Сократить promo-аргументы регистрации в Solana

This commit is contained in:
AidarKC
2026-06-30 18:40:33 +04:00
parent 0a416a2f5c
commit 63f13a4c29
4 changed files with 75 additions and 125 deletions
+2 -2
View File
@@ -1,2 +1,2 @@
client.version=1.2.291
server.version=1.2.271
client.version=1.2.292
server.version=1.2.272
+38 -37
View File
@@ -1,4 +1,4 @@
import { base64ToBytes, bytesToBase58, importPkcs8Ed25519, sha256Bytes, signBytes } from './crypto-utils.js';
import { base58ToBytes, base64ToBytes, bytesToBase58, importPkcs8Ed25519, sha256Bytes, signBytes } from './crypto-utils.js';
import { extractSeed32FromPkcs8B64 } from './client-key-utils.js';
import {
SHINE_LOGIN_GUARD_PROGRAM_ID,
@@ -216,9 +216,9 @@ function serializeCreateUserPdaArgs(args) {
}
buf.push(Number(args.trustedCount || 0) & 0xff);
for (const x of args.rootSignature64) buf.push(x);
const promoCode = String(args.promoCode || '').trim();
if (promoCode) {
pushStrU8(buf, promoCode);
const promoSellerLogin = normalizeLogin(String(args.promoSellerLogin || '').trim());
if (promoSellerLogin) {
pushStrU8(buf, promoSellerLogin);
}
return new Uint8Array(buf);
}
@@ -860,6 +860,39 @@ async function createShineUserPdaOnSolana({
const unsignedHash = await sha256Bytes(unsignedRecord);
const rootSig64 = await signBytes(ctx.rootPrivKey, unsignedHash);
let promoSellerPda = null;
let promoEd25519Ix = null;
let promoSellerLogin = '';
if (cleanPromoCode) {
const dashPos = cleanPromoCode.indexOf('-');
if (!cleanPromoCode.startsWith('1') || dashPos <= 1 || dashPos === cleanPromoCode.length - 1) {
throw new Error('Некорректный формат промокода');
}
const sellerLogin = normalizeLogin(cleanPromoCode.slice(1, dashPos));
const signatureBase58 = cleanPromoCode.slice(dashPos + 1);
promoSellerLogin = sellerLogin;
const [promoSellerAddress] = ctx.solana.PublicKey.findProgramAddressSync(
[new TextEncoder().encode(SHINE_USERS_PROMO_SELLER_PDA_SEED_PREFIX), new TextEncoder().encode(sellerLogin)],
ctx.usersProgram,
);
promoSellerPda = promoSellerAddress;
const promoMessage = buildPromoMessageBytes(cleanLogin);
const signatureBytes = base58ToBytes(signatureBase58);
if (signatureBytes.length !== 64) {
throw new Error('Подпись промокода должна быть 64 байта в Base58');
}
const sellerAccount = await ctx.connection.getAccountInfo(promoSellerAddress, 'confirmed');
if (!sellerAccount?.data || sellerAccount.data.length < 42) {
throw new Error('Promo seller PDA не найдена или повреждена');
}
const signerPubkey = new Uint8Array(sellerAccount.data.slice(10, 42));
promoEd25519Ix = new ctx.solana.TransactionInstruction({
programId: ctx.ed25519Program,
keys: [],
data: buildEd25519IxData(signatureBytes, signerPubkey, promoMessage),
});
}
const ixData = serializeCreateUserPdaArgs({
login: cleanLogin,
recoveryKey32: ctx.recoveryKey32,
@@ -884,41 +917,9 @@ async function createShineUserPdaOnSolana({
sessions: [],
trustedCount: 0,
rootSignature64: rootSig64,
promoCode: cleanPromoCode,
promoSellerLogin,
});
let promoSellerPda = null;
let promoEd25519Ix = null;
if (cleanPromoCode) {
const dashPos = cleanPromoCode.indexOf('-');
if (!cleanPromoCode.startsWith('1') || dashPos <= 1 || dashPos === cleanPromoCode.length - 1) {
throw new Error('Некорректный формат промокода');
}
const sellerLogin = normalizeLogin(cleanPromoCode.slice(1, dashPos));
const signatureBase58 = cleanPromoCode.slice(dashPos + 1);
const [promoSellerAddress] = ctx.solana.PublicKey.findProgramAddressSync(
[new TextEncoder().encode(SHINE_USERS_PROMO_SELLER_PDA_SEED_PREFIX), new TextEncoder().encode(sellerLogin)],
ctx.usersProgram,
);
promoSellerPda = promoSellerAddress;
const promoMessage = buildPromoMessageBytes(cleanLogin);
const signatureBytes = ctx.solana.bs58.decode(signatureBase58);
if (signatureBytes.length !== 64) {
throw new Error('Подпись промокода должна быть 64 байта в Base58');
}
const sellerAccount = await ctx.connection.getAccountInfo(promoSellerAddress, 'confirmed');
if (!sellerAccount?.data || sellerAccount.data.length < 42) {
throw new Error('Promo seller PDA не найдена или повреждена');
}
const signerPubkey = new Uint8Array(sellerAccount.data.slice(10, 42));
promoEd25519Ix = new ctx.solana.TransactionInstruction({
programId: ctx.ed25519Program,
keys: [],
data: buildEd25519IxData(signatureBytes, signerPubkey, promoMessage),
});
}
const ed25519RootIx = new ctx.solana.TransactionInstruction({
programId: ctx.ed25519Program,
keys: [],
@@ -267,7 +267,7 @@ On-chain инвариант только один:
### 7.3. Promo-обход login guard
При создании пользователя допускается опциональный `promo_code`.
При создании пользователя off-chain клиент может использовать опциональный `promo_code`.
Формат строки:
@@ -285,6 +285,8 @@ On-chain инвариант только один:
shine_promo_v1:<login_из_запроса_create_user_pda>
```
В сам `create_user_pda` при этом передаётся только `seller_login`, а подпись проверяется по отдельной Ed25519-инструкции в транзакции.
Если promo-код валиден, то:
- premium/trademark-проверка через `shine_login_guard` не выполняется;
@@ -385,7 +387,7 @@ shine_promo_v1:<login_из_запроса_create_user_pda>
- `additional_limit`
- mutable fields записи
- `root` signature по unsigned части
- опционально `promo_code`
- опционально `promo_seller_login`
### Бинарный ABI
@@ -398,15 +400,14 @@ shine_promo_v1:<login_из_запроса_create_user_pda>
- additional_limit: u64 LE
- fields: UserMutableFieldsV1
- root_signature: [u8; 64]
- optional trailing promo_code: string_u8
- optional trailing promo_seller_login: string_u8
```
### Обязательные проверки
1. Логин валиден по синтаксису.
2. Если promo-код не передан, логин разрешён `shine_login_guard`.
3. Если promo-код передан, он должен:
- иметь формат `1<seller_login>-<signature_base58>`;
3. Если promo-регистрация включена, программа получает `promo_seller_login`, а связанная Ed25519-инструкция должна:
- ссылаться на существующий `promo_seller_pda`;
- проходить Ed25519-проверку через `signer_pubkey` продавца;
- иметь `remaining_sales > 0`;
@@ -50,7 +50,6 @@ const IX_CREATE_USER_PDA: u8 = 3;
const IX_UPDATE_USER_PDA: u8 = 4;
const IX_UPSERT_PROMO_SELLER: u8 = 5;
const LOGIN_GUARD_IX_CLASSIFY_LOGIN: u8 = 1;
const PROMO_CODE_VERSION_PREFIX: char = '1';
#[repr(u32)]
#[derive(Clone, Copy, Debug)]
@@ -150,7 +149,7 @@ pub struct CreateUserPdaArgs {
pub additional_limit: u64,
pub fields: UserMutableFields,
pub signature: [u8; 64],
pub promo_code: Option<String>,
pub promo_seller_login: Option<String>,
}
#[derive(Clone, Debug)]
@@ -345,7 +344,7 @@ fn parse_create_args(r: &mut Reader<'_>) -> Result<CreateUserPdaArgs, ProgramErr
additional_limit: r.read_u64()?,
fields: parse_fields(r)?,
signature: r.read_fixed_64()?,
promo_code: if r.remaining() > 0 { Some(r.read_string_u8()?) } else { None },
promo_seller_login: if r.remaining() > 0 { Some(r.read_string_u8()?) } else { None },
})
}
@@ -543,9 +542,9 @@ fn process_create_user_pda<'a>(program_id: &Pubkey, accounts: &'a [AccountInfo<'
require_keys_eq!(*login_guard_program.key, Pubkey::from_str(settings::SHINE_LOGIN_GUARD_PROGRAM_ID).map_err(|_| ProgramError::from(ShineUsersError::InvalidLoginGuardResponse))?, ShineUsersError::InvalidLoginGuardResponse);
validate_users_economy_config_pda(program_id, users_economy_config_pda)?;
let promo_context = if let Some(promo_code) = args.promo_code.as_deref().filter(|value| !value.trim().is_empty()) {
let promo_context = if let Some(seller_login) = args.promo_seller_login.as_deref().filter(|value| !value.trim().is_empty()) {
let seller_pda = promo_seller_pda.ok_or(ProgramError::from(ShineUsersError::InvalidInstruction))?;
Some(verify_promo_registration(program_id, instructions_sysvar, seller_pda, &args.login, promo_code)?)
Some(verify_promo_registration(program_id, instructions_sysvar, seller_pda, &args.login, seller_login)?)
} else {
require!(promo_seller_pda.is_none(), ShineUsersError::InvalidInstruction);
None
@@ -728,9 +727,9 @@ fn verify_promo_registration<'a>(
instructions_sysvar: &AccountInfo<'a>,
promo_seller_pda: &'a AccountInfo<'a>,
target_login: &str,
promo_code: &str,
seller_login: &str,
) -> Result<PromoRegistrationContext<'a>, ProgramError> {
let (seller_login, signature58) = parse_promo_code(promo_code)?;
validate_login(seller_login)?;
let normalized_seller_login = login_seed_normalized(&seller_login);
let expected_pda = find_promo_seller_pda(program_id, &normalized_seller_login).0;
require_keys_eq!(expected_pda, *promo_seller_pda.key, ShineUsersError::InvalidPdaAddress);
@@ -740,9 +739,8 @@ fn verify_promo_registration<'a>(
require!(state.remaining_sales > 0, ShineUsersError::PromoSalesExhausted);
require!(target_login.len() >= state.min_login_length as usize, ShineUsersError::PromoLoginTooShort);
let signature = decode_base58_fixed_64(&signature58)?;
let message = build_promo_sign_message(target_login);
verify_ed25519_signature_instruction(instructions_sysvar, -3, &state.signer_pubkey, &signature, message.as_bytes())
verify_ed25519_instruction_pubkey_message(instructions_sysvar, -3, &state.signer_pubkey, message.as_bytes())
.map_err(|_| ProgramError::from(ShineUsersError::PromoSignatureMismatch))?;
let updated_state = PromoSellerState {
@@ -1071,27 +1069,38 @@ fn serialize_last_block_state(record: &UserRecord) -> Result<Vec<u8>, ProgramErr
Ok(out)
}
struct ParsedEd25519Ref<'a> {
struct ParsedEd25519Data {
pubkey: Pubkey,
signature: [u8; 64],
message: &'a [u8],
message: Vec<u8>,
}
fn verify_ed25519_signature_instruction(instructions_sysvar: &AccountInfo, index_relative_to_current: i64, expected_pubkey: &Pubkey, expected_signature: &[u8; 64], expected_message: &[u8]) -> ProgramResult {
require_keys_eq!(*instructions_sysvar.key, solana_program::sysvar::instructions::id(), ShineUsersError::InvalidSignature);
let current_index = load_current_index_checked(instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))? as i64;
let target_index = current_index.checked_add(index_relative_to_current).ok_or(ProgramError::from(ShineUsersError::InvalidSignature))?;
require!(target_index >= 0, ShineUsersError::InvalidSignature);
let ed_ix = load_instruction_at_checked(target_index as usize, instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))?;
require_keys_eq!(ed_ix.program_id, solana_program::ed25519_program::id(), ShineUsersError::InvalidSignature);
let parsed = parse_ed25519_ix(ed_ix.data.as_slice())?;
let parsed = load_parsed_ed25519_instruction(instructions_sysvar, index_relative_to_current)?;
require!(parsed.pubkey == *expected_pubkey, ShineUsersError::InvalidSignature);
require!(parsed.signature == *expected_signature, ShineUsersError::InvalidSignature);
require!(parsed.message == expected_message, ShineUsersError::InvalidSignature);
Ok(())
}
fn parse_ed25519_ix<'a>(data: &'a [u8]) -> Result<ParsedEd25519Ref<'a>, ProgramError> {
fn verify_ed25519_instruction_pubkey_message(instructions_sysvar: &AccountInfo, index_relative_to_current: i64, expected_pubkey: &Pubkey, expected_message: &[u8]) -> ProgramResult {
let parsed = load_parsed_ed25519_instruction(instructions_sysvar, index_relative_to_current)?;
require!(parsed.pubkey == *expected_pubkey, ShineUsersError::InvalidSignature);
require!(parsed.message == expected_message, ShineUsersError::InvalidSignature);
Ok(())
}
fn load_parsed_ed25519_instruction(instructions_sysvar: &AccountInfo, index_relative_to_current: i64) -> Result<ParsedEd25519Data, ProgramError> {
require_keys_eq!(*instructions_sysvar.key, solana_program::sysvar::instructions::id(), ShineUsersError::InvalidSignature);
let current_index = load_current_index_checked(instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))? as i64;
let target_index = current_index.checked_add(index_relative_to_current).ok_or(ProgramError::from(ShineUsersError::InvalidSignature))?;
require!(target_index >= 0, ShineUsersError::InvalidSignature);
let ed_ix = load_instruction_at_checked(target_index as usize, instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))?;
require_keys_eq!(ed_ix.program_id, solana_program::ed25519_program::id(), ShineUsersError::InvalidSignature);
parse_ed25519_ix(ed_ix.data.as_slice())
}
fn parse_ed25519_ix(data: &[u8]) -> Result<ParsedEd25519Data, ProgramError> {
require!(data.len() >= 16, ShineUsersError::InvalidSignature);
require!(data[0] == 1, ShineUsersError::InvalidSignature);
let signature_offset = le_u16(data, 2)? as usize;
@@ -1113,7 +1122,7 @@ fn parse_ed25519_ix<'a>(data: &'a [u8]) -> Result<ParsedEd25519Ref<'a>, ProgramE
let message = data.get(message_offset..message_end).ok_or(ProgramError::from(ShineUsersError::InvalidSignature))?;
let mut signature = [0u8; 64]; signature.copy_from_slice(signature_slice);
let pubkey = Pubkey::new_from_array(<[u8; 32]>::try_from(pubkey_slice).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))?);
Ok(ParsedEd25519Ref { pubkey, signature, message })
Ok(ParsedEd25519Data { pubkey, signature, message: message.to_vec() })
}
fn le_u16(data: &[u8], offset: usize) -> Result<u16, ProgramError> {
@@ -1122,19 +1131,6 @@ fn le_u16(data: &[u8], offset: usize) -> Result<u16, ProgramError> {
Ok(u16::from_le_bytes([s[0], s[1]]))
}
fn parse_promo_code(value: &str) -> Result<(String, String), ProgramError> {
let trimmed = value.trim();
let mut chars = trimmed.chars();
require!(chars.next() == Some(PROMO_CODE_VERSION_PREFIX), ShineUsersError::InvalidPromoCode);
let rest: String = chars.collect();
let dash_pos = rest.find('-').ok_or(ProgramError::from(ShineUsersError::InvalidPromoCode))?;
let seller_login = rest[..dash_pos].to_string();
let signature58 = rest[dash_pos + 1..].to_string();
require!(!seller_login.is_empty() && !signature58.is_empty(), ShineUsersError::InvalidPromoCode);
validate_login(&seller_login)?;
Ok((seller_login, signature58))
}
fn build_promo_sign_message(login: &str) -> String {
let mut message = String::with_capacity(settings::PROMO_SIGN_PREFIX.len() + login.len());
message.push_str(settings::PROMO_SIGN_PREFIX);
@@ -1142,54 +1138,6 @@ fn build_promo_sign_message(login: &str) -> String {
message
}
fn decode_base58_fixed_64(value: &str) -> Result<[u8; 64], ProgramError> {
let decoded = decode_base58(value)?;
<[u8; 64]>::try_from(decoded.as_slice()).map_err(|_| ProgramError::from(ShineUsersError::InvalidPromoCode))
}
fn decode_base58(value: &str) -> Result<Vec<u8>, ProgramError> {
let text = value.trim();
require!(!text.is_empty(), ShineUsersError::InvalidPromoCode);
let mut bytes = vec![0u8];
for ch in text.bytes() {
let digit = base58_value(ch).ok_or(ProgramError::from(ShineUsersError::InvalidPromoCode))? as u32;
let mut carry = digit;
for byte in &mut bytes {
let x = (*byte as u32).checked_mul(58).and_then(|v| v.checked_add(carry)).ok_or(ProgramError::from(ShineUsersError::MathOverflow))?;
*byte = (x & 0xff) as u8;
carry = x >> 8;
}
while carry > 0 {
bytes.push((carry & 0xff) as u8);
carry >>= 8;
}
}
for ch in text.bytes() {
if ch == b'1' {
bytes.push(0);
} else {
break;
}
}
bytes.reverse();
Ok(bytes)
}
fn base58_value(ch: u8) -> Option<u8> {
match ch {
b'1'..=b'9' => Some(ch - b'1'),
b'A'..=b'H' => Some(9 + (ch - b'A')),
b'J'..=b'N' => Some(17 + (ch - b'J')),
b'P'..=b'Z' => Some(22 + (ch - b'P')),
b'a'..=b'k' => Some(33 + (ch - b'a')),
b'm'..=b'z' => Some(44 + (ch - b'm')),
_ => None,
}
}
fn validate_login(login: &str) -> ProgramResult {
require!(!login.is_empty(), ShineUsersError::InvalidLogin);
require!(login.len() <= 20, ShineUsersError::InvalidLogin);