vertcoin
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎docs/INSTALL.md
+11-1 b/‎docs/INSTALL.md
+11-1
diff --git a/‎lib/coinpunk/server.js
+141-40 b/‎lib/coinpunk/server.js
+141-40
diff --git a/‎lib/coinpunk/server/db/redis.js
+34-5 b/‎lib/coinpunk/server/db/redis.js
+34-5
diff --git a/‎public/js/all.js
+2-2 b/‎public/js/all.js
+2-2
diff --git a/‎public/js/coinpunk/controller.js
+3 b/‎public/js/coinpunk/controller.js
+3
@@ -4,3 +4,4 @@ public/config.json
 coinpunk.key
 coinpunk.csr
 coinpunk.crt
+*.swp
@@ -156,8 +156,18 @@ node start.js
 ```
 
 
-Try to connect by going to http://YOURADDRESS.COM:8080  (If your useing the SSL config then try  http://YOURADDRESS.COM:8085. OR https://YOURADDRESS.COM:8086) If it loads, then you should be ready to use Coinpunk!
+Try to connect by going to http://YOURADDRESS.COM:8080  (If you're using the SSL config then try  http://YOURADDRESS.COM:8085. OR https://YOURADDRESS.COM:8086) If it loads, then you should be ready to use Coinpunk!
 
 ## Backing up Database
 
 Redis maintains a file called `/var/lib/redis/dump.rdb`, which is a backup of your Redis database. It is safe to copy this file while Redis is running. **It is strongly recommended that you backup this file frequently.** You can also setup a Redis slave to listen to master in real time. Ideally you should do both!
+
+## Extra Steps for Contributors
+
+If you want to contribute code to this project, you will need to install Grunt. Grunt is a task-runner that presently handles minifying and uglifying Coinpunk's CSS and JS resources. To install Grunt:
+
+```
+sudo npm install -g grunt-cli
+```
+
+Once that's done, running `grunt` in your Coinpunk directory will minify and uglify everything, and running `grunt watch` will automatically uglify your JS files when they change.
@@ -72,33 +72,46 @@ server.get('/api/generateAuthKey', function(req, res) {
 server.post('/api/setAuthKey', function(req, res) {
   var code = speakeasy.time({key: req.body.key, encoding: 'base32'});
 
-  if(code != req.body.code)
+  if(code != req.body.code) {
     return res.send({set: false});
+  }
 
-  db.setAuthKey(req.body.serverKey, req.body.key, function(err, success) {
-    if(err)
+  db.sessionKeyValid(req.body.serverKey, req.body.sessionKey, function(err, success) {
+    if(err || success == false) {
       return res.send({set: false});
-    res.send({set: true});
+    }
+
+    db.setAuthKey(req.body.serverKey, req.body.key, function(err, success) {
+      if(err) {
+        return res.send({set: false});
+      }
+      res.send({set: true});
+    });
   });
 });
 
 server.post('/api/disableAuthKey', function(req, res) {
-  db.getWalletRecord(req.body.serverKey, function(err, payload) {
-    if(err)
-      console.log('Wallet Get Error: '+err);
+  db.sessionKeyValid(req.body.serverKey, req.body.sessionKey, function(err, success) {
+    if(err || success == false)
+      return res.send({result: 'error', message: 'session key was invalid'});
 
-    if(!payload || !payload.authKey)
-      return res.send({result: 'error', message: 'no auth key found for this wallet'});
+    db.getWalletRecord(req.body.serverKey, function(err, payload) {
+      if(err)
+        console.log('Wallet Get Error: '+err);
+
+      if(!payload || !payload.authKey)
+        return res.send({result: 'error', message: 'no auth key found for this wallet'});
 
-    var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
+      var code = speakeasy.time({key: payload.authKey, encoding: 'base32'});
 
-    if(code != req.body.authCode)
-      return res.send({result: 'error', message: 'invalid auth code'});
+      if(code != req.body.authCode)
+        return res.send({result: 'error', message: 'invalid auth code'});
 
-    db.disableAuthKey(req.body.serverKey, function(err, result) {
-      if(err)
-        return res.send({result: 'error', message: 'could not update database, please try again later'});
-      res.send({result: 'success'});
+      db.disableAuthKey(req.body.serverKey, function(err, result) {
+        if(err)
+          return res.send({result: 'error', message: 'could not update database, please try again later'});
+        res.send({result: 'success'});
+      });
     });
   });
 });
@@ -122,29 +135,47 @@ server.get('/api/wallet', function(req,res) {
         return res.send({result: 'error', message: 'Two factor authentication code was invalid'});
     }
 
-    return res.send({wallet: payload.wallet});
+    db.generateSessionKey(req.query.serverKey, function(err, key) {
+      if(err)
+        return res.send({result: 'error', message: 'Error generating session key, please try again later'});
+      res.send({wallet: payload.wallet, sessionKey: key});
+    });
   });
 });
 
 server.post('/api/wallet/delete', function(req, res) {
-  db.delete(req.body.serverKey, function(err, deleted) {
-    if(deleted == true)
-      res.send({result: 'success'});
-    else
+  db.sessionKeyValid(req.body.serverKey, req.body.sessionKey, function(isValid) {
+    if(isValid == false)
+      return res.send({result: 'error', message: 'session key was invalid'});
+
+    db.delete(req.body.serverKey, function(err, deleted) {
+      if(deleted == true)
+        return res.send({result: 'success'});
       res.send({result: 'notfound'});
+    });
   });
 });
 
 function saveWallet(req, res) {
+  if(req.body.sessionKey)
+    req.body.payload.sessionKey = req.body.sessionKey;
+
   db.set(req.body.serverKey, req.body.payload, function(err, data) {
     if(err) {
       if(err == 'outOfSync') {
         return res.send({result: 'outOfSync', wallet: data.wallet});
       } else {
-        return res.send(errorMessage("Database error: "+JSON.stringify(err)));
+        return res.send({result: 'error', messages: JSON.stringify(err)});
       }
     } else {
-      res.send({result: 'ok'});
+      if(!req.body.override) {
+        db.generateSessionKey(req.body.serverKey, function(err, key) {
+          res.send({result: 'ok', sessionKey: key});
+        });
+        return;
+      } else {
+        res.send({result: 'ok'});
+      }
     }
   });
 };
@@ -167,18 +198,10 @@ function saveWalletAndAddresses(req, res) {
     bitcoind.batch(batch, function(err, btcres) {});
 
     saveWallet(req, res);
-/*
-    bitcoind.batch(batch, function(err, btcres) {
-      if(err)
-        return btcres.send({messages: [err.message]});
-
-      saveWallet(req, res);
-    });
-*/
   } else {
     saveWallet(req, res);
   }
-}
+};
 
 function registerAddresses(addresses, callback) {
   var isNew = false;
@@ -202,28 +225,106 @@ function errorResponse(errors) {
   return {messages: errors};
 }
 
+server.post('/api/change', function(req, res) {
+  if(!req.body.originalServerKey)
+    return res.send({result: 'error', message: 'originalServerKey required'});
+
+  if(!req.body.serverKey)
+    return res.send({result: 'error', message: 'serverKey required'});
+
+  if(req.body.originalServerKey == req.body.serverKey)
+    return res.send({result: 'ok'});
+
+  db.sessionKeyValid(req.body.originalServerKey, req.body.sessionKey, sessionValidate);
+
+  function sessionValidate(err, isValid) {
+    if(err)
+      return res.send({result: 'error', message: 'error validating record'});
+
+    if(isValid == false)
+      return res.send({result: 'error', message: 'session was invalid'});
+
+    // Check for existing record
+    db.getWalletRecord(req.body.serverKey, existingWalletRecord);
+  };
+
+  function existingWalletRecord(err, existingRecord) {
+    if(err || existingRecord)
+      return res.send({result: 'error', message: 'cannot change'});
+
+    db.getWalletRecord(req.body.originalServerKey, walletRecord);
+  };
+
+  function walletRecord(err, record) {
+    if(err)
+      return res.send({result: 'error', message: 'error getting originalServerKey record, please try again later'});
+
+    if(!record)
+      return res.send({result: 'error', message: 'could not find originalServerKey record'});
+
+    if(record.sessionKey && record.sessionKey != req.body.sessionKey)
+      return res.send({result: 'error', message: 'invalid sessionKey'});
+
+    var newRecord = {
+      sessionKey: record.sessionKey,
+      email: (req.body.email || record.email),
+      payloadHash: req.body.payloadHash,
+      wallet: req.body.wallet
+    };
+
+    if(record.authKey)
+      newRecord.authKey = record.authKey;
+
+    db.set(req.body.serverKey, newRecord, recordSaved);
+  };
+
+  function recordSaved(err, result) {
+    if(err)
+      return res.send({result: 'error', message: 'error changing record, please try again later'});
+
+    db.delete(req.body.originalServerKey, oldRecordDeleted);
+  };
+
+  function oldRecordDeleted(err, isDeleted) {
+    if(err)
+      return res.send({result: 'error', message: 'error changing record, please try again later'});
+
+    res.send({result: 'ok'});
+  };
+});
+
 server.post('/api/wallet', function(req,res) {
-  db.getWallet(req.body.serverKey, function(err, wallet) {
+  db.getWalletRecord(req.body.serverKey, function(err, record) {
     if(err) {
       console.log('Database error: '+err);
       return res.send(errorResponse('There was a server error, please try again later.'));
     }
 
     // New wallet
     if(!req.body.override) {
-      if(wallet)
-        return res.send({result: 'exists', wallet: wallet});
+      if(record && record.wallet)
+        return res.send({result: 'exists'});
 
-      if(req.body.payload.email != undefined)
+      if(req.body.payload.email != undefined) {
         db.checkEmailExists(req.body.payload.email, function(err, response) {
           if(response == true)
             return res.send({result: 'error', messages: ['Email address already exists']});
-          else
-            return saveWalletAndAddresses(req, res);
+          saveWalletAndAddresses(req, res);
         });
-    }
+      }
 
-    return saveWalletAndAddresses(req, res);
+      saveWalletAndAddresses(req, res);
+    } else {
+      // Not new, check the session key
+      db.sessionKeyValid(req.body.serverKey, req.body.sessionKey, function(err, isValid) {
+        if(err)
+          return res.send({result: 'error', messages: ['Database error, please try again later']});
+        if(isValid == false)
+          return res.send({result: 'error', messages: ['Invalid session key']});
+
+        saveWalletAndAddresses(req, res);
+      });
+    }
   });
 });
 
 
@@ -1,4 +1,5 @@
 var DB = require('../db');
+var crypto = require('crypto');
 
 if(process.env.NODE_ENV == 'test')
   var redis = require('redis-mock');
@@ -26,8 +27,36 @@ DB.prototype = {
     });
   },
 
+  sessionKeyValid: function(serverKey, sessionKey, callback) {
+    this.getSessionKey(serverKey, function(err, dbKey) {
+      if(dbKey && sessionKey == dbKey)
+        return callback(undefined, true);
+      callback(undefined, false);
+    });
+  },
+
+  getSessionKey: function(serverKey, callback) {
+    this.redis.hget(serverKey, 'sessionKey', function(err, res) {
+      if(err)
+        return callback(err);
+      callback(undefined, res);
+    });
+  },
+
+  generateSessionKey: function(serverKey, callback) {
+    var self = this;
+    crypto.randomBytes(24, function(ex, buf) {
+      var token = buf.toString('hex');
+      self.redis.hset(serverKey, 'sessionKey', token, function(err, res) {
+        if(err)
+          return callback(err);
+        callback(undefined, token);
+      });
+    });
+  },
+
   setAuthKey: function(serverKey, authKey, callback) {
-    this.redis.hmset(serverKey, 'authKey', authKey, function(err, res) {
+    this.redis.hset(serverKey, 'authKey', authKey, function(err, res) {
       if(err)
         return callback(err);
       callback(undefined, true);
@@ -77,28 +106,28 @@ DB.prototype = {
         self.redis.hmset(serverKey, payload, callback);
       }
     });
-    
+
   },
 
   delete: function(serverKey, callback) {
     this.redis.del(serverKey, function(err, res) {
       if(err)
         callback(err);
-        
+
       if(res == 1)
         callback(undefined, true);
       else
         callback(undefined, false);
     });
   },
-  
+
   checkEmailExists: function(email, callback) {
     var email = email.toString().toLowerCase();
     var self = this;
     this.redis.keys('*', function(err, serverKeys) {
       if(err)
         return callback(err);
-      
+
       for(var k=0;k<serverKeys.length;k++)
         self.redis.hmget(serverKeys[k], 'email', function(err, res) {
           if(err)
 
@@ -32,6 +32,9 @@ coinpunk.Controller.prototype.saveWallet = function(data, callback) {
   var data = data || {};
   data.serverKey = coinpunk.wallet.serverKey;
 
+  if(coinpunk.wallet.sessionKey)
+    data.sessionKey = coinpunk.wallet.sessionKey;
+
   if(!data.payload)
     data.payload = {};