From d3b2c90dc1b1a055ac209c819cc8e21119bf18e1 Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Sun, 13 Jun 2021 21:24:48 +0100 Subject: [PATCH 01/10] docs: remove WrongAdminPassword error response --- help.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/help.md b/help.md index 8d34a56..63d323c 100644 --- a/help.md +++ b/help.md @@ -5,7 +5,6 @@ | -1 | UserNotFound | | -2 | WrongPassword | | -3 | InvalidRequest | -| -4 | WrongAdminPassword | | -5 | NameTooLong | | -6 | UserAlreadyExists | | -7 | InsufficientFunds | @@ -42,4 +41,4 @@ | AddUser | /user/{name} | POST | true | registers a user with the name `{name}`, balance of 0 and a password of the password supplied in the header | | AdminAddUser | /admin/user/{name}?init_bal={init_bal} | POST | true | if the password supplied in the header matches the admin password, then it registers a user with the name `{name}`, balance of `init_bal` and a password supplied by the body of the request | | DelUser | /user/{name} | DELETE | true | if the password supplied in the header matches the user `{name}`'s password, then the user is deleted | -| AdminDelUser | /admin/user/{name} | DELETE | true | if the password supplied in the header matches the admin password, then the user is deleted | \ No newline at end of file +| AdminDelUser | /admin/user/{name} | DELETE | true | if the password supplied in the header matches the admin password, then the user is deleted | From 7550e83169b8467f7876551e47a065ce529e8fb7 Mon Sep 17 00:00:00 2001 From: William Katz Date: Sun, 20 Jun 2021 22:39:28 -0700 Subject: [PATCH 02/10] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1157472..caa5d72 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,9 @@ Thank you to the contributors - able to be used millions of blocks away, across dimensions, servers, **vanilla or modded**. - **Logging** of all transactions, configurable in [consts.hpp](include/consts.hpp) +### Other +- **return balance on deletion**, configurable in [consts.hpp](include/consts.hpp) + ## Dependencies - [Parallel HashMap](https://github.com/greg7mdp/parallel-hashmap/tree/master) From 8698dd95704c7276fd68145a2a03b4573f85e4cd Mon Sep 17 00:00:00 2001 From: William Katz Date: Mon, 21 Jun 2021 16:52:22 -0700 Subject: [PATCH 03/10] :sparkles: Dev section --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index caa5d72..0e02783 100644 --- a/README.md +++ b/README.md @@ -50,8 +50,11 @@ sudo ./bank Using the Bank's API allows (you/others) to (make/use) connected services that utilize the bank, a couple ideas can be found [here](services.md) -Go to [here](help.md) to see the API's endpoints. -Language specific APIs can be found [here](APIs.md). +## Developing for +as a dev check out +* [APIs](https://github.com/EntireTwix/CCash/blob/main/APIs.md) +* [connected services](https://github.com/EntireTwix/CCash/blob/main/services.md) +* [endpoints](https://github.com/EntireTwix/CCash/blob/main/help.md) ## FAQ **Q:** how is money initially injected into the economy From 3e79d4e7a30691b8f849d0379b706dc2715a91f5 Mon Sep 17 00:00:00 2001 From: William Katz Date: Mon, 21 Jun 2021 16:52:43 -0700 Subject: [PATCH 04/10] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 0e02783..1370d4c 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,6 @@ Using the Bank's API allows (you/others) to (make/use) connected services that u ## Developing for as a dev check out * [APIs](https://github.com/EntireTwix/CCash/blob/main/APIs.md) -* [connected services](https://github.com/EntireTwix/CCash/blob/main/services.md) * [endpoints](https://github.com/EntireTwix/CCash/blob/main/help.md) ## FAQ From 1c2e0ff75a7053ed57aef221fe64e2c553a76c1c Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Wed, 23 Jun 2021 19:01:42 +0100 Subject: [PATCH 05/10] docs: movs docs to /docs, add deploy docs --- README.md | 2 +- APIs.md => docs/APIs.md | 0 docs/deploy.md | 37 +++++++++++++++++++++++++++++++++ help.md => docs/help.md | 0 services.md => docs/services.md | 0 5 files changed, 38 insertions(+), 1 deletion(-) rename APIs.md => docs/APIs.md (100%) create mode 100644 docs/deploy.md rename help.md => docs/help.md (100%) rename services.md => docs/services.md (100%) diff --git a/README.md b/README.md index f8c9e60..8eecbd6 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ sudo ./bank ## Connected Services -Go to [here](help.md) to see the API's endpoints. Using the Bank's API allows (you/others) to (make/use) connected services that utilize the bank, a couple ideas can be found [here](services.md) +Go to [here](docs/help.md) to see the API's endpoints. Using the Bank's API allows (you/others) to (make/use) connected services that utilize the bank, a couple ideas can be found [here](docs/services.md) ## FAQ **Q:** how is money initially injected into the economy diff --git a/APIs.md b/docs/APIs.md similarity index 100% rename from APIs.md rename to docs/APIs.md diff --git a/docs/deploy.md b/docs/deploy.md new file mode 100644 index 0000000..f6c4b52 --- /dev/null +++ b/docs/deploy.md @@ -0,0 +1,37 @@ +# Deploying CCash + +CCash can deployed to a remote machine pretty simply. + +A pre-built docker image is supplied in the repos [GitHub Packages](https://github.com/features/packages) container registry [EntireTwix/CCash](https://github.com/EntireTwix/CCash/packages/851105). + +It can be run with docker like so: + +``` +docker pull docker.pkg.github.com/entiretwix/ccash/ccash:latest +``` + +## Build + +The CCash repo provides a GitHub Workflow to build, release and publish the docker image in [.github/workflows/build.yaml](https://github.com/EntireTwix/CCash/blob/main/.github/workflows/build.yaml) to the GitHub Packages container registry. + +You can build and publish your own images using this workflow by forking [EntireTwix/CCash](https://github.com/EntireTwix/CCash). + +## Deploy + +You can deploy this docker image to be run on a remote machine in a few steps. In this case we are using [Debian OS](https://www.debian.org/) running on the [Linode](https://www.linode.com/) cloud provider, but most OS and cloud providers will work, assuming the machine can run an SSH server and Docker. + +Similarly, the CCash repo also provides a GitHub Workflow to deploy the latest docker image to a remote machine in [.github/workflows/deploy.yaml](https://github.com/EntireTwix/CCash/blob/main/.github/workflows/deploy.yaml). + +### Configure the machine + +* Create a machine using your chosen cloud provider. +* Configure DNS to point your chosen domain name to the machines IP address. _(Without this, TLS/SSL will not work)_. +* Create an SSH key-pair by running `ssh-keygen` locally. Make sure you **don't** set a password. +* Add the `*.pub` public key to the servers `~/.ssh/authorized_keys` file. +* Install Docker Engine following [official docs](https://docs.docker.com/engine/install/). +* Add the private key _(not `*.pub`)_ to a [GitHub secret](https://docs.github.com/en/actions/reference/encrypted-secrets) named `CCASH_SSH_KEY` in your CCash repo. +* Add the domain name pointing to the remote machine to a GitHub secret named `CCASH_DOMAIN`. + +You are now ready to run the "Deploy" workflow mentioned above. This workflow will SSH in to the `CCASH_DOMAIN` machine, using the `CCASH_SSH_KEY` and `docker run` the latest `entiretwix/ccash` image, binding to port 80 and 443. It will also handle the creation of a TLS/SSL certificate for you. + +Visiting `https://$SSH_TARGET/BankF/ping` in your browser should verify that it has been deployed correctly. diff --git a/help.md b/docs/help.md similarity index 100% rename from help.md rename to docs/help.md diff --git a/services.md b/docs/services.md similarity index 100% rename from services.md rename to docs/services.md From a962917db063b3a0473f3e64d7252daf5ba189b8 Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Wed, 23 Jun 2021 19:04:37 +0100 Subject: [PATCH 06/10] refactor: rename deploy.yaml to build.yaml --- .github/workflows/{deploy.yaml => build.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{deploy.yaml => build.yaml} (100%) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/build.yaml similarity index 100% rename from .github/workflows/deploy.yaml rename to .github/workflows/build.yaml From 36ee1e6635293142bf532d6d63a4785ab775818f Mon Sep 17 00:00:00 2001 From: William Katz Date: Wed, 23 Jun 2021 19:45:24 -0700 Subject: [PATCH 07/10] :fire: removed return on delete temporarily --- src/bank.cpp | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/src/bank.cpp b/src/bank.cpp index 5015488..c2bd211 100644 --- a/src/bank.cpp +++ b/src/bank.cpp @@ -43,16 +43,7 @@ int_fast8_t Bank::DelUser(const std::string &name, const std::string &attempt) n { std::shared_lock lock{size_l}; bool state = false; - if (users.erase_if(name, [this, &name, &state, &attempt](User &u) { - if constexpr (return_on_del) - { - if (SendFunds(name, return_account, u.balance, attempt) == 1) - { - return true; - } - } - return state = (XXH3_64bits(attempt.data(), attempt.size()) == u.password); - })) + if (users.erase_if(name, [&state, &attempt](User &u) { return state = (XXH3_64bits(attempt.data(), attempt.size()) == u.password); })) { return (state) ? true : ErrorResponse::WrongPassword; } @@ -65,16 +56,7 @@ int_fast8_t Bank::AdminDelUser(const std::string &name, const std::string &attem { std::shared_lock lock{size_l}; bool state = false; - if (users.erase_if(name, [this, &name, &state, &attempt](const User &u) { - if constexpr (return_on_del) - { - if (SendFunds(name, return_account, u.balance, attempt) == 1) - { - return true; - } - } - return state = (XXH3_64bits(attempt.data(), attempt.size()) == u.password); - })) + if (users.erase_if(name, [this, &state, &attempt](const User &) { return state = (admin_pass == attempt); })) { return (state) ? true : ErrorResponse::WrongPassword; } From 396d95f3403705803d9f9efa52780f0e6eb1e401 Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Wed, 23 Jun 2021 20:32:39 +0100 Subject: [PATCH 08/10] ci: add deploy workflow --- .dockerignore | 3 +- .github/workflows/build.yaml | 12 ++++++- .github/workflows/deploy.yaml | 59 +++++++++++++++++++++++++++++++++++ Dockerfile | 4 +-- config.json | 4 +-- docs/deploy.md | 28 +++++++++++------ 6 files changed, 95 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/deploy.yaml diff --git a/.dockerignore b/.dockerignore index 2501371..9723960 100644 --- a/.dockerignore +++ b/.dockerignore @@ -5,4 +5,5 @@ /services.md /APIs.md /README.md -/benchmarking.cpp \ No newline at end of file +/benchmarking.cpp +/.github diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 997bdbc..af3b74d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,4 +1,4 @@ -name: Publish Staging +name: Build on: push: branches: @@ -29,3 +29,13 @@ jobs: tags: | docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:${{ github.sha }} docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest + trigger-deploy: + needs: release + runs-on: ubuntu-latest + steps: + - run: | + curl -X POST \ + -H 'Accept: application/vnd.github.v3+json' \ + -H 'Authorization: Bearer ${{ secrets.CCASH_DEPLOY_TOKEN }}' \ + https://api.github.com/repos/${{ github.repository }}/actions/workflows/deploy.yaml/dispatches \ + -d '{"ref":"main"}' diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 0000000..c93b4be --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,59 @@ +name: Deploy +on: workflow_dispatch +jobs: + release: + name: Deploy Docker image to remote machine + runs-on: ubuntu-latest + steps: + - name: Write CCASH_CONFIG_JSON to remote filesystem + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "echo '${{ secrets.CCASH_CONFIG_JSON }}' > $(pwd)/config.json" + - name: Write CCASH_USERS_JSON to remote filesystem if it doesn't already exist + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "[[ -f $(pwd)/users.json ]] && echo 'users.json already exists' || echo '${{ secrets.CCASH_USERS_JSON }}' > $(pwd)/users.json" + - name: Authenticate Docker Engine with GitHub Packages container registry + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "docker login -u '${{ github.actor }}' -p '${{ secrets.GITHUB_TOKEN }}' docker.pkg.github.com" + - name: Prune docker system + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "docker system prune -af" + - name: Format repository + run: | + echo IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV + - name: Pull latest image + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "docker pull docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest" + - name: Stop previous container + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "curl -X POST -H 'Password: ${{ secrets.CCASH_ADMIN_PASSWORD }}' https://${{ secrets.CCASH_DOMAIN }}/BankF/close && docker kill $(docker ps -q)" + - name: Run CCash Docker image + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.CCASH_DOMAIN }} + username: root + key: ${{ secrets.CCASH_SSH_KEY }} + script: "docker run -d -p 80:80 -p 443:443 -v $(pwd)/config.json:/ccash/config.json -v $(pwd)/users.json:/ccash/users.json -v ${{ secrets.CCASH_TLS_CERT_PATH }}:/ccash/cert -v ${{ secrets.CCASH_TLS_KEY_PATH }}:/ccash/key docker.pkg.github.com/${{ env.IMAGE_REPOSITORY }}/ccash:latest ${{ secrets.CCASH_ADMIN_PASSWORD }} ${{ secrets.CCASH_SAVE_FREQUENCY }} ${{ secrets.CCASH_THREAD_COUNT }}" diff --git a/Dockerfile b/Dockerfile index c14cd74..b531235 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,6 @@ RUN mkdir build WORKDIR /ccash/build RUN cmake .. -RUN make -j$(nprov) +RUN make -j$(nproc) -CMD ["/ccash/build/bank", "$CCASH_ADMIN_PASSWORD", "$CCASH_SAVE_FREQUENCY", "$CCASH_THREAD_COUNT"] +ENTRYPOINT ["/ccash/build/bank"] diff --git a/config.json b/config.json index fa95be9..76acb93 100644 --- a/config.json +++ b/config.json @@ -9,8 +9,8 @@ "address": "0.0.0.0", "port": 443, "https": true, - "cert": "", - "key": "" + "cert": "/ccash/cert", + "key": "/ccash/key" } ] } diff --git a/docs/deploy.md b/docs/deploy.md index f6c4b52..dd32e83 100644 --- a/docs/deploy.md +++ b/docs/deploy.md @@ -24,14 +24,24 @@ Similarly, the CCash repo also provides a GitHub Workflow to deploy the latest d ### Configure the machine -* Create a machine using your chosen cloud provider. -* Configure DNS to point your chosen domain name to the machines IP address. _(Without this, TLS/SSL will not work)_. -* Create an SSH key-pair by running `ssh-keygen` locally. Make sure you **don't** set a password. -* Add the `*.pub` public key to the servers `~/.ssh/authorized_keys` file. -* Install Docker Engine following [official docs](https://docs.docker.com/engine/install/). -* Add the private key _(not `*.pub`)_ to a [GitHub secret](https://docs.github.com/en/actions/reference/encrypted-secrets) named `CCASH_SSH_KEY` in your CCash repo. -* Add the domain name pointing to the remote machine to a GitHub secret named `CCASH_DOMAIN`. +1. Create a machine using your chosen cloud provider +1. Configure DNS to point your chosen domain name to the machines IP address. _(Without this, TLS/SSL will not work)_ +1. Create an SSH key-pair by running `ssh-keygen` locally. Make sure you **don't** set a password +1. Add the `*.pub` public key to the servers `~/.ssh/authorized_keys` file +1. Install Docker Engine on the remote machine following [official docs](https://docs.docker.com/engine/install/) +1. Generate SSL/TLS certificate (Using [certbot](https://certbot.eff.org/lets-encrypt/debianbuster-other) is recommended) +1. Configure [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) for the repo + * `CCASH_SSH_KEY` - The private key _(not `*.pub`)_ created earlier + * `CCASH_DOMAIN` - The domain name pointing to the remote machine + * `CCASH_CONFIG_JSON` - A config.json file that will be written every deploy _(https config cert path should be `/ccash/cert` and key path should be `/ccash/key`)_ + * `CCASH_USERS_JSON` - A users.json file that will be written only on first deploy + * `CCASH_ADMIN_PASSWORD` - A CCash server admin account password + * `CCASH_SAVE_FREQUENCY` - A number representing the frequency to save to users.json (in minutes) + * `CCASH_THREAD_COUNT` - A number representing the number of threads to use + * `CCASH_TLS_CERT_PATH` - The path to the TLS/SSL certificate on the host machine + * `CCASH_TLS_KEY_PATH` - The path to the TLS/SSL key on the host machine + * `CCASH_DEPLOY_TOKEN` - A [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token), used to trigger the deploy workflow automatically when the build workflow is successful. _(Leave empty to disable automatic deploys.)_ -You are now ready to run the "Deploy" workflow mentioned above. This workflow will SSH in to the `CCASH_DOMAIN` machine, using the `CCASH_SSH_KEY` and `docker run` the latest `entiretwix/ccash` image, binding to port 80 and 443. It will also handle the creation of a TLS/SSL certificate for you. +You are now ready to run the "Deploy" workflow mentioned above. This workflow will SSH in to the `CCASH_DOMAIN` machine, using the `CCASH_SSH_KEY` and `docker run` the latest `entiretwix/ccash` image, binding to port 80 and 443, setting the appropriate volumes and environment variables. -Visiting `https://$SSH_TARGET/BankF/ping` in your browser should verify that it has been deployed correctly. +Run `curl https://$CCASH_DOMAIN/BankF/ping` to verify that the server has been deployed correctly. From f62465419e7676075765a446eccac59834d54919 Mon Sep 17 00:00:00 2001 From: William Katz Date: Wed, 30 Jun 2021 16:53:23 -0700 Subject: [PATCH 09/10] :bug: massive bug --- src/bank.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/bank.cpp b/src/bank.cpp index c2bd211..e559057 100644 --- a/src/bank.cpp +++ b/src/bank.cpp @@ -74,7 +74,7 @@ int_fast8_t Bank::SendFunds(const std::string &a_name, const std::string &b_name return ErrorResponse::InvalidRequest; } //as first modify_if checks a_name and grabs unique lock - if (!Contains(b_name)) + if (Contains(b_name) != true) { return ErrorResponse::UserNotFound; } @@ -92,7 +92,6 @@ int_fast8_t Bank::SendFunds(const std::string &a_name, const std::string &b_name } else if (a.password != XXH3_64bits(attempt.data(), attempt.size())) { - state = ErrorResponse::WrongPassword; } else From d3393e8084c4285c1a52c83329fd1caa01e5e030 Mon Sep 17 00:00:00 2001 From: EntireTwix Date: Thu, 1 Jul 2021 21:18:12 -0700 Subject: [PATCH 10/10] :bug: fixed massive send without b_name existing --- src/bank.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/bank.cpp b/src/bank.cpp index c2bd211..e559057 100644 --- a/src/bank.cpp +++ b/src/bank.cpp @@ -74,7 +74,7 @@ int_fast8_t Bank::SendFunds(const std::string &a_name, const std::string &b_name return ErrorResponse::InvalidRequest; } //as first modify_if checks a_name and grabs unique lock - if (!Contains(b_name)) + if (Contains(b_name) != true) { return ErrorResponse::UserNotFound; } @@ -92,7 +92,6 @@ int_fast8_t Bank::SendFunds(const std::string &a_name, const std::string &b_name } else if (a.password != XXH3_64bits(attempt.data(), attempt.size())) { - state = ErrorResponse::WrongPassword; } else