SHA256
Сократить promo-аргументы регистрации в Solana
This commit is contained in:
+2
-2
@@ -1,2 +1,2 @@
|
||||
client.version=1.2.291
|
||||
server.version=1.2.271
|
||||
client.version=1.2.292
|
||||
server.version=1.2.272
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { base64ToBytes, bytesToBase58, importPkcs8Ed25519, sha256Bytes, signBytes } from './crypto-utils.js';
|
||||
import { base58ToBytes, base64ToBytes, bytesToBase58, importPkcs8Ed25519, sha256Bytes, signBytes } from './crypto-utils.js';
|
||||
import { extractSeed32FromPkcs8B64 } from './client-key-utils.js';
|
||||
import {
|
||||
SHINE_LOGIN_GUARD_PROGRAM_ID,
|
||||
@@ -216,9 +216,9 @@ function serializeCreateUserPdaArgs(args) {
|
||||
}
|
||||
buf.push(Number(args.trustedCount || 0) & 0xff);
|
||||
for (const x of args.rootSignature64) buf.push(x);
|
||||
const promoCode = String(args.promoCode || '').trim();
|
||||
if (promoCode) {
|
||||
pushStrU8(buf, promoCode);
|
||||
const promoSellerLogin = normalizeLogin(String(args.promoSellerLogin || '').trim());
|
||||
if (promoSellerLogin) {
|
||||
pushStrU8(buf, promoSellerLogin);
|
||||
}
|
||||
return new Uint8Array(buf);
|
||||
}
|
||||
@@ -860,6 +860,39 @@ async function createShineUserPdaOnSolana({
|
||||
const unsignedHash = await sha256Bytes(unsignedRecord);
|
||||
const rootSig64 = await signBytes(ctx.rootPrivKey, unsignedHash);
|
||||
|
||||
let promoSellerPda = null;
|
||||
let promoEd25519Ix = null;
|
||||
let promoSellerLogin = '';
|
||||
if (cleanPromoCode) {
|
||||
const dashPos = cleanPromoCode.indexOf('-');
|
||||
if (!cleanPromoCode.startsWith('1') || dashPos <= 1 || dashPos === cleanPromoCode.length - 1) {
|
||||
throw new Error('Некорректный формат промокода');
|
||||
}
|
||||
const sellerLogin = normalizeLogin(cleanPromoCode.slice(1, dashPos));
|
||||
const signatureBase58 = cleanPromoCode.slice(dashPos + 1);
|
||||
promoSellerLogin = sellerLogin;
|
||||
const [promoSellerAddress] = ctx.solana.PublicKey.findProgramAddressSync(
|
||||
[new TextEncoder().encode(SHINE_USERS_PROMO_SELLER_PDA_SEED_PREFIX), new TextEncoder().encode(sellerLogin)],
|
||||
ctx.usersProgram,
|
||||
);
|
||||
promoSellerPda = promoSellerAddress;
|
||||
|
||||
const promoMessage = buildPromoMessageBytes(cleanLogin);
|
||||
const signatureBytes = base58ToBytes(signatureBase58);
|
||||
if (signatureBytes.length !== 64) {
|
||||
throw new Error('Подпись промокода должна быть 64 байта в Base58');
|
||||
}
|
||||
const sellerAccount = await ctx.connection.getAccountInfo(promoSellerAddress, 'confirmed');
|
||||
if (!sellerAccount?.data || sellerAccount.data.length < 42) {
|
||||
throw new Error('Promo seller PDA не найдена или повреждена');
|
||||
}
|
||||
const signerPubkey = new Uint8Array(sellerAccount.data.slice(10, 42));
|
||||
promoEd25519Ix = new ctx.solana.TransactionInstruction({
|
||||
programId: ctx.ed25519Program,
|
||||
keys: [],
|
||||
data: buildEd25519IxData(signatureBytes, signerPubkey, promoMessage),
|
||||
});
|
||||
}
|
||||
const ixData = serializeCreateUserPdaArgs({
|
||||
login: cleanLogin,
|
||||
recoveryKey32: ctx.recoveryKey32,
|
||||
@@ -884,41 +917,9 @@ async function createShineUserPdaOnSolana({
|
||||
sessions: [],
|
||||
trustedCount: 0,
|
||||
rootSignature64: rootSig64,
|
||||
promoCode: cleanPromoCode,
|
||||
promoSellerLogin,
|
||||
});
|
||||
|
||||
let promoSellerPda = null;
|
||||
let promoEd25519Ix = null;
|
||||
if (cleanPromoCode) {
|
||||
const dashPos = cleanPromoCode.indexOf('-');
|
||||
if (!cleanPromoCode.startsWith('1') || dashPos <= 1 || dashPos === cleanPromoCode.length - 1) {
|
||||
throw new Error('Некорректный формат промокода');
|
||||
}
|
||||
const sellerLogin = normalizeLogin(cleanPromoCode.slice(1, dashPos));
|
||||
const signatureBase58 = cleanPromoCode.slice(dashPos + 1);
|
||||
const [promoSellerAddress] = ctx.solana.PublicKey.findProgramAddressSync(
|
||||
[new TextEncoder().encode(SHINE_USERS_PROMO_SELLER_PDA_SEED_PREFIX), new TextEncoder().encode(sellerLogin)],
|
||||
ctx.usersProgram,
|
||||
);
|
||||
promoSellerPda = promoSellerAddress;
|
||||
|
||||
const promoMessage = buildPromoMessageBytes(cleanLogin);
|
||||
const signatureBytes = ctx.solana.bs58.decode(signatureBase58);
|
||||
if (signatureBytes.length !== 64) {
|
||||
throw new Error('Подпись промокода должна быть 64 байта в Base58');
|
||||
}
|
||||
const sellerAccount = await ctx.connection.getAccountInfo(promoSellerAddress, 'confirmed');
|
||||
if (!sellerAccount?.data || sellerAccount.data.length < 42) {
|
||||
throw new Error('Promo seller PDA не найдена или повреждена');
|
||||
}
|
||||
const signerPubkey = new Uint8Array(sellerAccount.data.slice(10, 42));
|
||||
promoEd25519Ix = new ctx.solana.TransactionInstruction({
|
||||
programId: ctx.ed25519Program,
|
||||
keys: [],
|
||||
data: buildEd25519IxData(signatureBytes, signerPubkey, promoMessage),
|
||||
});
|
||||
}
|
||||
|
||||
const ed25519RootIx = new ctx.solana.TransactionInstruction({
|
||||
programId: ctx.ed25519Program,
|
||||
keys: [],
|
||||
|
||||
@@ -267,7 +267,7 @@ On-chain инвариант только один:
|
||||
|
||||
### 7.3. Promo-обход login guard
|
||||
|
||||
При создании пользователя допускается опциональный `promo_code`.
|
||||
При создании пользователя off-chain клиент может использовать опциональный `promo_code`.
|
||||
|
||||
Формат строки:
|
||||
|
||||
@@ -285,6 +285,8 @@ On-chain инвариант только один:
|
||||
shine_promo_v1:<login_из_запроса_create_user_pda>
|
||||
```
|
||||
|
||||
В сам `create_user_pda` при этом передаётся только `seller_login`, а подпись проверяется по отдельной Ed25519-инструкции в транзакции.
|
||||
|
||||
Если promo-код валиден, то:
|
||||
|
||||
- premium/trademark-проверка через `shine_login_guard` не выполняется;
|
||||
@@ -385,7 +387,7 @@ shine_promo_v1:<login_из_запроса_create_user_pda>
|
||||
- `additional_limit`
|
||||
- mutable fields записи
|
||||
- `root` signature по unsigned части
|
||||
- опционально `promo_code`
|
||||
- опционально `promo_seller_login`
|
||||
|
||||
### Бинарный ABI
|
||||
|
||||
@@ -398,15 +400,14 @@ shine_promo_v1:<login_из_запроса_create_user_pda>
|
||||
- additional_limit: u64 LE
|
||||
- fields: UserMutableFieldsV1
|
||||
- root_signature: [u8; 64]
|
||||
- optional trailing promo_code: string_u8
|
||||
- optional trailing promo_seller_login: string_u8
|
||||
```
|
||||
|
||||
### Обязательные проверки
|
||||
|
||||
1. Логин валиден по синтаксису.
|
||||
2. Если promo-код не передан, логин разрешён `shine_login_guard`.
|
||||
3. Если promo-код передан, он должен:
|
||||
- иметь формат `1<seller_login>-<signature_base58>`;
|
||||
3. Если promo-регистрация включена, программа получает `promo_seller_login`, а связанная Ed25519-инструкция должна:
|
||||
- ссылаться на существующий `promo_seller_pda`;
|
||||
- проходить Ed25519-проверку через `signer_pubkey` продавца;
|
||||
- иметь `remaining_sales > 0`;
|
||||
|
||||
@@ -50,7 +50,6 @@ const IX_CREATE_USER_PDA: u8 = 3;
|
||||
const IX_UPDATE_USER_PDA: u8 = 4;
|
||||
const IX_UPSERT_PROMO_SELLER: u8 = 5;
|
||||
const LOGIN_GUARD_IX_CLASSIFY_LOGIN: u8 = 1;
|
||||
const PROMO_CODE_VERSION_PREFIX: char = '1';
|
||||
|
||||
#[repr(u32)]
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
@@ -150,7 +149,7 @@ pub struct CreateUserPdaArgs {
|
||||
pub additional_limit: u64,
|
||||
pub fields: UserMutableFields,
|
||||
pub signature: [u8; 64],
|
||||
pub promo_code: Option<String>,
|
||||
pub promo_seller_login: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
@@ -345,7 +344,7 @@ fn parse_create_args(r: &mut Reader<'_>) -> Result<CreateUserPdaArgs, ProgramErr
|
||||
additional_limit: r.read_u64()?,
|
||||
fields: parse_fields(r)?,
|
||||
signature: r.read_fixed_64()?,
|
||||
promo_code: if r.remaining() > 0 { Some(r.read_string_u8()?) } else { None },
|
||||
promo_seller_login: if r.remaining() > 0 { Some(r.read_string_u8()?) } else { None },
|
||||
})
|
||||
}
|
||||
|
||||
@@ -543,9 +542,9 @@ fn process_create_user_pda<'a>(program_id: &Pubkey, accounts: &'a [AccountInfo<'
|
||||
require_keys_eq!(*login_guard_program.key, Pubkey::from_str(settings::SHINE_LOGIN_GUARD_PROGRAM_ID).map_err(|_| ProgramError::from(ShineUsersError::InvalidLoginGuardResponse))?, ShineUsersError::InvalidLoginGuardResponse);
|
||||
validate_users_economy_config_pda(program_id, users_economy_config_pda)?;
|
||||
|
||||
let promo_context = if let Some(promo_code) = args.promo_code.as_deref().filter(|value| !value.trim().is_empty()) {
|
||||
let promo_context = if let Some(seller_login) = args.promo_seller_login.as_deref().filter(|value| !value.trim().is_empty()) {
|
||||
let seller_pda = promo_seller_pda.ok_or(ProgramError::from(ShineUsersError::InvalidInstruction))?;
|
||||
Some(verify_promo_registration(program_id, instructions_sysvar, seller_pda, &args.login, promo_code)?)
|
||||
Some(verify_promo_registration(program_id, instructions_sysvar, seller_pda, &args.login, seller_login)?)
|
||||
} else {
|
||||
require!(promo_seller_pda.is_none(), ShineUsersError::InvalidInstruction);
|
||||
None
|
||||
@@ -728,9 +727,9 @@ fn verify_promo_registration<'a>(
|
||||
instructions_sysvar: &AccountInfo<'a>,
|
||||
promo_seller_pda: &'a AccountInfo<'a>,
|
||||
target_login: &str,
|
||||
promo_code: &str,
|
||||
seller_login: &str,
|
||||
) -> Result<PromoRegistrationContext<'a>, ProgramError> {
|
||||
let (seller_login, signature58) = parse_promo_code(promo_code)?;
|
||||
validate_login(seller_login)?;
|
||||
let normalized_seller_login = login_seed_normalized(&seller_login);
|
||||
let expected_pda = find_promo_seller_pda(program_id, &normalized_seller_login).0;
|
||||
require_keys_eq!(expected_pda, *promo_seller_pda.key, ShineUsersError::InvalidPdaAddress);
|
||||
@@ -740,9 +739,8 @@ fn verify_promo_registration<'a>(
|
||||
require!(state.remaining_sales > 0, ShineUsersError::PromoSalesExhausted);
|
||||
require!(target_login.len() >= state.min_login_length as usize, ShineUsersError::PromoLoginTooShort);
|
||||
|
||||
let signature = decode_base58_fixed_64(&signature58)?;
|
||||
let message = build_promo_sign_message(target_login);
|
||||
verify_ed25519_signature_instruction(instructions_sysvar, -3, &state.signer_pubkey, &signature, message.as_bytes())
|
||||
verify_ed25519_instruction_pubkey_message(instructions_sysvar, -3, &state.signer_pubkey, message.as_bytes())
|
||||
.map_err(|_| ProgramError::from(ShineUsersError::PromoSignatureMismatch))?;
|
||||
|
||||
let updated_state = PromoSellerState {
|
||||
@@ -1071,27 +1069,38 @@ fn serialize_last_block_state(record: &UserRecord) -> Result<Vec<u8>, ProgramErr
|
||||
Ok(out)
|
||||
}
|
||||
|
||||
struct ParsedEd25519Ref<'a> {
|
||||
struct ParsedEd25519Data {
|
||||
pubkey: Pubkey,
|
||||
signature: [u8; 64],
|
||||
message: &'a [u8],
|
||||
message: Vec<u8>,
|
||||
}
|
||||
|
||||
fn verify_ed25519_signature_instruction(instructions_sysvar: &AccountInfo, index_relative_to_current: i64, expected_pubkey: &Pubkey, expected_signature: &[u8; 64], expected_message: &[u8]) -> ProgramResult {
|
||||
require_keys_eq!(*instructions_sysvar.key, solana_program::sysvar::instructions::id(), ShineUsersError::InvalidSignature);
|
||||
let current_index = load_current_index_checked(instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))? as i64;
|
||||
let target_index = current_index.checked_add(index_relative_to_current).ok_or(ProgramError::from(ShineUsersError::InvalidSignature))?;
|
||||
require!(target_index >= 0, ShineUsersError::InvalidSignature);
|
||||
let ed_ix = load_instruction_at_checked(target_index as usize, instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))?;
|
||||
require_keys_eq!(ed_ix.program_id, solana_program::ed25519_program::id(), ShineUsersError::InvalidSignature);
|
||||
let parsed = parse_ed25519_ix(ed_ix.data.as_slice())?;
|
||||
let parsed = load_parsed_ed25519_instruction(instructions_sysvar, index_relative_to_current)?;
|
||||
require!(parsed.pubkey == *expected_pubkey, ShineUsersError::InvalidSignature);
|
||||
require!(parsed.signature == *expected_signature, ShineUsersError::InvalidSignature);
|
||||
require!(parsed.message == expected_message, ShineUsersError::InvalidSignature);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn parse_ed25519_ix<'a>(data: &'a [u8]) -> Result<ParsedEd25519Ref<'a>, ProgramError> {
|
||||
fn verify_ed25519_instruction_pubkey_message(instructions_sysvar: &AccountInfo, index_relative_to_current: i64, expected_pubkey: &Pubkey, expected_message: &[u8]) -> ProgramResult {
|
||||
let parsed = load_parsed_ed25519_instruction(instructions_sysvar, index_relative_to_current)?;
|
||||
require!(parsed.pubkey == *expected_pubkey, ShineUsersError::InvalidSignature);
|
||||
require!(parsed.message == expected_message, ShineUsersError::InvalidSignature);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn load_parsed_ed25519_instruction(instructions_sysvar: &AccountInfo, index_relative_to_current: i64) -> Result<ParsedEd25519Data, ProgramError> {
|
||||
require_keys_eq!(*instructions_sysvar.key, solana_program::sysvar::instructions::id(), ShineUsersError::InvalidSignature);
|
||||
let current_index = load_current_index_checked(instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))? as i64;
|
||||
let target_index = current_index.checked_add(index_relative_to_current).ok_or(ProgramError::from(ShineUsersError::InvalidSignature))?;
|
||||
require!(target_index >= 0, ShineUsersError::InvalidSignature);
|
||||
let ed_ix = load_instruction_at_checked(target_index as usize, instructions_sysvar).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))?;
|
||||
require_keys_eq!(ed_ix.program_id, solana_program::ed25519_program::id(), ShineUsersError::InvalidSignature);
|
||||
parse_ed25519_ix(ed_ix.data.as_slice())
|
||||
}
|
||||
|
||||
fn parse_ed25519_ix(data: &[u8]) -> Result<ParsedEd25519Data, ProgramError> {
|
||||
require!(data.len() >= 16, ShineUsersError::InvalidSignature);
|
||||
require!(data[0] == 1, ShineUsersError::InvalidSignature);
|
||||
let signature_offset = le_u16(data, 2)? as usize;
|
||||
@@ -1113,7 +1122,7 @@ fn parse_ed25519_ix<'a>(data: &'a [u8]) -> Result<ParsedEd25519Ref<'a>, ProgramE
|
||||
let message = data.get(message_offset..message_end).ok_or(ProgramError::from(ShineUsersError::InvalidSignature))?;
|
||||
let mut signature = [0u8; 64]; signature.copy_from_slice(signature_slice);
|
||||
let pubkey = Pubkey::new_from_array(<[u8; 32]>::try_from(pubkey_slice).map_err(|_| ProgramError::from(ShineUsersError::InvalidSignature))?);
|
||||
Ok(ParsedEd25519Ref { pubkey, signature, message })
|
||||
Ok(ParsedEd25519Data { pubkey, signature, message: message.to_vec() })
|
||||
}
|
||||
|
||||
fn le_u16(data: &[u8], offset: usize) -> Result<u16, ProgramError> {
|
||||
@@ -1122,19 +1131,6 @@ fn le_u16(data: &[u8], offset: usize) -> Result<u16, ProgramError> {
|
||||
Ok(u16::from_le_bytes([s[0], s[1]]))
|
||||
}
|
||||
|
||||
fn parse_promo_code(value: &str) -> Result<(String, String), ProgramError> {
|
||||
let trimmed = value.trim();
|
||||
let mut chars = trimmed.chars();
|
||||
require!(chars.next() == Some(PROMO_CODE_VERSION_PREFIX), ShineUsersError::InvalidPromoCode);
|
||||
let rest: String = chars.collect();
|
||||
let dash_pos = rest.find('-').ok_or(ProgramError::from(ShineUsersError::InvalidPromoCode))?;
|
||||
let seller_login = rest[..dash_pos].to_string();
|
||||
let signature58 = rest[dash_pos + 1..].to_string();
|
||||
require!(!seller_login.is_empty() && !signature58.is_empty(), ShineUsersError::InvalidPromoCode);
|
||||
validate_login(&seller_login)?;
|
||||
Ok((seller_login, signature58))
|
||||
}
|
||||
|
||||
fn build_promo_sign_message(login: &str) -> String {
|
||||
let mut message = String::with_capacity(settings::PROMO_SIGN_PREFIX.len() + login.len());
|
||||
message.push_str(settings::PROMO_SIGN_PREFIX);
|
||||
@@ -1142,54 +1138,6 @@ fn build_promo_sign_message(login: &str) -> String {
|
||||
message
|
||||
}
|
||||
|
||||
fn decode_base58_fixed_64(value: &str) -> Result<[u8; 64], ProgramError> {
|
||||
let decoded = decode_base58(value)?;
|
||||
<[u8; 64]>::try_from(decoded.as_slice()).map_err(|_| ProgramError::from(ShineUsersError::InvalidPromoCode))
|
||||
}
|
||||
|
||||
fn decode_base58(value: &str) -> Result<Vec<u8>, ProgramError> {
|
||||
let text = value.trim();
|
||||
require!(!text.is_empty(), ShineUsersError::InvalidPromoCode);
|
||||
|
||||
let mut bytes = vec![0u8];
|
||||
for ch in text.bytes() {
|
||||
let digit = base58_value(ch).ok_or(ProgramError::from(ShineUsersError::InvalidPromoCode))? as u32;
|
||||
let mut carry = digit;
|
||||
for byte in &mut bytes {
|
||||
let x = (*byte as u32).checked_mul(58).and_then(|v| v.checked_add(carry)).ok_or(ProgramError::from(ShineUsersError::MathOverflow))?;
|
||||
*byte = (x & 0xff) as u8;
|
||||
carry = x >> 8;
|
||||
}
|
||||
while carry > 0 {
|
||||
bytes.push((carry & 0xff) as u8);
|
||||
carry >>= 8;
|
||||
}
|
||||
}
|
||||
|
||||
for ch in text.bytes() {
|
||||
if ch == b'1' {
|
||||
bytes.push(0);
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
bytes.reverse();
|
||||
Ok(bytes)
|
||||
}
|
||||
|
||||
fn base58_value(ch: u8) -> Option<u8> {
|
||||
match ch {
|
||||
b'1'..=b'9' => Some(ch - b'1'),
|
||||
b'A'..=b'H' => Some(9 + (ch - b'A')),
|
||||
b'J'..=b'N' => Some(17 + (ch - b'J')),
|
||||
b'P'..=b'Z' => Some(22 + (ch - b'P')),
|
||||
b'a'..=b'k' => Some(33 + (ch - b'a')),
|
||||
b'm'..=b'z' => Some(44 + (ch - b'm')),
|
||||
_ => None,
|
||||
}
|
||||
}
|
||||
|
||||
fn validate_login(login: &str) -> ProgramResult {
|
||||
require!(!login.is_empty(), ShineUsersError::InvalidLogin);
|
||||
require!(login.len() <= 20, ShineUsersError::InvalidLogin);
|
||||
|
||||
Reference in New Issue
Block a user