Merge pull request bisq-network#2 from blabno/minimal-api-3

Minimal api
blabno · Oct 8, 2019 · c8e5778 · c8e5778
2 parents 560d66b + f7abd62
commit c8e5778
Show file tree

Hide file tree

Showing 30 changed files with 1,893 additions and 0 deletions.
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
diff --git a/api/README.md b/api/README.md
@@ -0,0 +1,87 @@
+# Bisq HTTP API
+
+**The API branch is under development! 
+Do not use it in production environment at the current state!**
+
+Enabling the API exposes some of Bisq's functionality for access over a http API.
+You can run it either as the desktop application or as a headless application.
+
+On that branch we start to implement feature by feature starting with the most simple one - `version`.
+
+
+**Known issues**: Wallet password protection is not supported at the moment for the headless version. So if you have set 
+ a wallet password when running the Desktop version and afterwards run the headless version it will get stuck at startup 
+ expecting the wallet password. This feature will be implemented soon._
+
+**Note**: If you have a Bisq application with BTC already set up it is recommended to use the optional `appName` argument to 
+provide a different name and data directory so that the default Bisq application is not exposed via the API. That way 
+your data and wallet from your default Bisq application are completely isolated from the API application. In the below 
+commands we use the argument `--appName=bisq-API` to ensure you are not mixing up your default Bisq setup when 
+experimenting with the API branch. You cannot run the desktop and the headless version in parallel as they would access 
+the same data.
+
+**Security**: Api uses HTTP transport which is not encrypted. Use the API only locally and do not expose it over 
+public network interfaces.
+
+## Run the API as Desktop application
+
+    cd desktop
+    ../gradlew run --args="--desktopWithHttpApi=true --appName=bisq-API"
+
+If the application has started up you should see following line in the logs:
+
+    HTTP API started on localhost/127.0.0.1:8080
+
+If you prefer another port or host use the arguments `--httpApiHost` and `--httpApiPort`.
+
+### API Documentation
+
+Documentation is available at http://localhost:8080/docs/
+
+Sample call:
+
+    curl http://localhost:8080/api/v1/version
+
+#### Authentication
+
+By default there is no password required for the API. We recommend that you set password as soon as possible: 
+
+    curl -X POST "http://localhost:8080/api/v1/user/password" -H "Content-Type: application/json" -d "{\"newPassword\":\"string\"}"
+
+Password digest and salt are stored in a `apipasswd` in Bisq data directory.
+If you forget your password, just delete that file and restart Bisq.
+
+Now you can access other endpoints by adding `Authorization` header to the request 
+accordingly to [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) rules.
+```
+   Base64(username+":"+password)
+```
+Note that username is ignored and can be whatever, i.e. in following example username is empty string and password is `abc` 
+(Base64 of `:abc` is `OmFiYw==`):
+
+    curl -X GET "http://localhost:8080/api/v1/version" -H "authorization: Basic OmFiYw=="
+
+## Run the API as headless application
+
+    cd api
+    ../gradlew run --args="--appName=bisq-API"
+
+## Host and port configuration
+
+    ../gradlew run --args="--httpApiHost=127.0.0.1 --httpApiPort=8080" 
+
+**CAUTION! Please do not expose the API over a public interface**
+
+## Experimental features
+
+Some features will be not sufficiently tested and will only be enabled if you add the 
+`enableHttpApiExperimentalFeatures` argument:
+
+    ../gradlew run --args="--enableHttpApiExperimentalFeatures" 
+
+## Regtest mode
+
+    ../gradlew run --args="--appName=bisq-BTC_REGTEST-alice --nodePort=8003 --useLocalhostForP2P=true 
+    --seedNodes=localhost:8000 --btcNodes=localhost:18445 --baseCurrencyNetwork=BTC_REGTEST --logLevel=info 
+    --useDevPrivilegeKeys=true --bitcoinRegtestHost=NONE --myAddress=172.17.0.1:8003 
+    --enableHttpApiExperimentalFeatures"
diff --git a/api/src/main/java/bisq/api/http/HttpApiModule.java b/api/src/main/java/bisq/api/http/HttpApiModule.java
@@ -0,0 +1,53 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.api.http;
+
+import bisq.api.http.service.HttpApiServer;
+import bisq.api.http.service.auth.ApiPasswordManager;
+import bisq.api.http.service.endpoint.UserEndpoint;
+import bisq.api.http.service.endpoint.VersionEndpoint;
+
+import bisq.core.app.AppOptionKeys;
+
+import bisq.common.app.AppModule;
+
+import org.springframework.core.env.Environment;
+
+import com.google.inject.Singleton;
+import com.google.inject.name.Names;
+
+public class HttpApiModule extends AppModule {
+
+    public HttpApiModule(Environment environment) {
+        super(environment);
+    }
+
+    @Override
+    protected void configure() {
+        bind(HttpApiServer.class).in(Singleton.class);
+        bind(ApiPasswordManager.class).in(Singleton.class);
+        bind(UserEndpoint.class).in(Singleton.class);
+        bind(VersionEndpoint.class).in(Singleton.class);
+
+        String httpApiHost = environment.getProperty(AppOptionKeys.HTTP_API_HOST, String.class, "127.0.0.1");
+        bind(String.class).annotatedWith(Names.named(AppOptionKeys.HTTP_API_HOST)).toInstance(httpApiHost);
+
+        Integer httpApiPort = Integer.valueOf(environment.getProperty(AppOptionKeys.HTTP_API_PORT, String.class, "8080"));
+        bind(Integer.class).annotatedWith(Names.named(AppOptionKeys.HTTP_API_PORT)).toInstance(httpApiPort);
+    }
+}
diff --git a/api/src/main/java/bisq/api/http/app/HttpApiHeadlessApp.java b/api/src/main/java/bisq/api/http/app/HttpApiHeadlessApp.java
@@ -0,0 +1,82 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.api.http.app;
+
+import bisq.core.app.BisqHeadlessApp;
+
+import bisq.common.Timer;
+import bisq.common.UserThread;
+import bisq.common.setup.UncaughtExceptionHandler;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * BisqHeadlessApp implementation for HttpApi.
+ * This is only used in case of the headless version to startup Bisq.
+ */
+@Slf4j
+class HttpApiHeadlessApp extends BisqHeadlessApp implements UncaughtExceptionHandler {
+
+    @Override
+    protected void setupHandlers() {
+        super.setupHandlers();
+
+        bisqSetup.setRequestWalletPasswordHandler(aesKeyHandler -> {
+            log.info("onRequestWalletPasswordHandler");
+
+            // Add a periodic log so that users get reminded to enter the pw
+            Timer reminder = UserThread.runPeriodically(() -> {
+                log.info("Awaiting user's wallet password to be entered via API call");
+            }, 10);
+
+
+            // TODO @bernard listen for users input of pw, create aseKey and call handler
+            // aesKeyHandler.accept(aseKey);
+            // Once pw is entered we stop periodic log
+            // reminder.stop();
+
+
+            // here is code from UI
+           /* String password = passwordTextField.getText();
+            checkArgument(password.length() < 500, Res.get("password.tooLong"));
+            KeyCrypterScrypt keyCrypterScrypt = walletsManager.getKeyCrypterScrypt();
+            if (keyCrypterScrypt != null) {
+                busyAnimation.play();
+                deriveStatusLabel.setText(Res.get("password.deriveKey"));
+                ScryptUtil.deriveKeyWithScrypt(keyCrypterScrypt, password, aesKey -> {
+                    if (walletsManager.checkAESKey(aesKey)) {
+                        if (aesKeyHandler != null)
+                            aesKeyHandler.onAesKey(aesKey);
+
+                        hide();
+                    } else {
+                        busyAnimation.stop();
+                        deriveStatusLabel.setText("");
+
+                        UserThread.runAfter(() -> new Popup<>()
+                                .warning(Res.get("password.wrongPw"))
+                                .onClose(this::blurAgain).show(), Transitions.DEFAULT_DURATION, TimeUnit.MILLISECONDS);
+                    }
+                });
+            } else {
+                log.error("wallet.getKeyCrypter() is null, that must not happen.");
+            }
+            */
+        });
+    }
+}
diff --git a/api/src/main/java/bisq/api/http/app/HttpApiHeadlessModule.java b/api/src/main/java/bisq/api/http/app/HttpApiHeadlessModule.java
@@ -0,0 +1,42 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.api.http.app;
+
+import bisq.api.http.HttpApiModule;
+
+import bisq.core.CoreModule;
+
+import bisq.common.app.AppModule;
+
+import org.springframework.core.env.Environment;
+
+/**
+ * Used in case of the headless version.
+ */
+public class HttpApiHeadlessModule extends AppModule {
+
+    public HttpApiHeadlessModule(Environment environment) {
+        super(environment);
+    }
+
+    @Override
+    protected void configure() {
+        install(new CoreModule(environment));
+        install(new HttpApiModule(environment));
+    }
+}
diff --git a/api/src/main/java/bisq/api/http/app/HttpApiMain.java b/api/src/main/java/bisq/api/http/app/HttpApiMain.java
@@ -0,0 +1,79 @@
+/*
+ * This file is part of Bisq.
+ *
+ * Bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * Bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package bisq.api.http.app;
+
+import bisq.api.http.service.HttpApiServer;
+
+import bisq.core.app.BisqExecutable;
+import bisq.core.app.BisqHeadlessAppMain;
+
+import bisq.common.UserThread;
+import bisq.common.app.AppModule;
+import bisq.common.setup.CommonSetup;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Main class for headless version.
+ */
+@Slf4j
+public class HttpApiMain extends BisqHeadlessAppMain {
+
+    public static void main(String[] args) throws Exception {
+        if (BisqExecutable.setupInitialOptionParser(args)) {
+            // For some reason the JavaFX launch process results in us losing the thread context class loader: reset it.
+            // In order to work around a bug in JavaFX 8u25 and below, you must include the following code as the first line of your realMain method:
+            Thread.currentThread().setContextClassLoader(HttpApiMain.class.getClassLoader());
+
+            new HttpApiMain().execute(args);
+        }
+    }
+
+    @Override
+    protected void launchApplication() {
+        headlessApp = new HttpApiHeadlessApp();
+        CommonSetup.setup(HttpApiMain.this.headlessApp);
+
+        UserThread.execute(this::onApplicationLaunched);
+    }
+
+    @Override
+    protected AppModule getModule() {
+        return new HttpApiHeadlessModule(bisqEnvironment);
+    }
+
+    @Override
+    public void onInitWallet() {
+        log.info("onInitWallet: We start the http server now");
+
+        HttpApiServer httpApiServer = injector.getInstance(HttpApiServer.class);
+        httpApiServer.startServer();
+    }
+
+    @Override
+    public void onRequestWalletPassword() {
+        log.info("onRequestWalletPassword");
+
+        // TODO @bernard now we need to get users wallet pw
+    }
+
+    @Override
+    public void onSetupComplete() {
+        log.info("onSetupComplete");
+    }
+}