) getUtxoCallback(context *gin.Context, txId string) string {
 	scheme := "https://"
-	if strings.HasPrefix(context.Request.Host, "localhost:") {
+	if uma.IsDomainLocalhost(context.Request.Host) {
 		scheme = "http://"
 	}
 	return fmt.Sprintf("%s%s/api/uma/utxocallback?txid=%s", scheme, context.Request.Host, txId)
@@ -632,6 +629,23 @@ func (v *Vasp1) handleNonUmaPayReq(
 	})
 }
 
+func (v *Vasp1) getVaspDomain(context *gin.Context) string {
+	envVaspDomain := v.config.SenderVaspDomain
+	if envVaspDomain != "" {
+		return envVaspDomain
+	}
+	requestHost := context.Request.Host
+	requestHostWithoutPort := strings.Split(requestHost, ":")[0]
+	port := os.Getenv("PORT")
+	if port == "" {
+		port = "8081"
+	}
+	if port != "80" && port != "443" {
+		return fmt.Sprintf("%s:%s", requestHostWithoutPort, port)
+	}
+	return requestHostWithoutPort
+}
+
 type PayerInfo struct {
 	Name       *string `json:"name"`
 	Email      *string `json:"email"`

diff --git a/examples/uma-server/vasp2.go b/examples/uma-server/vasp2.go
@@ -11,30 +11,30 @@ import (
 	"github.com/uma-universal-money-address/uma-go-sdk/uma"
 	"net/http"
 	"strconv"
-	"strings"
 	"time"
 )
 
 // Vasp2 is an implementation of the receiving VASP in the UMA protocol.
 type Vasp2 struct {
 	config      *UmaConfig
 	pubKeyCache uma.PublicKeyCache
+	nonceCache  uma.NonceCache
 }
 
 // Note: In a real application, this exchange rate would come from some real oracle.
 const MillisatoshiPerUsd = 22883.56
 
 func (v *Vasp2) getLnurlpCallback(context *gin.Context) string {
 	scheme := "https://"
-	if strings.HasPrefix(context.Request.Host, "localhost:") {
+	if uma.IsDomainLocalhost(context.Request.Host) {
 		scheme = "http://"
 	}
 	return fmt.Sprintf("%s%s/api/uma/payreq/%s", scheme, context.Request.Host, v.config.UserID)
 }
 
 func (v *Vasp2) getUtxoCallback(context *gin.Context, txId string) string {
 	scheme := "https://"
-	if strings.HasPrefix(context.Request.Host, "localhost:") {
+	if uma.IsDomainLocalhost(context.Request.Host) {
 		scheme = "http://"
 	}
 	return fmt.Sprintf("%s%s/api/uma/utxocallback?txid=%s", scheme, context.Request.Host, txId)
@@ -151,7 +151,7 @@ func (v *Vasp2) parseUmaQueryData(context *gin.Context) ([]byte, bool) {
 		})
 		return nil, true
 	}
-	if err := uma.VerifyUmaLnurlpQuerySignature(query, sendingVaspSigningPubKey); err != nil {
+	if err := uma.VerifyUmaLnurlpQuerySignature(query, sendingVaspSigningPubKey, v.nonceCache); err != nil {
 		context.JSON(http.StatusBadRequest, gin.H{
 			"status": "ERROR",
 			"reason": err.Error(),
@@ -341,7 +341,7 @@ func (v *Vasp2) handleUmaPayreq(context *gin.Context) {
 		})
 		return
 	}
-	if err := uma.VerifyPayReqSignature(request, sendingVaspSigningPubKey); err != nil {
+	if err := uma.VerifyPayReqSignature(request, sendingVaspSigningPubKey, v.nonceCache); err != nil {
 		context.JSON(http.StatusBadRequest, gin.H{
 			"status": "ERROR",
 			"reason": err.Error(),