From d6d229a19d1ec2a9e3f82450dc569ac5f6633303 Mon Sep 17 00:00:00 2001 From: lior Date: Thu, 6 Feb 2020 11:49:11 +0300 Subject: [PATCH] ask password for every wallet operation --- src/main/scala/encry/EncryApp.scala | 34 +++++++------- src/main/scala/encry/Starter.scala | 2 +- .../encry/api/http/routes/WalletRoute.scala | 46 ++++++++++++++++--- 3 files changed, 58 insertions(+), 24 deletions(-) diff --git a/src/main/scala/encry/EncryApp.scala b/src/main/scala/encry/EncryApp.scala index db1f23ead8..b957b0873f 100644 --- a/src/main/scala/encry/EncryApp.scala +++ b/src/main/scala/encry/EncryApp.scala @@ -73,8 +73,8 @@ object EncryApp extends App with StrictLogging { ) } - def startHttp(dataHolderForApi: ActorRef, memoryPool: ActorRef) = - if (settings.restApi.enabled.getOrElse(false)) { + def startHttp(dataHolderForApi: ActorRef, memoryPool: ActorRef, newSettings: EncryAppSettings) = + if (newSettings.restApi.enabled.getOrElse(false)) { import akka.http.scaladsl.model.StatusCodes._ import akka.http.scaladsl.server.Directives._ @@ -87,23 +87,23 @@ object EncryApp extends App with StrictLogging { } val apiRoutes: Seq[ApiRoute] = Seq( - WebRoute(settings.restApi, settings.node, dataHolderForApi), - WalletRoute(settings.restApi, dataHolderForApi, settings), - PeersRoute(settings.restApi, settings.node, dataHolderForApi), - PeersConnectedRoute(settings.restApi, dataHolderForApi), - BanPeersRoute(settings.restApi, dataHolderForApi), - ArgonRoute(settings.restApi), - PeersApiRoute(settings.restApi, dataHolderForApi), - InfoApiRoute(dataHolderForApi, settings.restApi, nodeId, timeProvider), - HistoryApiRoute(dataHolderForApi, settings.restApi, nodeId), - TransactionsApiRoute(dataHolderForApi, memoryPool, settings.restApi), - WalletInfoApiRoute(dataHolderForApi, settings.restApi, Algos.encode(settings.constants.IntrinsicTokenId)), - NodeRoute(dataHolderForApi, settings.restApi) + WebRoute(newSettings.restApi, newSettings.node, dataHolderForApi), + WalletRoute(newSettings.restApi, dataHolderForApi, newSettings), + PeersRoute(newSettings.restApi, newSettings.node, dataHolderForApi), + PeersConnectedRoute(newSettings.restApi, dataHolderForApi), + BanPeersRoute(newSettings.restApi, dataHolderForApi), + ArgonRoute(newSettings.restApi), + PeersApiRoute(newSettings.restApi, dataHolderForApi), + InfoApiRoute(dataHolderForApi, newSettings.restApi, nodeId, timeProvider), + HistoryApiRoute(dataHolderForApi, newSettings.restApi, nodeId), + TransactionsApiRoute(dataHolderForApi, memoryPool, newSettings.restApi), + WalletInfoApiRoute(dataHolderForApi, newSettings.restApi, Algos.encode(newSettings.constants.IntrinsicTokenId)), + NodeRoute(dataHolderForApi, newSettings.restApi) ) Http().bindAndHandle( - CompositeHttpService(system, apiRoutes, settings.restApi, swaggerConfig).compositeRoute, - settings.restApi.bindAddress.getAddress.getHostAddress, - settings.restApi.bindAddress.getPort + CompositeHttpService(system, apiRoutes, newSettings.restApi, swaggerConfig).compositeRoute, + newSettings.restApi.bindAddress.getAddress.getHostAddress, + newSettings.restApi.bindAddress.getPort ) } diff --git a/src/main/scala/encry/Starter.scala b/src/main/scala/encry/Starter.scala index a7b8249851..b0567141da 100644 --- a/src/main/scala/encry/Starter.scala +++ b/src/main/scala/encry/Starter.scala @@ -436,7 +436,7 @@ class Starter(settings: EncryAppSettings, context.system.actorSelection("/user/cliListener") ! StartListening } - EncryApp.startHttp(dataHolderForApi, memoryPool) + EncryApp.startHttp(dataHolderForApi, memoryPool, newSettings) } } diff --git a/src/main/scala/encry/api/http/routes/WalletRoute.scala b/src/main/scala/encry/api/http/routes/WalletRoute.scala index 1dde32a658..f31637ea1e 100644 --- a/src/main/scala/encry/api/http/routes/WalletRoute.scala +++ b/src/main/scala/encry/api/http/routes/WalletRoute.scala @@ -36,7 +36,6 @@ case class WalletRoute(settings: RESTApiSettings, } yield (wallet, pubKeys) def walletScript(balances: Map[String, List[(String, Amount)]]): Text.TypedTag[String] = { - html( scalatags.Text.all.head( meta(charset := "utf-8"), @@ -90,6 +89,9 @@ case class WalletRoute(settings: RESTApiSettings, script( raw( s"""function wallet(){ + var password; + password=prompt('Please enter your password to view this page!',' '); + if(password == "${encrySettings.wallet.map(_.password).getOrElse("")}") { if(validateTransferForm()){ var addr = document.forms["myForm"]["addr"].value; var fee = document.forms["myForm"]["fee"].value; @@ -105,6 +107,10 @@ case class WalletRoute(settings: RESTApiSettings, window.alert("Transaction was created and sent to node"); setTimeout(location.reload.bind(location), 3000); } + } + else { + window.alert("Password is incorrect, please try again.") + } }""") ), script( @@ -131,6 +137,9 @@ case class WalletRoute(settings: RESTApiSettings, raw( s""" function contractF(){ + var password; + password=prompt('Please enter your password to view this page!',' '); + if(password == "${encrySettings.wallet.map(_.password).getOrElse("")}") { if(validateContractForm()){ var contract = document.forms["myForm4"]["contract"].value; var fee = document.forms["myForm4"]["fee"].value; @@ -146,6 +155,10 @@ case class WalletRoute(settings: RESTApiSettings, window.alert("Transaction was created and sent to node"); setTimeout(location.reload.bind(location), 3000); } + } + else{ + window.alert("Password is incorrect, please try again.") + } }""") ), script( @@ -165,7 +178,10 @@ case class WalletRoute(settings: RESTApiSettings, ), script( raw( - """function token(){ + s"""function token(){ + var password; + password=prompt('Please enter your password to view this page!',' '); + if(password == "${encrySettings.wallet.map(_.password).getOrElse("")}") { if (validateForm1()){ var fee = document.forms["myForm1"]["fee"].value; var amount = document.forms["myForm1"]["amount"].value; @@ -175,6 +191,10 @@ case class WalletRoute(settings: RESTApiSettings, window.alert("Transaction with token creation was created and sent to node"); setTimeout(location.reload.bind(location), 3000); } + } + else{ + window.alert("Password is incorrect, please try again.") + } }""") ), script( @@ -194,7 +214,10 @@ case class WalletRoute(settings: RESTApiSettings, ), script( raw( - """function dataTx(){ + s"""function dataTx(){ + var password; + password=prompt('Please enter your password to view this page!',' '); + if(password == "${encrySettings.wallet.map(_.password).getOrElse("")}") { if(validateDataForm()) { var fee = document.forms["myForm2"]["fee"].value; var data = document.forms["myForm2"]["data"].value; @@ -204,16 +227,27 @@ case class WalletRoute(settings: RESTApiSettings, window.alert("Data transaction was created and sent to node"); setTimeout(location.reload.bind(location), 3000); } + } + else { + window.alert("Password is incorrect, please try again.") + } }""") ), script( raw( - """function keyCreate() { - var request = new XMLHttpRequest(); + s"""function keyCreate() { + var password; + password=prompt('Please enter your password to view this page!',' '); + if(password == "${encrySettings.wallet.map(_.password).getOrElse("")}") { + var request = new XMLHttpRequest(); request.open('GET', "/wallet/createKey"); request.send(); - window.alert("Key created successfully"); + window.alert("Key created successfully"); setTimeout(location.reload.bind(location), 1500); + } + else { + window.alert("Password is incorrect, please try again.") + } }""") ),