Updated
This commit is contained in:
@@ -2,8 +2,8 @@
|
||||
|
||||
/**
|
||||
* Name: Ğ1 Wallet
|
||||
* Description: Self-sovereign Ğ1 wallet for SASE-verified participants. Key derivation and signing in the browser. The platform never touches your keys.
|
||||
* Version: 0.2.0
|
||||
* Description: Ğ1 address registration and balance display for SASE-verified participants.
|
||||
* Version: 0.3.0
|
||||
* MinVersion: 11.0
|
||||
* MaxVersion: 12.0
|
||||
*/
|
||||
@@ -26,7 +26,6 @@ function g1wallet_unload() {
|
||||
}
|
||||
|
||||
function g1wallet_load_pdl(&$b) {
|
||||
// Loads the g1wallet PDL layout for g1wallet module pages.
|
||||
if (!is_array($b) || empty($b['module']) || $b['module'] !== 'g1wallet') {
|
||||
return;
|
||||
}
|
||||
@@ -41,12 +40,10 @@ function g1wallet_load_pdl(&$b) {
|
||||
// -----------------------------------------------------------------------------
|
||||
|
||||
function g1wallet_h($value) {
|
||||
// HTML-escapes a value for safe output.
|
||||
return htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
function g1wallet_load_config() {
|
||||
// Loads config.json from the addon directory. Returns array or empty array on failure.
|
||||
$raw = @file_get_contents('addon/g1wallet/config.json');
|
||||
if ($raw === false) return [];
|
||||
$cfg = json_decode($raw, true);
|
||||
@@ -59,8 +56,7 @@ function g1wallet_load_config() {
|
||||
|
||||
function g1wallet_access_state() {
|
||||
// Returns operator, participant, or public.
|
||||
// Does not call local_channel() for group checks — safe for guest tokens.
|
||||
// Operator: local channel whose channel_id matches local_channel().
|
||||
// Direct pggrp_member query — safe for guest tokens.
|
||||
if (local_channel()) {
|
||||
$channel = App::get_channel();
|
||||
if (local_channel() === intval($channel['channel_id'])) {
|
||||
@@ -71,7 +67,6 @@ function g1wallet_access_state() {
|
||||
$observer = get_observer_hash();
|
||||
if (!$observer) return 'public';
|
||||
|
||||
// Load all registered associations from vs01 config and check group membership.
|
||||
$raw = @file_get_contents('addon/vs01/config.json');
|
||||
if ($raw === false) return 'public';
|
||||
$cfg = json_decode($raw, true);
|
||||
@@ -80,7 +75,6 @@ function g1wallet_access_state() {
|
||||
$associations = $cfg['associations'] ?? [];
|
||||
if (empty($associations)) return 'public';
|
||||
|
||||
// Direct pggrp_member query — works for guest tokens.
|
||||
foreach ($associations as $slug => $assoc) {
|
||||
$groups = $assoc['groups'] ?? [];
|
||||
foreach (['corpus_builder', 'sase_participant', 'civic_professional'] as $group_key) {
|
||||
@@ -106,13 +100,6 @@ function g1wallet_content() {
|
||||
if (function_exists('head_add_css')) {
|
||||
head_add_css('/addon/g1wallet/view/css/g1wallet.css');
|
||||
}
|
||||
if (function_exists('head_add_js')) {
|
||||
// Load order: tweetnacl → bip39 → g1wallet.js
|
||||
head_add_js('/addon/g1wallet/vendor/tweetnacl-1.0.3.min.js');
|
||||
head_add_js('/addon/g1wallet/vendor/bip39-3.1.0.min.js');
|
||||
head_add_js('/addon/g1wallet/view/js/g1wallet.js');
|
||||
// Note: vendor/scrypt-js-3.0.1.min.js is NOT loaded (obsolete Cesium1 algorithm).
|
||||
}
|
||||
|
||||
$access = g1wallet_access_state();
|
||||
$sub_route = strtolower(argv(1) ?? '');
|
||||
@@ -121,37 +108,16 @@ function g1wallet_content() {
|
||||
return g1wallet_render_access_wall();
|
||||
}
|
||||
|
||||
switch ($sub_route) {
|
||||
|
||||
case 'balance':
|
||||
// GET: return cached balance for the current session pubkey.
|
||||
// Placeholder — orchestrator query not yet implemented.
|
||||
return g1wallet_render_error('Balance fetch not yet implemented.');
|
||||
|
||||
case 'broadcast':
|
||||
// POST: relay signed Duniter transaction to orchestrator.
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
return g1wallet_render_error('POST required.');
|
||||
}
|
||||
if (!g1wallet_verify_csrf()) {
|
||||
return g1wallet_render_error('Invalid form token. Please reload and try again.');
|
||||
}
|
||||
return g1wallet_handle_broadcast_post();
|
||||
|
||||
case 'pubkey':
|
||||
// POST: store public key in channel settings after unlock.
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
return g1wallet_render_error('POST required.');
|
||||
}
|
||||
if (!g1wallet_verify_csrf()) {
|
||||
return g1wallet_render_error('Invalid form token. Please reload and try again.');
|
||||
}
|
||||
return g1wallet_handle_pubkey_post($access);
|
||||
|
||||
default:
|
||||
// Wallet landing: unlock form or unlocked interface.
|
||||
return g1wallet_render_landing($access);
|
||||
// POST: store g1 address
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $sub_route === 'address') {
|
||||
if (!g1wallet_verify_csrf()) {
|
||||
return g1wallet_render_error('Invalid form token. Please reload and try again.');
|
||||
}
|
||||
return g1wallet_handle_address_post($access);
|
||||
}
|
||||
|
||||
// Default: wallet landing page
|
||||
return g1wallet_render_landing($access);
|
||||
}
|
||||
|
||||
// -----------------------------------------------------------------------------
|
||||
@@ -159,7 +125,6 @@ function g1wallet_content() {
|
||||
// -----------------------------------------------------------------------------
|
||||
|
||||
function g1wallet_csrf_token() {
|
||||
// Generates and stores a CSRF token for the current session.
|
||||
if (empty($_SESSION['g1wallet_csrf'])) {
|
||||
$_SESSION['g1wallet_csrf'] = bin2hex(random_bytes(16));
|
||||
}
|
||||
@@ -168,7 +133,6 @@ function g1wallet_csrf_token() {
|
||||
}
|
||||
|
||||
function g1wallet_verify_csrf() {
|
||||
// Returns true if the CSRF token in POST matches the session token.
|
||||
return isset($_POST['g1wallet_csrf'], $_SESSION['g1wallet_csrf'])
|
||||
&& hash_equals($_SESSION['g1wallet_csrf'], $_POST['g1wallet_csrf']);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user