// get a service func (c *ServiceController) Get(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { service, found, err := models.FindServiceByObjectID(db.GetPostgresHandle(), params["id"]) if !found { services.Res(res).Error(404, "not_found", "service was not found") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } respObj, _ := services.StructToJsonToMap(service) services.Res(res).Json(respObj) }
// get an identity func (c *IdentityController) Get(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { identity, found, err := models.FindIdentityByObjectID(db.GetPostgresHandle(), params["id"]) if !found { services.Res(res).Error(404, "not_found", "identity was not found") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // create response respObj, _ := services.StructToJsonToMap(identity) if identity.Issuer { respObj["soul_balance"] = identity.SoulBalance } services.Res(res).Json(respObj) }
// open/unlock a wallet func (c *WalletController) Open(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // TODO: get from access token // authorizing wallet id authWalletID := "55c679145fe09c74ed000001" dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get wallet wallet, found, err := models.FindWalletByObjectID(dbTx, params["id"]) if !found { dbTx.Rollback() services.Res(res).Error(404, "not_found", "wallet not found") return } else if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure wallet matches authorizing wallet if wallet.ObjectID != authWalletID { dbTx.Rollback() services.Res(res).Error(401, "unauthorized", "client does not have permission to access wallet") return } // update lock state to false wallet.Lock = false // save and commit dbTx.Save(&wallet).Commit() services.Res(res).Json(wallet) }
// lock sets set the 'open' property of an object to false. Also resets all fields used by // all open methods func (c *ObjectController) Lock(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // TODO: get from access token // authorizing wallet id authWalletID := "55c679145fe09c74ed000001" dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get the object object, found, err := models.FindObjectByObjectID(dbTx, params["id"]) if !found { dbTx.Rollback() services.Res(res).Error(404, "not_found", "object was not found") return } else if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure object belongs to authorizing wallet if object.Wallet.ObjectID != authWalletID { dbTx.Rollback() services.Res(res).Error(401, "unauthorized", "objects: object does not belong to authorizing wallet") return } // clear open related fields of object clearOpen(&object) // save update and commit dbTx.Save(&object).Commit() services.Res(res).Json(object) }
// get an object by its id or pin func (c *ObjectController) Get(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { dbObj := db.GetPostgresHandle() object, found, err := models.FindObjectByObjectIDOrPin(dbObj, params["id"]) if !found { services.Res(res).Error(404, "not_found", "object was not found") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // construct response. remove private fields respObj, _ := services.StructToJsonToMap(object) delete(respObj["wallet"].(map[string]interface{})["identity"].(map[string]interface{}), "soul_balance") delete(respObj["wallet"].(map[string]interface{})["identity"].(map[string]interface{}), "email") delete(respObj["service"].(map[string]interface{})["identity"].(map[string]interface{}), "soul_balance") delete(respObj["service"].(map[string]interface{})["identity"].(map[string]interface{}), "email") services.Res(res).Json(respObj) }
func PostgresAutoMigration(db *services.DB) { db.GetPostgresHandle().AutoMigrate(&models.Token{}, &models.Service{}, &models.Identity{}, &models.Wallet{}, &models.Object{}) services.Println("Migration complete!") }
// create an identity func (c *IdentityController) Create(res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // parse request body var body identityCreateBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // full name is required if validator.IsNull(body.FullName) { services.Res(res).Error(400, "missing_parameter", "Missing required field: full_name") return } // email is required if validator.IsNull(body.Email) { services.Res(res).Error(400, "missing_parameter", "Missing required field: email") return } // email is required if !validator.IsEmail(body.Email) { services.Res(res).Error(400, "invalid_email", "email is invalid") return } // create identity newIdentity := models.Identity{ ObjectID: bson.NewObjectId().Hex(), FullName: body.FullName, Email: body.Email, } // if request is from Issuer controller, set issuer field to true if d := req.GetData("isIssuer"); d != nil && d.(bool) { // object is required if validator.IsNull(body.ObjectName) { services.Res(res).Error(400, "missing_parameter", "Missing required field: object_name") return } // base currency is required if validator.IsNull(body.BaseCurrency) { services.Res(res).Error(400, "missing_parameter", "Missing required field: base_currency") return } // base currency must be supported if !services.StringInStringSlice(config.SupportedBaseCurrencies, body.BaseCurrency) { services.Res(res).Error(400, "invalid_base_currency", "base currency is unknown") return } newIdentity.Issuer = true newIdentity.ObjectName = body.ObjectName newIdentity.BaseCurrency = body.BaseCurrency } err := models.CreateIdentity(db.GetPostgresHandle(), &newIdentity) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // create response respObj, _ := services.StructToJsonToMap(newIdentity) if newIdentity.Issuer { respObj["soul_balance"] = newIdentity.SoulBalance } services.Res(res).Json(respObj) }
// renew an issuer identity soul func (c *IdentityController) RenewSoul(res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // parse request body var body soulRenewBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // identity id is required if validator.IsNull(body.IdentityId) { services.Res(res).Error(400, "missing_parameter", "Missing required field: identity_id") return } // soul balance is required if body.SoulBalance == 0 { services.Res(res).Error(400, "missing_parameter", "Missing required field: soul_balance") return } // soul balance must be greater than zero if body.SoulBalance < MinimumObjectUnit { services.Res(res).Error(400, "invalid_soul_balance", "Soul balance must be equal or greater than minimum object unit which is 0.00000001") return } // ensure identity exists identity, found, err := models.FindIdentityByObjectID(db.GetPostgresHandle(), body.IdentityId) if !found { services.Res(res).Error(404, "invalid_identity", "identity_id is unknown") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure identity is an issuer if !identity.Issuer { services.Res(res).Error(400, "invalid_identity", "identity is not an issuer") return } // add to soul balance newIdentity, err := models.AddToSoulByObjectID(db.GetPostgresHandle(), identity.ObjectID, body.SoulBalance) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // create response, hide some fields respObj, _ := services.StructToJsonToMap(newIdentity) if newIdentity.Issuer { respObj["soul_balance"] = newIdentity.SoulBalance } services.Res(res).Json(respObj) }
// create a service func (c *ServiceController) Create(res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // parse request body var body createBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_client", "request body is invalid or malformed. Expects valid json body") return } // name is required if c.validate.IsEmpty(body.FullName) { services.Res(res).Error(400, "missing_parameter", "Missing required field: full_name") return } // full name must have max of 60 characters if !validator.StringLength(body.FullName, "1", "60") { services.Res(res).Error(400, "invalid_full_name", "full_name character limit is 60") return } // service name is required if c.validate.IsEmpty(body.ServiceName) { services.Res(res).Error(400, "missing_parameter", "Missing required field: service_name") return } // service name must have max of 30 characters if !validator.StringLength(body.ServiceName, "1", "60") { services.Res(res).Error(400, "invalid_service_name", "service_name character limit is 60") return } // description is required if c.validate.IsEmpty(body.Description) { services.Res(res).Error(400, "missing_parameter", "Missing required field: description") return } // description must have max of 140 characters if !validator.StringLength(body.Description, "1", "140") { services.Res(res).Error(400, "invalid_description", "description character limit is 140") return } // email is required if c.validate.IsEmpty(body.Email) { services.Res(res).Error(400, "missing_parameter", "Missing required field: email") return } // email must be valid if !validator.IsEmail(body.Email) { services.Res(res).Error(400, "invalid_email", "email is invalid") return } // create identity newIdentity := &models.Identity{ ObjectID: bson.NewObjectId().Hex(), FullName: body.FullName, Email: body.Email, } // start db transaction dbTx := db.GetPostgresHandle().Begin() if err := models.CreateIdentity(dbTx, newIdentity); err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // create client credentials clientId := services.GetRandString(services.GetRandNumRange(32, 42)) clientSecret := services.GetRandString(services.GetRandNumRange(32, 42)) // create new service object newService := models.Service{ ObjectID: bson.NewObjectId().Hex(), Name: body.ServiceName, Description: body.Description, ClientID: clientId, ClientSecret: clientSecret, Identity: newIdentity, } // create service err := models.CreateService(dbTx, &newService) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // commit db transaction dbTx.Commit() // send response respObj, _ := services.StructToJsonToMap(newService) services.Res(res).Json(respObj) }
// list object // supports // - pagination using 'page' query. Use per_page to set the number of results per page. max is 100 // - filters: filter_type, filter_service, filter_open, filter_open_method, filter_gte_date_created // filter_lte_date_created // - sorting: sort_balance, sort_date_created func (c *WalletController) List(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // TODO: get from access token // authorizing wallet id authWalletID := "55c679145fe09c74ed000001" dbCon := db.GetPostgresHandle() // get wallet wallet, found, err := models.FindWalletByObjectID(dbCon, params["id"]) if !found { services.Res(res).Error(404, "not_found", "wallet not found") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure wallet matches authorizing wallet if wallet.ObjectID != authWalletID { services.Res(res).Error(401, "unauthorized", "client does not have permission to access wallet") return } query := req.URL.Query() qPage := query.Get("page") if c.validate.IsEmpty(qPage) { qPage = "0" } else if !validator.IsNumeric(qPage) { services.Res(res).Error(400, "invalid_parameter", "page query value must be numeric") return } q := make(map[string]interface{}) q["wallet_id"] = wallet.ID order := "id asc" limitPerPage := int64(2) offset := int64(0) currentPage, err := strconv.ParseInt(qPage, 0, 64) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // set limit per page if provided in query qPerPage := query.Get("per_page") if !c.validate.IsEmpty(qPerPage) { if validator.IsNumeric(qPerPage) { qPerPage, _ := strconv.ParseInt(qPerPage, 0, 64) if qPerPage > 100 { qPerPage = 100 } else if qPerPage <= 0 { qPerPage = limitPerPage } limitPerPage = qPerPage } } // set current page default and calculate offset if currentPage <= 1 { currentPage = 1 offset = 0 } else { offset = (int64(limitPerPage) * currentPage) - int64(limitPerPage) } // apply type filter if included in query filterType := query.Get("filter_type") if !c.validate.IsEmpty(filterType) && services.StringInStringSlice([]string{"obj_value", "obj_valueless"}, filterType) { q["type"] = filterType } // apply service filter if included in query filterService := query.Get("filter_service") if !c.validate.IsEmpty(filterService) { // find service service, found, err := models.FindServiceByObjectID(db.GetPostgresHandle(), filterService) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } if found { q["service_id"] = service.ID } } // apply open filter if included in query filterOpen := query.Get("filter_open") if !c.validate.IsEmpty(filterOpen) && services.StringInStringSlice([]string{"true", "false"}, filterOpen) { q["open"] = filterOpen } // apply open_method filter if included in query filterOpenMethod := query.Get("filter_open_method") if !c.validate.IsEmpty(filterOpenMethod) && services.StringInStringSlice([]string{"open", "open_timed", "open_pin"}, filterOpenMethod) { q["open_method"] = filterOpenMethod } // apply filter_gte_date_created filter if included in query filterGTEDateCreated := query.Get("filter_gte_date_created") if !c.validate.IsEmpty(filterGTEDateCreated) { if validator.IsNumeric(filterGTEDateCreated) { ts, _ := strconv.ParseInt(filterGTEDateCreated, 0, 64) dbCon = dbCon.Where("created_at >= ?", services.UnixToTime(ts).UTC().Format(time.RFC3339Nano)) } } // apply filter_lte_date_created filter if included in query filterLTEDateCreated := query.Get("filter_lte_date_created") if !c.validate.IsEmpty(filterLTEDateCreated) { if validator.IsNumeric(filterLTEDateCreated) { ts, _ := strconv.ParseInt(filterLTEDateCreated, 0, 64) dbCon = dbCon.Where("created_at <= ?", services.UnixToTime(ts).UTC().Format(time.RFC3339Nano)) } } // the below connection is used for sorting/ordering var dbConSort = dbCon // apply sort_balance sort if included sortBalance := query.Get("sort_balance") if !c.validate.IsEmpty(sortBalance) { orderVal := "asc" if sortBalance == "-1" { orderVal = "desc" } dbConSort = dbCon.Order("objects.balance " + orderVal) } // apply ort_date_created sort if included sortDateCreated := query.Get("sort_date_created") if !c.validate.IsEmpty(sortDateCreated) { orderVal := "asc" if sortDateCreated == "-1" { orderVal = "desc" } dbConSort = dbConSort.Order("objects.created_at " + orderVal) } // find objects associated with wallet objects := []models.Object{} var objectsCount int64 // count number of objects. I didnt use dbConSort as count will throw an error dbCon.Model(models.Object{}).Where(q).Count(&objectsCount) // set the original db connection to the sort connection dbCon = dbConSort // calculate number of pages numPages := services.Round(float64(objectsCount) / float64(limitPerPage)) // fetch the objects dbCon.Where(q).Preload("Service.Identity").Preload("Wallet.Identity").Limit(limitPerPage).Offset(offset).Order(order).Find(&objects) // prepare response respObj, _ := services.StructToJsonToSlice(objects) if len(respObj) == 0 { respObj = []map[string]interface{}{} } services.Res(res).Json(map[string]interface{}{ "results": respObj, "_metadata": map[string]interface{}{ "total_count": objectsCount, "per_page": limitPerPage, "page_count": numPages, "page": currentPage, }, }) }
// charge an object. Deduct from an object, create one or more objects and // associated to one or more wallets func (c *ObjectController) Charge(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // parse body var body objectChargeBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // TODO: get client id from access token clientID := "kl14zFDq4SHlmmmVNHgLtE0LqCo8BTjyShOH" // get db transaction object dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get service service, _, _ := models.FindServiceByClientId(dbTx, clientID) // ensure object ids is not empty if len(body.IDS) == 0 { services.Res(res).ErrParam("ids").Error(400, "invalid_parameter", "provide one or more object ids to charge") return } // ensure object ids length is less than 100 if len(body.IDS) > 100 { services.Res(res).ErrParam("ids").Error(400, "invalid_parameter", "only a maximum of 100 objects can be charge at a time") return } // ensure destination wallet is provided if c.validate.IsEmpty(body.DestinationWalletID) { services.Res(res).ErrParam("wallet_id").Error(400, "invalid_parameter", "destination wallet id is reqired") return } // ensure amount is provided if body.Amount < MinimumObjectUnit { services.Res(res).ErrParam("amount").Error(400, "invalid_parameter", fmt.Sprintf("amount is below the minimum charge limit. Mininum charge limit is %.8f", MinimumObjectUnit)) return } // if meta is provided, ensure it is not greater than the limit size if !c.validate.IsEmpty(body.Meta) && len([]byte(body.Meta)) > MaxMetaSize { services.Res(res).ErrParam("meta").Error(400, "invalid_parameter", fmt.Sprintf("Meta contains too much data. Max size is %d bytes", MaxMetaSize)) return } // ensure destination wallet exists wallet, found, err := models.FindWalletByObjectID(dbTx, body.DestinationWalletID) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "api_error", "api_error") return } else if !found { dbTx.Rollback() services.Res(res).ErrParam("wallet_id").Error(404, "not_found", "wallet_id not found") return } // find all objects objectsFound, err := models.FindAllObjectsByObjectID(dbTx, body.IDS) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "api_error", "api_error") return } // ensure all objects exists if len(objectsFound) != len(body.IDS) { dbTx.Rollback() services.Res(res).ErrParam("ids").Error(404, "object_error", "one or more objects do not exist") return } // sort object by balance in descending order sort.Sort(services.ByObjectBalance(objectsFound)) // objects to charge objectsToCharge := []models.Object{} // validate each object // check open status (timed and pin) // collect the required objects to sufficiently // complete a charge from the list of found objects for _, object := range objectsFound { // as long as the total balance of objects to be charged is not above charge amount // keep setting aside objects to charge from. // once we have the required objects to cover charge amount, stop processing other objects if TotalBalance(objectsToCharge) < body.Amount { objectsToCharge = append(objectsToCharge, object) } else { break } // ensure service is the issuer of object if object.Service.ObjectID != service.ObjectID { dbTx.Rollback() services.Res(res).ErrParam("ids").Error(402, "object_error", fmt.Sprintf("%s: service cannot charge an object not issued by it", object.ObjectID)) return } // ensure object is open if !object.Open { dbTx.Rollback() services.Res(res).ErrParam("ids").Error(402, "object_error", fmt.Sprintf("%s: object is not opened and cannot be charged", object.ObjectID)) return } else { // for object with open_timed open method, ensure time is not passed if object.OpenMethod == models.ObjectOpenTimed { objectOpenTime := services.UnixToTime(object.OpenTime).UTC() now := time.Now().UTC() if now.After(objectOpenTime) { dbTx.Rollback() services.Res(res).ErrParam("ids").Error(402, "object_error", fmt.Sprintf("%s: object open time period has expired", object.ObjectID)) return } } // for object with open_pin open method, ensure pin is provided and // it matches. Pin should be found in the optional pin object of the request body if object.OpenMethod == models.ObjectOpenPin { if pin, found := body.Pins[object.ObjectID]; found { // ensure pin provided matches objects pin if !services.BcryptCompare(object.OpenPin, strconv.Itoa(pin)) { dbTx.Rollback() services.Res(res).ErrParam("ids").Error(402, "object_error", fmt.Sprintf("%s: pin provided to open object is invalid", object.ObjectID)) return } } else { dbTx.Rollback() services.Res(res).ErrParam("ids").Error(402, "object_error", fmt.Sprintf("%s: object pin not found in pin parameter of request body", object.ObjectID)) return } } } } totalObjectsBalance := TotalBalance(objectsToCharge) // ensure total balance of objects to charge is sufficient for charge amount if totalObjectsBalance < body.Amount { dbTx.Rollback() services.Res(res).ErrParam("amount").Error(402, "invalid_parameter", fmt.Sprintf("object%s total balance not sufficient to cover charge amount", services.SIfNotZero(len(body.IDS)))) return } lastObj := objectsToCharge[len(objectsToCharge)-1] // if there is excess, the last object is always the supplement object. // deduct from last object's balance, update object and remove it from the objectsToCharge list if totalObjectsBalance > body.Amount { lastObj.Balance = totalObjectsBalance - body.Amount objectsToCharge = objectsToCharge[0 : len(objectsToCharge)-1] dbTx.Save(&lastObj) } // delete the objects to charge for _, object := range objectsToCharge { dbTx.Delete(&object) } // create new object. set balance to charge balance // generate a pin countryCallCode := config.CurrencyCallCodes[strings.ToUpper(service.Identity.BaseCurrency)] newPin, err := services.NewObjectPin(strconv.Itoa(countryCallCode)) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "api_error", "server error") return } newObj := NewObject(newPin, models.ObjectValue, service, wallet, body.Amount, body.Meta) err = models.CreateObject(dbTx, &newObj) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "api_error", "server error") return } dbTx.Save(&newObj).Commit() services.Res(res).Json(newObj) }
// open an object for charge/consumption. An object opened in this method // will be consumable without restriction func (c *ObjectController) Open(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // TODO: get from access token // authorizing wallet id authWalletID := "55c679145fe09c74ed000001" // parse body var body objectOpenBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // ensure open method is provided if c.validate.IsEmpty(body.OpenMethod) { services.Res(res).Error(400, "invalid_parameter", "open_method: open method is required") return } // ensure a known open method is provided if body.OpenMethod != "open" && body.OpenMethod != "open_timed" && body.OpenMethod != "open_pin" { services.Res(res).Error(400, "invalid_parameter", "unknown open type method") return } dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get the object object, found, err := models.FindObjectByObjectID(dbTx, params["id"]) if !found { dbTx.Rollback() services.Res(res).Error(404, "not_found", "object was not found") return } else if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure object belongs to authorizing wallet if object.Wallet.ObjectID != authWalletID { dbTx.Rollback() services.Res(res).Error(401, "unauthorized", "objects: object does not belong to authorizing wallet") return } // set object's open property to true and open_method to `open` clearOpen(&object) object.Open = true object.OpenMethod = models.ObjectOpenDefault // for open_timed, // set 'open_time' field to indicate object open window if body.OpenMethod == "open_timed" { // ensure time field is provided if body.Time == 0 { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "time: open window time is required. use unix time") return } // time must be in the future now := time.Now().UTC() if !now.Before(services.UnixToTime(body.Time).UTC()) { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "time: use a unix time pointing to a period in the future") return } object.OpenMethod = models.ObjectOpenTimed object.OpenTime = body.Time } // for open_pin // open pin sets a pin for used by charge API if body.OpenMethod == "open_pin" { // ensure pin is provided if c.validate.IsEmpty(body.Pin) { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "pin: pin is required") return } // pin must be numeric if !validator.IsNumeric(body.Pin) { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "pin: pin must contain only numeric characters. e.g 4345") return } // pin length must be between 4 - 12 characters if len(body.Pin) < 4 || len(body.Pin) > 12 { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "pin: pin must have a minimum character length of 4 and maximum of 12") return } // hash pin using bcrypt pinHash, err := services.Bcrypt(body.Pin, 10) if err != nil { c.log.Error("unable to hash password. reason: " + err.Error()) services.Res(res).Error(500, "", "server error") return } object.OpenMethod = models.ObjectOpenPin object.OpenPin = pinHash } dbTx.Save(&object).Commit() services.Res(res).Json(object) }
// create a new object by subtracting from a source object func (c *ObjectController) Subtract(res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // TODO: get from access token // authorizing wallet id authWalletID := "55c679145fe09c74ed000001" // parse body var body objectSubtractBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // object is required if c.validate.IsEmpty(body.Object) { services.Res(res).Error(400, "missing_parameter", "Missing required field: object") return } // amount to subtract is required if body.AmountToSubtract < MinimumObjectUnit { services.Res(res).Error(400, "invalid_parameter", "amount: amount must be equal or greater than the minimum object unit which is 0.00000001") return } dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get the object object, found, err := models.FindObjectByObjectID(dbTx, body.Object) if !found { dbTx.Rollback() services.Res(res).Error(404, "not_found", "object was not found") return } else if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure object is a valuable type if object.Type == models.ObjectValueless { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "object: object must be a valuabe type (obj_value) ") return } // ensure object belongs to authorizing wallet if object.Wallet.ObjectID != authWalletID { dbTx.Rollback() services.Res(res).Error(401, "unauthorized", "objects: object does not belong to authorizing wallet") return } // ensure object's balance is sufficient if object.Balance < body.AmountToSubtract { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "amount: object's balance is insufficient") return } // if meta is provided, ensure it is not greater than the limit size if !body.InheritMeta && !c.validate.IsEmpty(body.Meta) && len([]byte(body.Meta)) > MaxMetaSize { services.Res(res).Error(400, "invalid_meta_size", fmt.Sprintf("Meta contains too much data. Max size is %d bytes", MaxMetaSize)) return } else { if body.InheritMeta { body.Meta = object.Meta } } // subtract and update object's balance object.Balance = object.Balance - body.AmountToSubtract dbTx.Save(&object) // create new object // generate a pin countryCallCode := config.CurrencyCallCodes[strings.ToUpper(object.Service.Identity.BaseCurrency)] newPin, err := services.NewObjectPin(strconv.Itoa(countryCallCode)) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } newObj := NewObject(newPin, models.ObjectValue, object.Service, object.Wallet, body.AmountToSubtract, body.Meta) err = models.CreateObject(dbTx, &newObj) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } dbTx.Commit() services.Res(res).Json(newObj) }
// divide an object into two or more equal parts. // maxinum of 100 equal parts is allowed. // object to be splitted must belong to authorizing wallet func (c *ObjectController) Divide(res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // authorizing wallet id // todo: get from access token authWalletID := "55c679145fe09c74ed000001" // parse body var body objectDivideBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // object is required if c.validate.IsEmpty(body.Object) { services.Res(res).Error(400, "missing_parameter", "Missing required field: object") return } // number of objects must be greater than 1 if body.NumObjects < 2 { services.Res(res).Error(400, "invalid_parameter", "num_objects: must be greater than 1") return } // number of objects must not be greater than 100 if body.NumObjects > 100 { services.Res(res).Error(400, "invalid_parameter", "num_objects: must be greater than 1") return } dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get the object object, found, err := models.FindObjectByObjectID(dbTx, body.Object) if !found { dbTx.Rollback() services.Res(res).Error(404, "not_found", "object was not found") return } else if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure object is a valuable type if object.Type == models.ObjectValueless { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "object: object must be a valuabe type (obj_value) ") return } // ensure object has enough balance (minimum of 0.000001) if object.Balance < 0.000001 { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "object: object must have a minimum balance of 0.000001") return } // ensure object belongs to authorizing wallet if object.Wallet.ObjectID != authWalletID { dbTx.Rollback() services.Res(res).Error(401, "unauthorized", "object does not belong to authorizing wallet") return } // if meta is provided, ensure it is not greater than the limit size if !body.InheritMeta && !c.validate.IsEmpty(body.Meta) && len([]byte(body.Meta)) > MaxMetaSize { services.Res(res).Error(400, "invalid_meta_size", fmt.Sprintf("Meta contains too much data. Max size is %d bytes", MaxMetaSize)) return } else { if body.InheritMeta { body.Meta = object.Meta } } // calculate new balance per object newBalance := object.Balance / float64(body.NumObjects) // delete object dbTx.Delete(&object) // create new objects newObjects := []models.Object{} for i := 0; i < body.NumObjects; i++ { // generate a pin countryCallCode := config.CurrencyCallCodes[strings.ToUpper(object.Service.Identity.BaseCurrency)] newPin, err := services.NewObjectPin(strconv.Itoa(countryCallCode)) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } newObj := NewObject(newPin, models.ObjectValue, object.Service, object.Wallet, newBalance, body.Meta) err = models.CreateObject(dbTx, &newObj) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } newObjects = append(newObjects, newObj) } dbTx.Commit() services.Res(res).Json(newObjects) }
// merge two or more objects. // Only a max of 100 identitcal objects can be merged. // All objects to be merged must exists. // Only similar objects can be merged. // Meta is not retained. Optional "meta" parameter can be // provided as new meta for the resulting object // TODO: Needs wallet authorization with scode "obj_merge" func (c *ObjectController) Merge(res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // authorizing wallet id // TODO: get this from the access token authWalletID := "55c679145fe09c74ed000001" // parse body var body objectMergeBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // objects field is required if body.Objects == nil { services.Res(res).Error(400, "missing_parameter", "Missing required field: objects") return } // objects field must contain at least two objects if len(body.Objects) < 2 { services.Res(res).Error(400, "invalid_parameter", "objects: minimum of two objects required") return } // objects field must not contain more than 100 objects if len(body.Objects) > 100 { services.Res(res).Error(400, "invalid_parameter", "objects: cannot merge more than 100 objects in a request") return } // ensure objects contain no duplicates if services.StringSliceHasDuplicates(body.Objects) { services.Res(res).Error(400, "invalid_parameter", "objects: must not contain duplicate objects") return } // if meta is provided, ensure it is not greater than the limit size if !c.validate.IsEmpty(body.Meta) && len([]byte(body.Meta)) > MaxMetaSize { services.Res(res).Error(400, "invalid_meta_size", fmt.Sprintf("Meta contains too much data. Max size is %d bytes", MaxMetaSize)) return } // get db transaction object dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // find all objects objectsFound, err := models.FindAllObjectsByObjectID(dbTx, body.Objects) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure all objects where found if len(objectsFound) != len(body.Objects) { dbTx.Rollback() services.Res(res).Error(400, "unknown_merge_objects", "one or more objects does not exists") return } totalBalance := 0.0 firstObj := objectsFound[0] checkObjName := firstObj.Service.Identity.ObjectName for _, object := range objectsFound { // ensure all objects are valuable and also ensure object's if object.Type == models.ObjectValueless { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "objects: only valuable objects (object_value) can be merged") return } // wallet id match the authorizing wallet id if object.Wallet.ObjectID != authWalletID { dbTx.Rollback() services.Res(res).Error(401, "unauthorized", "objects: one or more objects belongs to a different wallet") return } // ensure all objects are similar by their name / same issuer. // this also ensures all objects have the same base currency if checkObjName != object.Service.Identity.ObjectName { dbTx.Rollback() services.Res(res).Error(400, "invalid_parameter", "objects: only similar (by name) objects can be merged") return } // updated total balance totalBalance += object.Balance // delete object dbTx.Delete(&object) } // create a new object // generate a pin countryCallCode := config.CurrencyCallCodes[strings.ToUpper(firstObj.Service.Identity.BaseCurrency)] newPin, err := services.NewObjectPin(strconv.Itoa(countryCallCode)) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } newObj := NewObject(newPin, models.ObjectValue, firstObj.Service, firstObj.Wallet, totalBalance, body.Meta) err = models.CreateObject(dbTx, &newObj) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } dbTx.Commit() services.Res(res).Json(newObj) }
// create a wallet func (c *WalletController) Create(res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // parse body var body walletCreateBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // identity id is required if validator.IsNull(body.IdentityId) { services.Res(res).Error(400, "missing_parameter", "Missing required field: identity_id") return } // handle is required if validator.IsNull(body.Handle) { services.Res(res).Error(400, "missing_parameter", "Missing required field: handle") return } // password is required if validator.IsNull(body.Password) { services.Res(res).Error(400, "missing_parameter", "Missing required field: password") return } // identity id must exist identity, found, err := models.FindIdentityByObjectID(db.GetPostgresHandle(), body.IdentityId) if !found { services.Res(res).Error(404, "invalid_identity", "identity_id is unknown") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // handle must be unique across wallets _, found, err = models.FindWalletByHandle(db.GetPostgresHandle(), body.Handle) if found { services.Res(res).Error(400, "handle_registered", "handle has been registered to another wallet") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // password length must be 6 characters if len(body.Password) < 6 { services.Res(res).Error(400, "invalid_password", "password is too short. minimum length is 6 characters") return } // securely hash password hashedPassword, err := services.Bcrypt(body.Password, 10) if err != nil { c.log.Error("unable to hash password. reason: " + err.Error()) services.Res(res).Error(500, "", "server error") return } else { body.Password = hashedPassword } // create wallet object newWallet := models.Wallet{ ObjectID: bson.NewObjectId().Hex(), Identity: identity, Handle: body.Handle, Password: body.Password, } // create wallet err = models.CreateWallet(db.GetPostgresHandle(), &newWallet) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } respObj, _ := services.StructToJsonToMap(newWallet) services.Res(res).Json(respObj) }
// enable a service to issuer status func (c *ServiceController) EnableIssuer(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // parse request body var body enableIssuerBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_client", "request body is invalid or malformed. Expects valid json body") return } // service id is required if c.validate.IsEmpty(body.ServiceID) { services.Res(res).Error(400, "missing_parameter", "Missing required field: service_id") return } // ensure service exists service, found, err := models.FindServiceByObjectID(db.GetPostgresHandle(), body.ServiceID) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } else if !found { services.Res(res).Error(404, "not_found", "service was not found") return } // object name is required if c.validate.IsEmpty(body.ObjectName) { services.Res(res).Error(400, "missing_parameter", "Missing required field: object_name") return } // ensure no other service has used the object name identity, found, err := models.FindIdentityByObjectName(db.GetPostgresHandle(), body.ObjectName) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } else if found && identity.ObjectID != service.Identity.ObjectID { services.Res(res).Error(400, "invalid_object_name", "object name is not available, try a unique name") return } // base currency is required if validator.IsNull(body.BaseCurrency) { services.Res(res).Error(400, "missing_parameter", "Missing required field: base_currency") return } // base currency must be supported if !services.StringInStringSlice(config.SupportedBaseCurrencies, body.BaseCurrency) { services.Res(res).Error(400, "invalid_base_currency", "base currency is unknown") return } // set issuer to true service.Identity.Issuer = true service.Identity.ObjectName = strings.ToLower(body.ObjectName) service.Identity.BaseCurrency = body.BaseCurrency db.GetPostgresHandle().Save(&service) respObj, _ := services.StructToJsonToMap(service) respObj["identity"].(map[string]interface{})["soul_balance"] = service.Identity.SoulBalance services.Res(res).Json(respObj) }
// get counts and other numerical information about the state of a wallet // e.g object balance and count etc func (c *WalletController) Numbers(params martini.Params, res http.ResponseWriter, req services.AuxRequestContext, db *services.DB) { // TODO: get from access token // authorizing wallet id authWalletID := "55c679145fe09c74ed000001" dbCon := db.GetPostgresHandle() resp := map[string]interface{}{} query := req.URL.Query() count := int64(0) // predefine default query values query.Set("object_count", "true") query.Set("distinct_object_count", "true") query.Set("valuable_object_count", "true") query.Set("valueless_object_count", "true") query.Set("valueable_object_balance", "true") // get wallet wallet, found, err := models.FindWalletByObjectID(dbCon, params["id"]) if !found { services.Res(res).Error(404, "not_found", "wallet not found") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // ensure wallet matches authorizing wallet if wallet.ObjectID != authWalletID { services.Res(res).Error(401, "unauthorized", "client does not have permission to access wallet") return } // object_count objectCountField := query.Get("object_count") if !c.validate.IsEmpty(objectCountField) && services.StringInStringSlice([]string{"true", "false"}, objectCountField) { if objectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["object_count"] = count count = 0 } } // distinct_object_count distinctObjectCountField := query.Get("distinct_object_count") if !c.validate.IsEmpty(distinctObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, distinctObjectCountField) { if distinctObjectCountField == "true" { row, err := dbCon.Raw("SELECT COUNT(*) FROM (SELECT DISTINCT service_id FROM objects WHERE wallet_id = ?) AS distinct_object_count;", wallet.ID).Rows() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } if row.Next() { row.Scan(&count) } resp["distinct_object_count"] = count count = 0 } } // valuable_object_count valuableObjectCountField := query.Get("valuable_object_count") if !c.validate.IsEmpty(distinctObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, valuableObjectCountField) { if valuableObjectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, "type": models.ObjectValue, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["valuable_object_count"] = count count = 0 } } // valueless_object_count valuelessObjectCountField := query.Get("valueless_object_count") if !c.validate.IsEmpty(valuelessObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, valuelessObjectCountField) { if valuelessObjectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, "type": models.ObjectValueless, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["valueless_object_count"] = count count = 0 } } // valueable_object_balance valuableObjectBalanceField := query.Get("valueable_object_balance") if !c.validate.IsEmpty(distinctObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, valuableObjectBalanceField) { if valuableObjectBalanceField == "true" { row, err := dbCon.Raw("SELECT SUM(balance) AS total_balance FROM objects WHERE wallet_id = ? AND type = ?;", wallet.ID, models.ObjectValue).Rows() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } if row.Next() { row.Scan(&count) } resp["valueable_object_balance"] = count count = 0 } } // opened_object_count openedObjectCountField := query.Get("opened_object_count") if !c.validate.IsEmpty(openedObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, openedObjectCountField) { if openedObjectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, "open": true, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["opened_object_count"] = count count = 0 } } // locked_object_count lockedObjectCountField := query.Get("locked_object_count") if !c.validate.IsEmpty(lockedObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, lockedObjectCountField) { if lockedObjectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, "open": false, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["locked_object_count"] = count count = 0 } } // opened_timed_object_count openedTimedObjectCountField := query.Get("opened_timed_object_count") if !c.validate.IsEmpty(openedObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, openedTimedObjectCountField) { if openedTimedObjectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, "open": true, "open_method": models.ObjectOpenTimed, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["opened_timed_object_count"] = count count = 0 } } // opened_pin_object_count openedPinObjectCountField := query.Get("opened_pin_object_count") if !c.validate.IsEmpty(openedPinObjectCountField) && services.StringInStringSlice([]string{"true", "false"}, openedPinObjectCountField) { if openedPinObjectCountField == "true" { q := map[string]interface{}{ "wallet_id": wallet.ID, "open": true, "open_method": models.ObjectOpenPin, } dbCon.Model(models.Object{}).Where(q).Count(&count) resp["opened_pin_object_count"] = count count = 0 } } services.Res(res).Json(resp) }
// generate and return client_credentials token func (c *AuthController) GetClientCredentialToken(res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // get base64 encoded credentials base64Credential := services.StringSplit(req.Header.Get("Authorization"), " ")[1] base64CredentialDecoded := services.DecodeB64(base64Credential) credentials := services.StringSplit(base64CredentialDecoded, ":") // check if requesting client is a back service id if credentials[0] == BackOfficeId && credentials[1] == BackOfficeSecret { exp := int64(0) token, err := createJWTToken("", true, exp) if err != nil { log.Error(err) services.Res(res).Error(500, "", "server error") return } // create and save new token newToken := models.Token{ Token: token, Type: "bearer", ExpiresIn: time.Time{}, CreatedAt: time.Now().UTC(), UpdatedAt: time.Now().UTC(), } // persist token err = models.CreateToken(db.GetPostgresHandle(), &newToken) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } services.Res(res).Json(newToken) return } // find service by client id service, found, err := models.FindServiceByClientId(db.GetPostgresHandle(), credentials[0]) if !found && err == nil { log.Error(err) services.Res(res).Error(404, "", "service not found") return } else if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // compare secret if credentials[1] != service.ClientSecret { log.Error(err) services.Res(res).Error(401, "", "service credentials are invalid. ensure client id and secret are valid") return } // create access token exp := time.Now().Add(time.Hour * 1) token, err := createJWTToken(service.ObjectID, false, exp.UTC().Unix()) if err != nil { log.Error(err) services.Res(res).Error(500, "", "server error") return } // create and save new token newToken := models.Token{ Service: service, Token: token, Type: "bearer", ExpiresIn: exp.UTC(), CreatedAt: time.Now().UTC(), UpdatedAt: time.Now().UTC(), } // persist token err = models.CreateToken(db.GetPostgresHandle(), &newToken) if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } respObj, _ := services.StructToJsonToMap(newToken) respObj["service"] = services.DeleteKeys(respObj["service"].(map[string]interface{}), "client_id", "client_secret") services.Res(res).Json(respObj) }
// create object controller func (c *ObjectController) Create(res http.ResponseWriter, req services.AuxRequestContext, log *config.CustomLog, db *services.DB) { // parse body var body objectCreateBody if err := c.ParseJsonBody(req, &body); err != nil { services.Res(res).Error(400, "invalid_body", "request body is invalid or malformed. Expects valid json body") return } // TODO: get client id from access token clientID := "kl14zFDq4SHlmmmVNHgLtE0LqCo8BTjyShOH" // get db transaction object dbTx, err := db.GetPostgresHandleWithRepeatableReadTrans() if err != nil { c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } // get service service, _, _ := models.FindServiceByClientId(dbTx, clientID) // ensure service is an issuer if !service.Identity.Issuer { dbTx.Rollback() services.Res(res).Error(401, "unauthorized_service", "service is not an issuer") return } // type is required if validator.IsNull(body.Type) { dbTx.Rollback() services.Res(res).Error(400, "missing_parameter", "Missing required field: type") return } // ensure type is valid if strings.ToLower(body.Type) != models.ObjectValue && strings.ToLower(body.Type) != models.ObjectValueless { dbTx.Rollback() services.Res(res).Error(400, "invalid_type", "type can only be obj_value or obj_valueless") return } // wallet id is required if validator.IsNull(body.WalletID) { dbTx.Rollback() services.Res(res).Error(400, "missing_parameter", "Missing required field: wallet_id") return } // ensure number of objects is greater than 0 if body.NumberOfObjects < 1 { dbTx.Rollback() services.Res(res).Error(400, "invalid_number_objects", "number_objects must be atleast 1 but not more than 100") return } // ensure number of objects is not greater than 100(the limit) if body.NumberOfObjects > 100 { dbTx.Rollback() services.Res(res).Error(400, "invalid_number_objects", "number_objects must not be more than 100") return } // for object of value, validate unit per object if strings.ToLower(body.Type) == models.ObjectValue { if body.BalancePerObject == 0 { dbTx.Rollback() services.Res(res).Error(400, "missing_parameter", "Missing required field: unit_per_object") return } if body.BalancePerObject < MinimumObjectUnit { dbTx.Rollback() services.Res(res).Error(400, "invalid_unit_per_object", "unit_per_object must be equal or greater than the minimum object unit which is 0.00000001") return } soulBalanceRequired := float64(body.NumberOfObjects) * body.BalancePerObject if service.Identity.SoulBalance < soulBalanceRequired { dbTx.Rollback() services.Res(res).Error(400, "insufficient_soul_balance", fmt.Sprintf("not enough soul balance to create object(s). Requires %.2f soul balance", soulBalanceRequired)) return } // update services soul balance service.Identity.SoulBalance = service.Identity.SoulBalance - soulBalanceRequired } // if meta is provided, ensure it is not greater than the limit size if !c.validate.IsEmpty(body.Meta) && len([]byte(body.Meta)) > MaxMetaSize { dbTx.Rollback() services.Res(res).Error(400, "invalid_meta_size", fmt.Sprintf("Meta contains too much data. Max size is %d bytes", MaxMetaSize)) return } // ensure wallet exists wallet, found, err := models.FindWalletByObjectID(dbTx, body.WalletID) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } else if !found { dbTx.Rollback() services.Res(res).Error(404, "invalid_wallet", "wallet_id is unknown") return } // ensure service owns the wallet if service.Identity.ObjectID != wallet.Identity.ObjectID { dbTx.Rollback() services.Res(res).Error(401, "invalid_wallet", "wallet is not owned by this service. Use a wallet created by this service") return } // create objects allNewObjects := []models.Object{} for i := 0; i < body.NumberOfObjects; i++ { // generate a pin countryCallCode := config.CurrencyCallCodes[strings.ToUpper(service.Identity.BaseCurrency)] newPin, err := services.NewObjectPin(strconv.Itoa(countryCallCode)) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } newObj := NewObject(newPin, body.Type, service, wallet, body.BalancePerObject, body.Meta) err = models.CreateObject(dbTx, &newObj) if err != nil { dbTx.Rollback() c.log.Error(err.Error()) services.Res(res).Error(500, "", "server error") return } allNewObjects = append(allNewObjects, newObj) } // update identity's soul balance dbTx.Save(service.Identity).Commit() services.Res(res).Json(allNewObjects) }