update rpc auth + verify

2025-11-19 10:05:48 +00:00 · 2023-01-19 09:38:39 -05:00
parent 2b335ab1ca
commit 231647d156
2 changed files with 96 additions and 25 deletions
--- a/src/ripple/net/impl/RPCCall.cpp
+++ b/src/ripple/net/impl/RPCCall.cpp
@@ -149,6 +149,37 @@ private:
        }
    }

+    // Build an object or string
+    // { "currency" : "XYZ", "issuer" : "rXYX", "value": 1000 }
+    // "1000"
+    static Json::Value
+    jvParseAmount(std::string const& strAmount)
+    {
+        Json::Reader reader;
+        Json::Value jv;
+        Json::Value jv1{Json::objectValue};
+        if (to_uint64(strAmount))
+            return strAmount;
+        
+        bool valid_parse = reader.parse(strAmount, jv);
+        if (valid_parse)
+        {
+            if (jv.isObject())
+            {
+                if (jv.isMember(jss::params))
+                {
+                    auto const& params = jv[jss::params];
+                    for (auto i = params.begin(); i != params.end(); ++i)
+                        jv1[i.key().asString()] = *i;
+                }
+                jv1[jss::issuer] = jv[jss::issuer];
+                jv1[jss::currency] = jv[jss::currency];
+                jv1[jss::value] = jv[jss::value];
+            }
+        }
+        return jv1;
+    }
+
    static bool
    validPublicKey(
        std::string const& strPk,
@@ -825,14 +856,24 @@ private:
            index++;
        }

-        if (!jvParams[index].isString() ||
-            !to_uint64(jvParams[index].asString()))
-            return rpcError(rpcCHANNEL_AMT_MALFORMED);
-        jvRequest[jss::amount] = jvParams[index];
+        {
+            // validate amount string | json
+            if (!jvParams[index].isString())
+                return rpcError(rpcCHANNEL_AMT_MALFORMED);
+
+            Json::Value amountJson = jvParseAmount(jvParams[index].asString());
+            if (!amountJson)
+                return rpcError(rpcCHANNEL_AMT_MALFORMED);
+            
+            STAmount amount;
+            if (!amountFromJsonNoThrow(amount, amountJson))
+                return rpcError(rpcCHANNEL_AMT_MALFORMED);
+            
+            jvRequest[jss::amount] = amountJson;
+        }

        // If additional parameters are appended, be sure to increment index
        // here
-
        return jvRequest;
    }

@@ -856,9 +897,21 @@ private:
        }
        jvRequest[jss::channel_id] = jvParams[1u].asString();

-        if (!jvParams[2u].isString() || !to_uint64(jvParams[2u].asString()))
-            return rpcError(rpcCHANNEL_AMT_MALFORMED);
-        jvRequest[jss::amount] = jvParams[2u];
+        {
+            // validate amount string | json
+            if (!jvParams[2u].isString())
+                return rpcError(rpcCHANNEL_AMT_MALFORMED);
+
+            Json::Value amountJson = jvParseAmount(jvParams[2u].asString());
+            if (!amountJson)
+                return rpcError(rpcCHANNEL_AMT_MALFORMED);
+            
+            STAmount amount;
+            if (!amountFromJsonNoThrow(amount, amountJson))
+                return rpcError(rpcCHANNEL_AMT_MALFORMED);
+            
+            jvRequest[jss::amount] = amountJson;
+        }

        jvRequest[jss::signature] = jvParams[3u].asString();

--- a/src/ripple/rpc/handlers/PayChanClaim.cpp
+++ b/src/ripple/rpc/handlers/PayChanClaim.cpp
@@ -63,17 +63,26 @@ doChannelAuthorize(RPC::JsonContext& context)
    if (!channelId.parseHex(params[jss::channel_id].asString()))
        return rpcError(rpcCHANNEL_MALFORMED);

-    std::optional<std::uint64_t> const optDrops = params[jss::amount].isString()
-        ? to_uint64(params[jss::amount].asString())
-        : std::nullopt;
-
-    if (!optDrops)
+    STAmount amount;
+    bool isAmount = amountFromJsonNoThrow(amount, params[jss::amount]);
+    if (!isAmount)
        return rpcError(rpcCHANNEL_AMT_MALFORMED);

-    std::uint64_t const drops = *optDrops;
-
    Serializer msg;
-    serializePayChanAuthorization(msg, channelId, XRPAmount(drops));
+    if (isXRP(amount))
+    {
+        serializePayChanAuthorization(msg, channelId, amount.xrp());
+    }
+    else
+    {
+        serializePayChanAuthorization(
+            msg,
+            channelId,
+            amount.iou(),
+            amount.getCurrency(),
+            amount.getIssuer()
+        );
+    }

    try
    {
@@ -124,22 +133,31 @@ doChannelVerify(RPC::JsonContext& context)
    if (!channelId.parseHex(params[jss::channel_id].asString()))
        return rpcError(rpcCHANNEL_MALFORMED);

-    std::optional<std::uint64_t> const optDrops = params[jss::amount].isString()
-        ? to_uint64(params[jss::amount].asString())
-        : std::nullopt;
-
-    if (!optDrops)
+    STAmount amount;
+    bool isAmount = amountFromJsonNoThrow(amount, params[jss::amount]);
+    if (!isAmount)
        return rpcError(rpcCHANNEL_AMT_MALFORMED);

-    std::uint64_t const drops = *optDrops;
+    Serializer msg;
+    if (isXRP(amount))
+    {
+        serializePayChanAuthorization(msg, channelId, amount.xrp());
+    }
+    else
+    {
+        serializePayChanAuthorization(
+            msg,
+            channelId,
+            amount.iou(),
+            amount.getCurrency(),
+            amount.getIssuer()
+        );
+    }

    auto sig = strUnHex(params[jss::signature].asString());
    if (!sig || !sig->size())
        return rpcError(rpcINVALID_PARAMS);

-    Serializer msg;
-    serializePayChanAuthorization(msg, channelId, XRPAmount(drops));
-
    Json::Value result;
    result[jss::signature_verified] =
        verify(*pk, msg.slice(), makeSlice(*sig), /*canonical*/ true);