4 |
--------------------------------------------------------------------------------
/config/initializers/session_store.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | Rails.application.config.session_store :cookie_store, key: '_trademed_session'
4 |
--------------------------------------------------------------------------------
/app/models/network_fee.rb:
--------------------------------------------------------------------------------
1 | # All this does is display a number based on current week in the nav bar of vendors.
2 | class NetworkFee < ApplicationRecord
3 | validates :weeknum, uniqueness: true
4 | end
5 |
--------------------------------------------------------------------------------
/config/initializers/mime_types.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Add new mime types for use in respond_to blocks:
4 | # Mime::Type.register "text/richtext", :rtf
5 |
--------------------------------------------------------------------------------
/public/robots.txt:
--------------------------------------------------------------------------------
1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
2 | #
3 | # To ban all spiders from the entire site uncomment the next two lines:
4 | # User-agent: *
5 | # Disallow: /
6 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/adminarea.css.scss:
--------------------------------------------------------------------------------
1 | // styles for admin area.
2 | // application layout will include this whenever an admin controller is handling request.
3 | .green_text {
4 | color: green;
5 | }
6 | .orange_text {
7 | color: orange;
8 | }
9 |
--------------------------------------------------------------------------------
/config/cable.yml:
--------------------------------------------------------------------------------
1 | development:
2 | adapter: async
3 |
4 | test:
5 | adapter: async
6 |
7 | production:
8 | adapter: redis
9 | url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
10 | channel_prefix: trademed_production
11 |
--------------------------------------------------------------------------------
/config/initializers/filter_parameter_logging.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Configure sensitive parameters which will be filtered from the log file.
4 | Rails.application.config.filter_parameters += [:password]
5 |
--------------------------------------------------------------------------------
/app/views/application/_form_errors.html.erb:
--------------------------------------------------------------------------------
1 |
2 | <% if what.errors.any? %>
3 | <% what.errors.full_messages.each do |msg| %>
4 | <%= content_tag :div, msg, :class => "alert alert-danger" %>
5 | <% end %>
6 | <% end %>
7 |
8 |
--------------------------------------------------------------------------------
/app/models/multipay_group.rb:
--------------------------------------------------------------------------------
1 | class MultipayGroup < ApplicationRecord
2 | has_many :orders
3 | # This allows multipaygroupInstance.primary_order for setting and getting.
4 | belongs_to :primary_order, foreign_key: :primary_order_id , class_name: 'Order'
5 |
6 | end
7 |
--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
1 | # Add your own tasks in files placed in lib/tasks ending in .rake,
2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
3 |
4 | require File.expand_path('../config/application', __FILE__)
5 |
6 | Rails.application.load_tasks
7 |
--------------------------------------------------------------------------------
/app/models/news_post.rb:
--------------------------------------------------------------------------------
1 | class NewsPost < ApplicationRecord
2 | scope :sort_by_post_date, -> { order('post_date DESC') }
3 | validates :message, length: { maximum: 8000 }
4 | validates :message, format: { with: /\A[[[:print:]]\r\n]+\z/,
5 | message: "unexpected characters" }
6 | end
7 |
--------------------------------------------------------------------------------
/config/initializers/application_controller_renderer.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # ActiveSupport::Reloader.to_prepare do
4 | # ApplicationController.renderer.defaults.merge!(
5 | # http_host: 'example.org',
6 | # https: false
7 | # )
8 | # end
9 |
--------------------------------------------------------------------------------
/examples/update_orders_from_blockchain_job.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # crontab entry example:
4 | # */5 * * * * SCRIPT=/path/to/script/update_orders_from_blockchain_job.sh; flock -n $SCRIPT.lock $SCRIPT
5 |
6 | docker-compose run --rm trademed rails r 'UpdateOrdersFromBlockchainJob.perform_now'
7 |
--------------------------------------------------------------------------------
/config/initializers/cookies_serializer.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Specify a serializer for the signed and encrypted cookie jars.
4 | # Valid options are :json, :marshal, and :hybrid.
5 | Rails.application.config.action_dispatch.cookies_serializer = :json
6 |
--------------------------------------------------------------------------------
/app/jobs/count_payouts_job.rb:
--------------------------------------------------------------------------------
1 | class CountPayoutsJob < ApplicationJob
2 | queue_as :default
3 |
4 | def perform
5 | # Not sure if possible to access return code on shell so will just look at output instead.
6 | count = Payout.where(paid: false).count
7 | puts count
8 | end
9 | end
10 |
--------------------------------------------------------------------------------
/app/views/feedbacks/new.html.erb:
--------------------------------------------------------------------------------
1 |
Feedback
2 |
3 |
4 | After leaving feedback you cannot change the rating but the feedback message can be changed.
5 | Therefore, in disputes, wait a week or two before leaving feedback because the issue may take time to resolve.
6 |
9 | <% end %>
10 |
--------------------------------------------------------------------------------
/test/test_helper.rb:
--------------------------------------------------------------------------------
1 | ENV['RAILS_ENV'] ||= 'test'
2 | require File.expand_path('../../config/environment', __FILE__)
3 | require 'rails/test_help'
4 |
5 | class ActiveSupport::TestCase
6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
7 | fixtures :all
8 |
9 | # Add more helper methods to be used by all tests here...
10 | end
11 |
--------------------------------------------------------------------------------
/config/initializers/litecoinrpc.rb:
--------------------------------------------------------------------------------
1 | # In development/testing there are two local bitcoind available for different purposes.
2 | # These are global instance objects used for making requests to the appropriate bitcoind.
3 | ::Payout_litecoinrpc = BitcoinRPC.new(Rails.configuration.payout_litecoinrpc_uri)
4 | ::Market_litecoinrpc = BitcoinRPC.new(Rails.configuration.market_litecoinrpc_uri)
5 |
--------------------------------------------------------------------------------
/config/initializers/website_gpg_key.rb:
--------------------------------------------------------------------------------
1 | ::WebsiteGpgKey = Gpgkeyinfo.new(Rails.configuration.gpg_key_id)
2 |
3 | # Rails5 couldn't initialize a GpgOperations object from app/controllers/concerns/two_factor_auth.rb
4 | # without setting Rails.application.config.enable_dependency_loading true. This forces a load of lib/gpg_operations.rb
5 | # at boot to avoid that problem.
6 | GpgOperations
7 |
--------------------------------------------------------------------------------
/app/views/pages/vendor_directory.html.erb:
--------------------------------------------------------------------------------
1 |
18 |
--------------------------------------------------------------------------------
/config/initializers/backtrace_silencers.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5 |
6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7 | # Rails.backtrace_cleaner.remove_silencers!
8 |
--------------------------------------------------------------------------------
/app/models/message_ref.rb:
--------------------------------------------------------------------------------
1 | class MessageRef < ApplicationRecord
2 | belongs_to :user
3 | belongs_to :otherparty, foreign_key: :otherparty_id , class_name: 'User'
4 | belongs_to :message
5 |
6 | # default_scope breaks ActiveRecord .group()
7 | #default_scope { order(:created_at) }
8 | scope :unseen, -> { where("unseen = 1")}
9 |
10 | validates :direction, inclusion: { in: %w(sent received ) }
11 | validates :unseen, inclusion: { in: [0, 1] }
12 | end
13 |
--------------------------------------------------------------------------------
/app/controllers/admin/products_controller.rb:
--------------------------------------------------------------------------------
1 | class Admin::ProductsController < ApplicationController
2 | before_action :require_admin
3 |
4 | def index
5 | @products = Product.where(deleted: false).order('created_at DESC')
6 | if params[:filter_vendor]
7 | @products = @products.joins(:vendor).where(users: {displayname: params[:filter_vendor]})
8 | end
9 | @products = @products.page(params[:page])
10 | @products_count = @products.count
11 | end
12 | end
13 |
--------------------------------------------------------------------------------
/app/jobs/weekly_order_count_report_job.rb:
--------------------------------------------------------------------------------
1 | # Show historical count of paid orders each week.
2 | class WeeklyOrderCountReportJob < ApplicationJob
3 | queue_as :default
4 |
5 | def perform
6 | Order.after_paid.select('COUNT(1) AS sum, EXTRACT(WEEK FROM created_at) AS week, EXTRACT(YEAR FROM created_at) AS year').
7 | group('week, year').
8 | order('year, week').each do |w|
9 | puts "#{w.year.to_i}/#{w.week.to_i} : #{w.sum}"
10 | end
11 |
12 | end
13 | end
14 |
--------------------------------------------------------------------------------
/app/models/location.rb:
--------------------------------------------------------------------------------
1 | class Location < ApplicationRecord
2 | validates :description, length: { minimum: 2, maximum: 40 }
3 | validates :description, uniqueness: true
4 | default_scope { order(:description) }
5 | # These are ship-to locations. location.products returns all products that ship to this location.
6 | has_and_belongs_to_many :products
7 |
8 | def allow_destroy?
9 | Product.where(from_location: self).count == 0 && self.products.count == 0
10 | end
11 | end
12 |
--------------------------------------------------------------------------------
/config/initializers/bitcoinrpc.rb:
--------------------------------------------------------------------------------
1 | # In development/testing there are two local bitcoind available for different purposes.
2 | # These are global instance objects used for making requests to the appropriate bitcoind.
3 | ::Payout_bitcoinrpc = BitcoinRPC.new(Rails.configuration.payout_bitcoinrpc_uri)
4 | ::Market_bitcoinrpc = BitcoinRPC.new(Rails.configuration.market_bitcoinrpc_uri)
5 | # These are used as RPC arguments for calls that traditionally dealt with account names. Accounts were deprecated in 0.17.
6 | ::DummyStar = '*'
7 | ::DummyBlank = ''
8 |
--------------------------------------------------------------------------------
/app/models/message.rb:
--------------------------------------------------------------------------------
1 | class Message < ApplicationRecord
2 | belongs_to :sender, foreign_key: :sender_id , class_name: 'User'
3 | belongs_to :recipient, foreign_key: :recipient_id , class_name: 'User'
4 |
5 | # User model describes this.
6 | has_many :message_refs
7 |
8 | default_scope { order(:created_at) }
9 |
10 | validates :body, presence: true
11 | validates :body, length: { maximum: 10000 , message: "length of message"}
12 | validates :body, format: { with: /\A[[[:print:]]\r\n]*\z/,
13 | message: "characters unexpected" }
14 |
15 | end
16 |
--------------------------------------------------------------------------------
/app/views/pages/news.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
News archive
4 |
5 | <% NewsPost.sort_by_post_date.each do |post| %>
6 | <%# nil.try always returns nil. in_time_zone(nil) gives UTC. so when visitor not logged in they get UTC time. %>
7 |
16 |
--------------------------------------------------------------------------------
/config/initializers/wrap_parameters.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # This file contains settings for ActionController::ParamsWrapper which
4 | # is enabled by default.
5 |
6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7 | ActiveSupport.on_load(:action_controller) do
8 | wrap_parameters format: [:json]
9 | end
10 |
11 | # To enable root element in JSON for ActiveRecord objects.
12 | # ActiveSupport.on_load(:active_record) do
13 | # self.include_root_in_json = true
14 | # end
15 |
--------------------------------------------------------------------------------
/app/views/feedbacks/respond.html.erb:
--------------------------------------------------------------------------------
1 | <%= render partial: 'form_errors', locals: { what: @feedback } %>
2 |
3 |
15 | <% end -%>
16 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/application.css:
--------------------------------------------------------------------------------
1 | /*
2 | * This is a manifest file that'll be compiled into application.css, which will include all the files
3 | * listed below.
4 | *
5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
6 | * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
7 | *
8 | * You're free to add application-wide styles to this file and they'll appear at the top of the
9 | * compiled file, but it's generally better to create a new file per style scope.
10 | *
11 | *= require application_layout
12 | */
13 |
--------------------------------------------------------------------------------
/app/views/admin/locations/_form.html.erb:
--------------------------------------------------------------------------------
1 | <%= form_for([:admin, @location] , :html => { class: 'form-horizontal' }) do |f| %>
2 |
3 | <%= render partial: 'form_errors', locals: { what: @location } %>
4 |
5 |
16 |
--------------------------------------------------------------------------------
/app/models/unitprice.rb:
--------------------------------------------------------------------------------
1 | class Unitprice < ApplicationRecord
2 | belongs_to :product, optional: true # product_id field may be nil. See orders controller.
3 | has_many :orders
4 |
5 | default_scope { order(:unit) } # to ensure unit prices displayed in ascending order.
6 |
7 | validates :unit, numericality: { greater_than: 0 }
8 | # Allow free products because vendor may give away samples where buyer only pays shipping.
9 | # When order is created the total cost must be greater than zero however.
10 | validates :price, numericality: { greater_than_or_equal_to: 0 }
11 | validates :currency, :inclusion => { in: Rails.configuration.currencies }
12 | end
13 |
--------------------------------------------------------------------------------
/app/views/pages/publickey.html.erb:
--------------------------------------------------------------------------------
1 |
Public key
2 |
3 | Please import this PGP key so you can authenticate this website in future.
4 |
5 | Bitcoin payment addresses for orders will always be signed with this key.
6 |
7 |
8 | You should bookmark this site and always use the bookmark for future access to avoid phishing attacks.
9 |
10 |
11 |
12 | Key ID / fingerprint :
13 |
14 | <%= WebsiteGpgKey.fingerprint %>
15 |
16 |
17 | Key data for importing :
18 |
19 | <%= WebsiteGpgKey.pubkey %>
20 |
21 |
22 |
23 | <% if flash.key?(:newuser) %>
24 | <%= link_to 'Continue', root_path, class: 'btn btn-primary' %>
25 | <% end %>
26 |
--------------------------------------------------------------------------------
/app/models/ticket_message.rb:
--------------------------------------------------------------------------------
1 | class TicketMessage < ApplicationRecord
2 | belongs_to :ticket
3 | default_scope { order('created_at DESC') }
4 | # We don't bother enforcing non-blank messages because these are removed by reject_if in Ticket model
5 | # so validation never done on TMs with blank messages.
6 | validates :message, length: { maximum: 10000 , message: "length of message"}
7 | validates :message, format: { with: /\A[[[:print:]]\r\n]*\z/, message: "characters unexpected" }
8 | validates :response, length: { maximum: 10000 , message: "length of message"}
9 | validates :response, format: { with: /\A[[[:print:]]\r\n]*\z/,
10 | message: "characters unexpected" }
11 | end
12 |
--------------------------------------------------------------------------------
/config/initializers/assets.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Version of your assets, change this if you want to expire all your assets.
4 | Rails.application.config.assets.version = '1.0'
5 |
6 | # Add additional assets to the asset load path.
7 | # Rails.application.config.assets.paths << Emoji.images_path
8 | # Add Yarn node_modules folder to the asset load path.
9 | Rails.application.config.assets.paths << Rails.root.join('node_modules')
10 |
11 | # Precompile additional assets.
12 | # application.js, application.css, and all non-JS/CSS in the app/assets
13 | # folder are already added.
14 | Rails.application.config.assets.precompile += %w( admin.css )
15 |
--------------------------------------------------------------------------------
/app/views/admin/messages/show_conversation.html.erb:
--------------------------------------------------------------------------------
1 |
4 | Messages received by <%=@user.displayname%> are displayed brown color. This is similar to what the user will see
5 | except admin can see deleted messages appended with a delineation sentance between.
6 |
25 |
26 | <% end %>
27 |
--------------------------------------------------------------------------------
/app/controllers/concerns/two_factor_auth.rb:
--------------------------------------------------------------------------------
1 | module TwoFactorAuth
2 | extend ActiveSupport::Concern
3 |
4 | # Code shared by account settings and also during 2FA login.
5 | # Expects @user to be defined already by calling controller.
6 | def setup_pgp_2fa
7 | @gpg_msg = nil
8 | secret = SecureRandom.urlsafe_base64(nil, false)
9 | user_gpg = GpgOperations.new(@user.publickey)
10 | if !user_gpg.key_id.empty?
11 | # Function returns nil on any problems.
12 | @gpg_msg = user_gpg.encrypt("\n#{secret}\n\n")
13 | end
14 | if @gpg_msg
15 | # I think session data is encrypted but hash it anyway so no way to obtain secret from session data.
16 | session[:hash_of_secret] = Digest::SHA1.hexdigest(secret)
17 | end
18 | if @gpg_msg.nil?
19 | flash[:alert] = 'Unable to encrypt a message using your public key. Maybe the full key is not saved correctly.'
20 | end
21 |
22 | end
23 | end
24 |
--------------------------------------------------------------------------------
/app/views/shippingoptions/index.html.erb:
--------------------------------------------------------------------------------
1 |
28 |
29 | <% end %>
30 |
31 |
--------------------------------------------------------------------------------
/bin/update:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | require 'fileutils'
3 | include FileUtils
4 |
5 | # path to your application root.
6 | APP_ROOT = File.expand_path('..', __dir__)
7 |
8 | def system!(*args)
9 | system(*args) || abort("\n== Command #{args} failed ==")
10 | end
11 |
12 | chdir APP_ROOT do
13 | # This script is a way to update your development environment automatically.
14 | # Add necessary update steps to this file.
15 |
16 | puts '== Installing dependencies =='
17 | system! 'gem install bundler --conservative'
18 | system('bundle check') || system!('bundle install')
19 |
20 | # Install JavaScript dependencies if using Yarn
21 | # system('bin/yarn')
22 |
23 | puts "\n== Updating database =="
24 | system! 'bin/rails db:migrate'
25 |
26 | puts "\n== Removing old logs and tempfiles =="
27 | system! 'bin/rails log:clear tmp:clear'
28 |
29 | puts "\n== Restarting application server =="
30 | system! 'bin/rails restart'
31 | end
32 |
--------------------------------------------------------------------------------
/app/views/pages/index.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 | <% if @show_news %>
4 |
Recent news
5 |
6 | <% @news.each do |post| %>
7 | <%# nil.try always returns nil. in_time_zone(nil) gives UTC. so when visitor not logged in they get UTC time. %>
8 |
29 |
--------------------------------------------------------------------------------
/db/seeds.rb:
--------------------------------------------------------------------------------
1 | # This file should contain all the record creation needed to seed the database with its default values.
2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
3 | #
4 | # Examples:
5 | #
6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
7 | # Mayor.create(name: 'Emanuel', city: cities.first)
8 |
9 |
10 | bitcoin = PaymentMethod.create( name: 'Bitcoin', code: 'BTC' )
11 | # It is not necessary to have an exchange rate, app will still start. Run one of the jobs to set rates asap.
12 | BtcRate.create(code: 'USD', rate: 500, payment_method: bitcoin )
13 |
14 | # Example to initialize. The only effect of these records is to show on nav bar.
15 | #(1..53).each{|n| NetworkFee.create(weeknum: n) }
16 |
17 | #Category.create([ {name: 'Category1'},{name: 'Category2'} , {name: 'Category3'} ])
18 | #Location.create([ { description: 'Russia' }, { description: 'USA' }, { description: 'World wide' }, { description: 'Canada' } ])
19 |
--------------------------------------------------------------------------------
/config/locales/en.yml:
--------------------------------------------------------------------------------
1 | # Files in the config/locales directory are used for internationalization
2 | # and are automatically loaded by Rails. If you want to use locales other
3 | # than English, add the necessary files in this directory.
4 | #
5 | # To use the locales, use `I18n.t`:
6 | #
7 | # I18n.t 'hello'
8 | #
9 | # In views, this is aliased to just `t`:
10 | #
11 | # <%= t('hello') %>
12 | #
13 | # To use a different locale, set it with `I18n.locale`:
14 | #
15 | # I18n.locale = :es
16 | #
17 | # This would use the information in config/locales/es.yml.
18 | #
19 | # The following keys must be escaped otherwise they will not be retrieved by
20 | # the default I18n backend:
21 | #
22 | # true, false, on, off, yes, no
23 | #
24 | # Instead, surround them with single quotes.
25 | #
26 | # en:
27 | # 'true': 'foo'
28 | #
29 | # To learn more, please read the Rails Internationalization guide
30 | # available at http://guides.rubyonrails.org/i18n.html.
31 |
32 | en:
33 | hello: "Hello world"
34 |
--------------------------------------------------------------------------------
/app/models/bond.rb:
--------------------------------------------------------------------------------
1 | # To have a vendor account, admin can change their account to vendor after they have created an account.
2 | # Otherwise the standard way would be for them to use the user registration page and provide a valid "vendor code".
3 | # Vendor [authorization] codes are stored in the Bond relation and validity of the code depends on the bond attributes.
4 |
5 | # The registration process allows a vendor account to be created if the vendor code provided is the id of a bond record
6 | # and the bond record has no vendor assigned yet.
7 |
8 | # The bond record may refer to an order but it is not necessary for the bond to refer to an order. This is for situations where the site runs
9 | # with multiple vendors and new vendors must purchase a code to create a vendor account.
10 | # The admin can create a bond record simply to issue the vendor code to someone.
11 | class Bond < ApplicationRecord
12 | belongs_to :vendor, foreign_key: :vendor_id , class_name: 'User', optional: true
13 | belongs_to :order, optional: true
14 | end
15 |
--------------------------------------------------------------------------------
/app/jobs/delete_order_postal_address_job.rb:
--------------------------------------------------------------------------------
1 | # Optionally run this job to delete the order address field on completed orders that are 8 weeks old.
2 | # Even though this field is a PGP message, for extra security delete it when no longer needed.
3 |
4 | def erase_address(order)
5 | ScriptLog.info("erased address on order id: #{order.id}")
6 | order.update!(address: '')
7 | end
8 |
9 | class DeleteOrderPostalAddressJob < ApplicationJob
10 | queue_as :default
11 |
12 | def perform
13 | ScriptLog.info("#{self.class} - erasing address field on old orders")
14 |
15 | Order.where(deleted_by_vendor: true).where(deleted_by_buyer: true).where.not(address: '').each do |o|
16 | erase_address(o)
17 | end
18 |
19 | Order.where('orders.created_at < ?', Time.now - 8.week).
20 | where(status: [Order::FINALIZED, Order::AUTO_FINALIZED, Order::DECLINED, Order::EXPIRED, Order::REFUND_FINALIZED, Order::ADMIN_FINALIZED] ).
21 | where.not(address: '').each do |o|
22 | erase_address(o)
23 | end
24 | end
25 | end
26 |
--------------------------------------------------------------------------------
/examples/update_btcRates_tor_example.rb:
--------------------------------------------------------------------------------
1 | require 'net/http'
2 | require 'net/https'
3 | require 'socksify/http'
4 | require 'json'
5 |
6 | # Example code only for requesting an SSL site over TOR.
7 | # Bitpay uses Cloudflare which blocks TOR so this won't work.
8 |
9 | uri = URI.parse('https://bitpay.com/api/rates')
10 | http = nil
11 |
12 | tor_proxy_host = Rails.configuration.tor_proxy_host
13 | tor_proxy_port = Rails.configuration.tor_proxy_port
14 | # If tor_proxy_host, tor_proxy_port are nil it silently falls back to not using a proxy to complete the request.
15 | http = Net::HTTP.SOCKSProxy(tor_proxy_host, tor_proxy_port).new(uri.host, uri.port)
16 | http.use_ssl = true
17 | http.verify_mode = OpenSSL::SSL::VERIFY_PEER
18 |
19 | response = http.get(uri)
20 | rates = JSON.parse(response.body)
21 | #=> [{"code"=>"USD", "name"=>"US Dollar", "rate"=>226.68},
22 | # {"code"=>"EUR", "name"=>"Eurozone Euro", "rate"=>199.296444},
23 | # {"code"=>"GBP", "name"=>"Pound Sterling", "rate"=>150.81276},
24 | # {"code"=>"JPY", "name"=>"Japanese Yen", "rate"=>26806.1391}, ...
25 |
--------------------------------------------------------------------------------
/app/views/admin/news_posts/index.html.erb:
--------------------------------------------------------------------------------
1 |
19 | <%# Put the edit link inside form just for formatting so they are one same line %>
20 | <%= form_tag([:admin, post], method: :delete) do %>
21 | <%= link_to 'Edit', edit_admin_news_post_path(post), class: "btn btn-primary" %>
22 | <%= submit_tag("Delete", class: 'btn btn-danger') %>
23 | <% end %>
24 |
16 | <%# The above message is printed on one long line in the source code with no newline chars.
17 | This allows copying PGP messages correctly while using the break-word styling in Firefox.
18 | Chrome doesn't have the copy problem that Firefox has. %>
19 | <% end %>
20 |
<%# daygroup %>
21 |
22 | <% end %>
23 |
--------------------------------------------------------------------------------
/app/jobs/btc_rates_blockchaininfo_job.rb:
--------------------------------------------------------------------------------
1 | require 'net/http'
2 | require 'json'
3 |
4 | # Exchange rates from blockchain.info.
5 | class BtcRatesBlockchaininfoJob < ApplicationJob
6 | queue_as :default
7 |
8 | def perform()
9 | ScriptLog.info("#{self.class} - updating bitcoin exchange rates")
10 |
11 | uri = URI('https://blockchain.info/ticker')
12 | response_string = Net::HTTP.get(uri)
13 | btc_rates = JSON.parse(response_string)
14 |
15 | # => { "USD" : {"15m" : 7227.2922081, "last" : 7227.2922081, "buy" : 7227.2922081, "sell" : 7227.2922081, "symbol" : "$"},
16 | # "AUD" : {"15m" : 10020.300963796868, "last" : 10020.300963796868, "buy" : 10020.300963796868, "sell" : 10020.300963796868, "symbol" : "$"},
17 |
18 | bitcoin_key = PaymentMethod.bitcoin.id
19 | Rails.configuration.currencies.each do |currency|
20 | raise unless btc_rates.has_key?(currency)
21 | btcrate = BtcRate.find_or_create_by!(code: currency, payment_method_id: bitcoin_key)
22 | btcrate.rate = btc_rates[currency]["15m"]
23 | btcrate.save!
24 | end
25 |
26 | end
27 | end
28 |
--------------------------------------------------------------------------------
/app/assets/images/bitcoin.svg:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/bin/setup:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | require 'fileutils'
3 | include FileUtils
4 |
5 | # path to your application root.
6 | APP_ROOT = File.expand_path('..', __dir__)
7 |
8 | def system!(*args)
9 | system(*args) || abort("\n== Command #{args} failed ==")
10 | end
11 |
12 | chdir APP_ROOT do
13 | # This script is a starting point to setup your application.
14 | # Add necessary setup steps to this file.
15 |
16 | puts '== Installing dependencies =='
17 | system! 'gem install bundler --conservative'
18 | system('bundle check') || system!('bundle install')
19 |
20 | # Install JavaScript dependencies if using Yarn
21 | # system('bin/yarn')
22 |
23 | # puts "\n== Copying sample files =="
24 | # unless File.exist?('config/database.yml')
25 | # cp 'config/database.yml.sample', 'config/database.yml'
26 | # end
27 |
28 | puts "\n== Preparing database =="
29 | system! 'bin/rails db:setup'
30 |
31 | puts "\n== Removing old logs and tempfiles =="
32 | system! 'bin/rails log:clear tmp:clear'
33 |
34 | puts "\n== Restarting application server =="
35 | system! 'bin/rails restart'
36 | end
37 |
--------------------------------------------------------------------------------
/app/jobs/delete_order_payout_details_job.rb:
--------------------------------------------------------------------------------
1 | # On the market server, OrderPayout records store bitcoin txids about payments to vendors and buyers.
2 | # This info is mostly useful around time the payment is made but after a few weeks it is no longer of much interest.
3 | # Optionally run this job to delete bitcoin transaction details that occured three weeks ago so if database is exposed then less info about transactions is revealed.
4 | # This information is only visible to vendor on order view and the order_payouts index.
5 | # There are still records of the btc amount paid but not the txid or btc address.
6 | class DeleteOrderPayoutDetailsJob < ApplicationJob
7 | queue_as :default
8 |
9 | def perform
10 | OrderPayout.where('order_payouts.updated_at < ?', Time.now - 3.weeks).where(paid: true).update_all(txid: nil, btc_address: nil)
11 | # When an order is deleted by vendor, then no details of it show in order_payouts index so ok to purge these fields regardless of age.
12 | OrderPayout.joins(:order).where('orders.deleted_by_vendor': true).where(paid: true).update_all(txid: nil, btc_address: nil)
13 | end
14 | end
15 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2019 Trademed
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
22 |
--------------------------------------------------------------------------------
/app/models/admin_user.rb:
--------------------------------------------------------------------------------
1 | class AdminUser < ApplicationRecord
2 | has_secure_password
3 | validates :password, length: { minimum: 8, maximum: 30 }, :if => :validate_password?
4 | validates :password_confirmation, length: { minimum: 8, maximum: 30 }, :if => :validate_password?
5 |
6 | validates :username, length: { minimum: 4, maximum: 20 }
7 | validates :username, uniqueness: true
8 | validates :username, format: { with: /\A[\w\d]+\z/,
9 | message: "permitted characters are alphabetic or numeric only" }
10 | validates :displayname, length: { minimum: 3, maximum: 30 }
11 | validates :displayname, uniqueness: true
12 | validates :displayname, format: { with: /\A[\w\d]+\z/,
13 | message: "permitted characters are alphabetic or numeric only" }
14 | validate :username_differs_displayname
15 |
16 | # http://guides.rubyonrails.org/active_record_validations.html#custom-methods
17 | def username_differs_displayname
18 | errors.add(:displayname, "Username must be different to Displayname") if username == displayname
19 | end
20 |
21 | def validate_password?
22 | password.present? || password_confirmation.present?
23 | end
24 | end
25 |
--------------------------------------------------------------------------------
/app/views/admin/locations/index.html.erb:
--------------------------------------------------------------------------------
1 |
21 | <%# Put the edit link inside form just for formatting so they are one same line %>
22 | <%= form_tag([:admin, loc], method: :delete) do %>
23 | <%= link_to 'Edit', edit_admin_location_path(loc), class: "btn btn-primary btn-sm" %>
24 | <%= submit_tag("Delete", class: "btn btn-danger btn-sm") if loc.allow_destroy? %>
25 | <% end %>
26 |
4 | Vendors can view but cannot make purchases.
5 | <% if @product.vendor == current_user %>
6 | <%= link_to 'Click this link for vendor product view', vendor_product_path(@product) %>.
7 | <%end%>
8 |
9 | <% end %>
10 |
11 | <% if @product.allow_purchase? == false %>
12 |
This product is not currently available to order, because sales have been disabled by vendor or else no stock.
19 | <%# The above message is printed on one long line in the source code with no newline chars.
20 | This allows copying PGP messages correctly while using the break-word styling in Firefox.
21 | Chrome doesn't have the copy problem that Firefox has. %>
22 | <% end %>
23 |
49 |
--------------------------------------------------------------------------------
/app/jobs/update_orders_count_job.rb:
--------------------------------------------------------------------------------
1 | # Counter cache is enabled so products.orders_count variable is automatically incremented by rails every time an order created.
2 | # This variable is used for sorting most popular products. However it includes orders in states 'before confirmed' and 'payment pending'
3 | # so popularity influenced by creating lots of orders in those states. It seems like some buyers will create 'before confirmed' orders
4 | # as a way to get a bitcoin price estimate.
5 | # This job resets all products orders_count based on number of orders that were paid.
6 | # Only count orders in last 4 weeks because we want current popularity, not a product that was popular a year ago that no one is buying currently.
7 | # Rails prevents altering orders_count directly and the functions for adjusting it are not suitable for setting to arbitrary values,
8 | # therefore update using SQL.
9 | # A better solution would be to add another attribute to Product to track this info.
10 | class UpdateOrdersCountJob < ApplicationJob
11 | queue_as :default
12 |
13 | def perform
14 | ActiveRecord::Base.connection.execute("UPDATE products SET orders_count = 0;")
15 |
16 | Order.where('created_at > ?', Time.now - 4.week).after_paid.
17 | select('COUNT(1) AS cnt, product_id').group(:product_id).each do |p|
18 | ActiveRecord::Base.connection.execute("UPDATE products SET orders_count = #{p.cnt} WHERE id = '#{p.product_id}';")
19 | end
20 | end
21 | end
22 |
--------------------------------------------------------------------------------
/app/views/admin/order_payouts/edit.html.erb:
--------------------------------------------------------------------------------
1 |
6 | This form is for manually setting vendor or buyer payout information. Normally these fields will be updated automatically
7 | by the payout server connecting to the market api, but this is for situations where you have the payment server turned off
8 | and will use another wallet to manually make payments.
9 |
10 |
11 | By manually setting the paid flag and txid field, the user will know
12 | that payment has occurred and it will prevent the payment server from retrieving this record to process a payment.
13 | Make sure the payment server has not already retrieved this record.
14 |
40 |
--------------------------------------------------------------------------------
/lib/gpgkeyinfo.rb:
--------------------------------------------------------------------------------
1 | # ascii message format described here - https://tools.ietf.org/html/rfc4880#page-54
2 | class Gpgkeyinfo
3 | # Fingerprint is displayed on /publickey page.
4 | attr_reader :fingerprint
5 | attr_reader :pubkey
6 |
7 | def initialize(keyid)
8 | @fingerprint = ''
9 | @pubkey = ''
10 | return if keyid.nil?
11 | io = IO.popen("gpg --fingerprint " + keyid)
12 | matches = io.read.match /([0-9A-Z]{4}\s*){10}/
13 | if matches
14 | @fingerprint = matches[0]
15 | end
16 | io.close
17 | io = IO.popen("gpg -a --export " + keyid)
18 | @pubkey = io.read
19 | io.close
20 | end
21 |
22 | # When a public key is provided on stdin, it outputs a key id data but does not import.
23 | # Newer gpg versions , this is equivalent to gpg --dry-run --import --import-options import-show , but those options have different effect on output when invalid key provided.
24 | # When invalid input, returns stderr "gpg: no valid OpenPGP data found" and no stdout.
25 | # User model has a validation that calls this function and adds an error when this returns empty string.
26 | # Otherwise this is used to present some details about the key on pages like profile, messaging.
27 | # Write stderr to /dev/null to make less test and log output.
28 | def self.read_key(str)
29 | IO.popen("gpg", "r+", :err=>"/dev/null") do |pipe|
30 | pipe.write(str)
31 | pipe.close_write
32 | pipe.read
33 | end
34 | end
35 | end
36 |
--------------------------------------------------------------------------------
/app/controllers/admin/locations_controller.rb:
--------------------------------------------------------------------------------
1 | class Admin::LocationsController < ApplicationController
2 | before_action :require_admin
3 | before_action :set_location, only: [:show, :edit, :update, :destroy]
4 |
5 | def index
6 | @locations = Location.all
7 | end
8 |
9 | def new
10 | @location = Location.new
11 | end
12 |
13 | def create
14 | @location = Location.new(location_params)
15 | if @location.save
16 | redirect_to admin_locations_path, notice: 'Location was created'
17 | else
18 | render :new
19 | end
20 | end
21 |
22 | def update
23 | if @location.update(location_params)
24 | redirect_to admin_locations_path, notice: 'Location was updated'
25 | else
26 | render :edit
27 | end
28 | end
29 |
30 | def destroy
31 | # A product has a from_location. We can't delete a location refered to by a product from_location because it breaks ref. integrity.
32 | # A product also has many to-locations (and to-location has many products) defined by HABTM table.
33 | if @location.allow_destroy? && @location.destroy
34 | redirect_to admin_locations_path, notice: 'Location deleted'
35 | else
36 | redirect_to admin_locations_path, alert: 'Location delete failed'
37 | end
38 | end
39 |
40 | private
41 | def set_location
42 | @location = Location.find(params[:id])
43 | end
44 |
45 | def location_params
46 | params.require(:location).permit(:description)
47 | end
48 | end
49 |
--------------------------------------------------------------------------------
/app/views/products/_unitprices.html.erb:
--------------------------------------------------------------------------------
1 |
2 | <% product.unitprices.each do |unitprice| %>
3 |
6 | <% if current_user %>
7 | <%= to_users_currency(unitprice.currency, unitprice.price) %> <%= current_user.currency %>
8 | <%else%>
9 | <%# just display in whatever currency it was saved as %>
10 | <%= currency_format(unitprice.price) %> <%=unitprice.currency%>
11 | <% end %>
12 |
13 | <%if show_price_per_unit%>
14 | <%# price per unit calculation.
15 | The precision setting will automatically round. So 100g/$1.60 has ppu 0.02 $/g.
16 | If ppu below 1c then don't bother displaying because it will be zero. %>
17 |
45 |
46 |
47 | <%end%>
48 |
49 |
50 |
51 | <%end%>
52 |
--------------------------------------------------------------------------------
/app/controllers/admin/payouts_controller.rb:
--------------------------------------------------------------------------------
1 | # This controller is used on the payout server.
2 | class Admin::PayoutsController < ApplicationController
3 | before_action :require_admin
4 |
5 | def index
6 | # Job will block so index can take a while to load if there are a lot of payouts for the job to check.
7 | begin
8 | PayoutConfirmationsJob.perform_now
9 | rescue
10 | flash.now[:alert] = 'Problem running PayoutConfirmationsJob'
11 | end
12 | @payouts = Payout.order('paid ASC, market_updated ASC, updated_at DESC, username')
13 | @payouts = @payouts.page(params[:page])
14 |
15 | # For any unpaid payouts, find those users past paid payouts and all the addresses they ever paid out to.
16 | # If an unpaid payout is requesting payment to an address the user has never used before, then we highlight this in the view.
17 | # First get an array of usernames of unpaid payouts.
18 | usernames_unpaid = Payout.where(paid: false).select(:username).distinct.pluck(:username)
19 | # Generate a hash with keys being usernames and value is array of past paid addresses.
20 | @past_paid_addresses = Payout.select('username, json_agg(payout_btc_address)').where(paid: true).
21 | where(username: usernames_unpaid).
22 | group('username').
23 | pluck(:username, 'json_agg(payout_btc_address)').to_h
24 | # ie: {"vendor1"=>["mn3oydmDskW16ZWLV8Qe7Av7NsH2Mzp6UH", "mxYcACPJWAMMkXu7S9SM8npicFWehpYCWx", "mfsMmGSPkYyrki79yiX6SQGSV2z3eVyq4C"]}
25 | end
26 |
27 | def show
28 | @payout = Payout.find(params[:id])
29 | end
30 | end
31 |
--------------------------------------------------------------------------------
/app/views/feedbacks/_form.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 | <%= form_for(@feedback) do |f| %>
4 | <%= render partial: 'form_errors', locals: { what: @feedback } %>
5 |
6 | <% if @feedback.new_record? %>
7 | <%# When submitting new feedback (as opposed to an update), the order_id parameter is required. Updates don't need to specify order_id. %>
8 | <%= f.hidden_field(:order_id) %>
9 |
10 |
11 |
14 |
15 |
16 |
19 |
20 |
21 |
24 |
25 |
26 | <%end%>
27 |
28 | <%# Updates can only modify the text message, not the rating. Can't remember the exact reasons for designing it this way.
29 | Maybe reason is to prevent someone changing historical positive feedback to negative based on a single bad sale. %>
30 |
22 | <%# Put the edit link inside form just for formatting so they are one same line %>
23 | <%= form_tag([:admin, cat], method: :delete) do %>
24 | <%= link_to 'Edit', edit_admin_category_path(cat), class: "btn btn-primary btn-sm" %>
25 | <%= submit_tag("Delete", class: "btn btn-danger btn-sm") if cat_product_count == 0 %>
26 | <%# Tried using 'disabled' class to prevent delete when products exist in category but
27 | it would hover a circle crossed out and clicking would still submit the delete action.
28 | disabled css class can be used on links that are displayed as buttons to prevent clicking.
29 | but disabled css class shouldn't be used on inputs like submit button because it appears disabled but still allows clicking.%>
30 | <% end %>
31 |
4 | The message list in this table is exactly what the specified user will see in their views. So if they have deleted messages (references)
5 | then admin will not be able to see the deleted messages either.
6 |
39 | To view messages where all references have been deleted, this list is every user ever sent to or received from.
40 | The list of usernames in the above table is a subset of users in this list.
41 |
47 |
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
1 | # docker-compose.yml example file for use on market server or payment server.
2 | # The commented sections are only applicable when configuring the market server.
3 | db:
4 | image: postgres
5 | environment:
6 | POSTGRES_PASSWORD: mysecretpassword
7 | trademed:
8 | image: trademed
9 | volumes:
10 | - /home/rails/docker/log:/usr/src/app/log
11 | - /home/rails/docker/public/system:/usr/src/app/public/system
12 | ports:
13 | - "3000:3000"
14 | links:
15 | - db:db.local
16 | environment: &app_env
17 | RAILS_ENV: production
18 | RAILS_SERVE_STATIC_FILES: 'true'
19 | SECRET_KEY_BASE: YOUR_SECRET_HERE
20 | DATABASE_URL: postgres://trademed_prod:PASSWORD@db.local/trademed_prod
21 | LOGO_FILENAME: logo.png
22 | SITENAME: Trademed
23 | GPG_KEY_ID: YOUR_KEY_ID
24 | BLOCKCHAIN_CONFIRMATIONS: 3
25 | ADMIN_API_KEY: YOUR_MARKET_SERVER_KEY
26 |
27 | # Payout only settings.
28 | TOR_PROXY_HOST: 192.168.1.2
29 | TOR_PROXY_PORT: 9050
30 | ADMIN_API_URI_BASE: http://admin.xxxxxxx.onion/
31 | PAYOUT_BITCOIND_URI: http://bitcoinrpc:YOUR_RPC_PASSWORD_HERE@192.168.1.2:8332/
32 | PAYOUT_LITECOIND_URI: ...
33 | BITCOIND_ORDERS_ACCOUNT_NAME: trademed_orders
34 |
35 | # Market only settings.
36 | #DISPLAYNAME_HASH_SALT: xxxxxxx
37 | #CURRENCIES: USD AUD EUR GBP CAD
38 | #MARKET_BITCOIND_URI: http://bitcoinrpc:YOUR_RPC_PASSWORD_HERE@192.168.1.2:8332/
39 | #ENABLE_VENDOR_REGISTRATION_FORM: 'true'
40 | #ENABLE_MANDATORY_PGP_USER_ACCOUNTS: 'true'
41 | #BITCOIND_WATCH_ADDRESS_LABEL: trademed_watches
42 | #ADMIN_HOSTNAME: admin.xxxxxxx.onion
43 |
--------------------------------------------------------------------------------
/app/jobs/ltc_rates_coinmarketcap_job.rb:
--------------------------------------------------------------------------------
1 | require 'net/http'
2 | require 'json'
3 |
4 | # This requires the bitcoin rates to be set and the litecoin/bitcoin rate
5 | # is used to calculate all the country litecoin rates. Not ideal but this is
6 | # how bitcoin exchange rates are usually calculated by providers rather than
7 | # looking at country specific exchanges.
8 |
9 | class LtcRatesCoinmarketcapJob < ApplicationJob
10 | queue_as :default
11 |
12 | def perform()
13 | if PaymentMethod.litecoin_exists?
14 | ScriptLog.info("#{self.class} - updating litecoin exchange rates")
15 |
16 | uri = URI('https://api.coinmarketcap.com/v1/ticker/litecoin/')
17 | response_string = Net::HTTP.get(uri)
18 | json = JSON.parse(response_string)
19 |
20 | # https://api.coinmarketcap.com/v1/ticker/litecoin/
21 | #=> [
22 | # {
23 | # "id": "litecoin",
24 | # "name": "Litecoin",
25 | # "symbol": "LTC",
26 | # "rank": "6",
27 | # "price_usd": "285.406",
28 | # "price_btc": "0.0172719",
29 |
30 | ltc_btc_rate = BigDecimal.new(json[0]['price_btc'])
31 |
32 | ScriptLog.info("#{self.class} - ltc/btc rate is #{ltc_btc_rate}")
33 |
34 | litecoin_key = PaymentMethod.litecoin.id
35 | Rails.configuration.currencies.each do |currency|
36 | btc_rate = PaymentMethod.bitcoin.btc_rates.find_by(code: currency)
37 | raise if btc_rate.nil?
38 | ltc_rate = BtcRate.find_or_create_by!(code: currency, payment_method_id: litecoin_key)
39 | ltc_rate.rate = btc_rate.rate * ltc_btc_rate
40 | ltc_rate.save!
41 | end
42 | end
43 |
44 | end
45 | end
46 |
--------------------------------------------------------------------------------
/app/jobs/update_orders_from_blockchain_job.rb:
--------------------------------------------------------------------------------
1 | # This job updates the database with the amount paid to an order's bitcoin or litecoin address.
2 | # It is important that concurrent execution of this job does not occur. If multiple copies run at same time
3 | # then the variables that hold results from the bitcoin RPC can be currupted, resulting in locked orders.
4 |
5 | # Note the reason we also look at expired and paid orders:
6 | # Expired orders may have one or more payments confirm after expiry time.
7 | # Paid orders may become unpaid due to a blockchain re-org. Ie if you are only doing 1 confirmation (config.blockchain_confirmations),
8 | # an order that has already been marked Paid may have the paid amount change.
9 | # Sometimes a low bitcoin fee can cause an expired order to take over a week to confirm. So retrieve orders created at least 1 week ago.
10 |
11 |
12 | class UpdateOrdersFromBlockchainJob < ApplicationJob
13 | queue_as :default
14 |
15 | def perform()
16 | orders = Order.where('created_at > ?', Time.now - 3.week).
17 | where(status: [Order::PAYMENT_PENDING, Order::EXPIRED, Order::PAID]).
18 | order('created_at') # first in first served.
19 |
20 | # Exclude any with refunds already processed. Not interested in handling this case.
21 | orders = orders.select do |o|
22 | o.buyer_payout == nil || o.buyer_payout.paid == false
23 | end
24 |
25 | ScriptLog.info("#{self.class} - found #{orders.size} orders to check")
26 |
27 | orders.map(&:update_from_blockchain)
28 |
29 | # Looks for an overpaid order that can cover costs of later pending orders, and makes those pending orders paid.
30 | MultipayCheckJob.perform_now
31 | end
32 | end
33 |
--------------------------------------------------------------------------------
/public/500.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | We're sorry, but something went wrong (500)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
We're sorry, but something went wrong.
62 |
63 |
If you are the application owner check the logs for more information.
64 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/app/models/payment_method.rb:
--------------------------------------------------------------------------------
1 | class PaymentMethod < ApplicationRecord
2 | # If a PaymentMethod with name Litecoin exists then additional code does things like
3 | # obtaining litecoin exchange rates and displaying in nav bar.
4 | # The enabled attribute determines whether new orders can choose the payment method. This is
5 | # designed for maintenance situations where you want to temporarily disable new orders for that payment method.
6 | # Products can be edited to allow them to have disabled payment methods, but new orders won't allow that method.
7 | # It does not prevent vendors from selecting disabled PaymentMethods on their products. And product views
8 | # will show disabled payment methods as options.
9 | # Once a payment method exists, it shouldn't be removed because BtcAddresses, Orders, require a payment method attribute
10 | # so deleting a payment method could break integrity.
11 | has_and_belongs_to_many :products
12 | has_many :orders
13 | has_many :btc_rates
14 | has_many :btc_addresses
15 | validates :name, length: { minimum: 1, maximum: 255 }
16 | validates :name, format: { with: /\A[[:print:]]*\z/, message: "unexpected characters" }
17 | validates :name, uniqueness: true
18 |
19 | default_scope { order(:name) }
20 |
21 | # class method to return the Bitcoin payment method.
22 | def self.bitcoin
23 | self.where(name: 'Bitcoin').first
24 | end
25 |
26 | def self.litecoin
27 | self.where(name: 'Litecoin').first
28 | end
29 |
30 | def self.litecoin_exists?
31 | self.litecoin != nil
32 | end
33 |
34 | def self.bitcoin_exists?
35 | self.bitcoin != nil
36 | end
37 |
38 | def is_bitcoin?
39 | name == 'Bitcoin'
40 | end
41 |
42 | def is_litecoin?
43 | name == 'Litecoin'
44 | end
45 | end
46 |
--------------------------------------------------------------------------------
/app/models/shippingoption.rb:
--------------------------------------------------------------------------------
1 | class Shippingoption < ApplicationRecord
2 | # A shipping option can be used on multiple products and can exist when zero products exist.
3 | # Therefore we need to store who created the shipping option.
4 | # Shipping options can exist without a user reference, see orders controller where user_id is set to nil.
5 | has_and_belongs_to_many :products
6 | belongs_to :user, optional: true
7 | has_many :orders
8 |
9 | # Shipping options are permitted to have null user_id - see orders controller#create.
10 | validates :description, length: { minimum: 1, maximum: 100 }
11 | validates :description, format: { with: /\A[[[:print:]]]+\z/, message: "unexpected characters" }
12 | validates :price, numericality: { greater_than_or_equal_to: 0 }
13 | validates :currency, :inclusion => { in: Rails.configuration.currencies }
14 |
15 | before_destroy :check_product_dependencies
16 |
17 | private
18 | # It is not valid for a product to have no shipping options but when you delete all shipping options,
19 | # the product will have no shippingoptions because only HABTM table is changing (not the product) so product validator not triggered.
20 | # This method will cause the destroy method to abort if this shippingoption is an "only child" of some product.
21 | # If the product has been deleted (the deleted attribute true) then we allow the delete of all its shippingoptions.
22 | def check_product_dependencies
23 | # Iterate though the products associated to this SO, that are not deleted.
24 | products.visible.each do |p|
25 | # throw(:abort) will make the destroy method return false and the controller will know the destroy didn't work.
26 | throw(:abort) if p.shippingoptions.count == 1
27 | end
28 | end
29 | end
30 |
--------------------------------------------------------------------------------
/app/views/admin/products/index.html.erb:
--------------------------------------------------------------------------------
1 |
51 | <%= paginate @products %>
52 |
--------------------------------------------------------------------------------
/examples/environment_example_market.sh:
--------------------------------------------------------------------------------
1 | # When running under docker, these will be set in the docker-compose.yml file
2 | # but if not using docker, this is how the application settings would be specified.
3 | # Example values only.
4 | export RAILS_ENV=production
5 | export RAILS_SERVE_STATIC_FILES=true
6 | export GPG_KEY_ID=ABCDEF12
7 | # set either MARKET_BITCOIND_URI or PAYOUT_BITCOIND_URI, no both. This allows admin area to show different views.
8 | export MARKET_BITCOIND_URI=http://bitcoinrpc:aaaacccc@10.8.0.1:19882/
9 | export MARKET_LITECOIND_URI=http://litecoinrpc:1111ccceee@10.8.0.1:19338/
10 | export PAYOUT_BITCOIND_URI=
11 | export PAYOUT_LITECOIND_URI=
12 | export ADMIN_API_KEY=example6030a5093fd715471d4e154469c48dada4cd604bd3e8eb9036aaf561ae44ecf40a79280b4ab9a31b9cd0784b3bd5a8873a99b80cadaeccb1e7d9a85a2
13 | export DATABASE_URL=postgres://trademed_prod:passwordxxxx@localhost/trademed_production
14 | export SITENAME="Gonzos Widgets"
15 | export ADMIN_HOSTNAME=admin.abcede1122334344.onion
16 | export CURRENCIES="USD AUD EUR CNY GBP RUB CAD"
17 | export DEFAULT_CURRENCY="USD"
18 | export DEFAULT_TIMEZONE="London"
19 | export DISPLAYNAME_HASH_SALT="example6030a5093fd715471d4e154469c48"
20 | export LOGO_FILENAME=logo.png
21 | export ENABLE_SUPPORT_TICKETS=TRUE
22 | # number of confirmations before marked paid and stock reduced.
23 | export BLOCKCHAIN_CONFIRMATIONS=3
24 | export COMMISSION=0.05
25 | export ORDERS_PER_HOUR_THRESHOLD=5
26 | export LISTTRANSACTIONS_COUNT=12000
27 | export EXPIRE_UNPAID_ORDER_DURATION=86400
28 | export SECRET_KEY_BASE=example3f50a06afa3637dec84548229dda371683860750867815092c9487a36d4452a507580e0557c490860859c6d6b7e194089caa7ef9427db4d4dd4733014
29 | export ORDER_AGE_TO_HIDE_PRICE_ON_REVIEW=27648000
30 | export ENABLE_VENDOR_REGISTRATION_FORM=TRUE
31 | export ENABLE_MANDATORY_PGP_USER_ACCOUNTS=TRUE
32 |
--------------------------------------------------------------------------------
/app/models/order_payout.rb:
--------------------------------------------------------------------------------
1 | # An OrderPayout is only created when order status changes to a final state. See order model.
2 | # In a finalized order, a single OP is created for the vendor.
3 | # All expired orders have a single OP regardless of whether there is anything to refund. It was simpler to code this way.
4 | # For partial refunds, the order will have two associated OrderPayouts - a buyer and a vendor OrderPayout.
5 | # Users can alter the payout address any time before it has been paid, even if set automatically with the address defined in account settings.
6 | # For security, considered making it immutable once set but not really worth it because the window of time from being finalized to being paid
7 | # is small so attacker (phisher) won't have many order payouts available to change.
8 | class OrderPayout < ApplicationRecord
9 | validate :address_validate, unless: Proc.new { btc_address.nil? }
10 | # Allows lookup of username directly from the order_payout. This is simply to make the query easier to write in order_payouts_api_controller.rb
11 | belongs_to :user
12 | belongs_to :order
13 | validates :payout_type, inclusion: { in: %w,vendor buyer, } # so you don't need to find this info from looking at order-user relationship.
14 | validates :txid, format: { with: /\A[a-f0-9]{64}\z/, message: "unexpected characters" }, unless: Proc.new { txid.nil? } # 256bit hash.
15 |
16 | def address_validate
17 | if order.payment_method.is_bitcoin?
18 | valid = Market_bitcoinrpc.validateaddress(btc_address)["isvalid"]
19 | elsif order.payment_method.is_litecoin?
20 | valid = Market_litecoinrpc.validateaddress(btc_address)["isvalid"]
21 | else
22 | valid = false
23 | end
24 | unless valid
25 | errors.add(:btc_address, 'payout address appears invalid')
26 | end
27 | end
28 |
29 | end
30 |
--------------------------------------------------------------------------------
/public/422.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | The change you wanted was rejected (422)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
The change you wanted was rejected.
62 |
Maybe you tried to change something you didn't have access to.
63 |
64 |
If you are the application owner check the logs for more information.
65 |
66 |
67 |
68 |
--------------------------------------------------------------------------------
/public/404.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | The page you were looking for doesn't exist (404)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
The page you were looking for doesn't exist.
62 |
You may have mistyped the address or the page may have moved.
63 |
64 |
If you are the application owner check the logs for more information.
65 |
66 |
67 |
68 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
4 | gem 'rails', '5.2.2'
5 | # Use postgresql as the database for Active Record
6 | gem 'pg'
7 | gem 'bootstrap-sass', '~> 3.3.3'
8 | # Use SCSS for stylesheets
9 | gem 'sass-rails', '~> 5.0'
10 | # Use Uglifier as compressor for JavaScript assets
11 | gem 'uglifier', '>= 1.3.0'
12 | # See https://github.com/sstephenson/execjs#readme for more supported runtimes
13 | # gem 'therubyracer', platforms: :ruby
14 |
15 | # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
16 | gem 'turbolinks'
17 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
18 | gem 'jbuilder', '~> 2.0'
19 | # bundle exec rake doc:rails generates the API under doc/api.
20 | gem 'sdoc', '~> 0.4.0', group: :doc
21 |
22 | # Use ActiveModel has_secure_password
23 | # gem 'bcrypt', '~> 3.1.7'
24 |
25 | # Use Unicorn as the app server
26 | # gem 'unicorn'
27 |
28 | # Use Capistrano for deployment
29 | # gem 'capistrano-rails', group: :development
30 |
31 | gem 'thin'
32 | gem 'execjs'
33 | gem 'therubyracer'
34 | gem 'bcrypt'
35 | gem 'friendly_id'
36 | gem 'humanizer'
37 | # Deprecated gem. release notes - https://github.com/thoughtbot/paperclip/blob/master/NEWS
38 | gem "paperclip", "~> 5.3"
39 |
40 | gem 'socksify'
41 | gem 'kaminari'
42 |
43 | group :development, :test do
44 | # Call 'byebug' anywhere in the code to stop execution and get a debugger console
45 | gem 'byebug'
46 |
47 | # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
48 | gem 'spring'
49 |
50 | gem 'rspec-rails'
51 | gem "factory_bot_rails"
52 | gem "capybara"
53 | gem "guard-rspec"
54 | gem 'shoulda-matchers'
55 | gem 'rails-controller-testing'
56 | end
57 |
58 |
--------------------------------------------------------------------------------
/app/views/vendor/products/show.html.erb:
--------------------------------------------------------------------------------
1 | <% if @product.hidden %>
2 |
3 |
This product is currently hidden from listings. Hidden url for customers is:
44 |
--------------------------------------------------------------------------------
/app/models/btc_address.rb:
--------------------------------------------------------------------------------
1 | # Addresses for customers to make an order payment.
2 | class BtcAddress < ApplicationRecord
3 | belongs_to :order, optional: true
4 | # This field payment_method_id describes what type of address this is - Bitcoin or Litecoin.
5 | belongs_to :payment_method
6 |
7 | scope :unassigned, -> { where(order_id: nil) }
8 | scope :assigned, -> { where.not(order_id: nil) }
9 | scope :signed, -> { where("pgp_signature LIKE '-----BEGIN PGP SIGNED MESSAGE%'") }
10 | scope :bitcoin, -> { includes('payment_method').where(payment_methods: {name: 'Bitcoin'}) }
11 | scope :litecoin, -> { includes('payment_method').where(payment_methods: {name: 'Litecoin'}) }
12 |
13 | validates :address, uniqueness: true
14 | validate :address_valid?
15 |
16 | # If this callback raises, the transaction is rolled back and object not created.
17 | # The rollback is important because we don't want an address in the DB that bitcoind is unaware of.
18 | after_create :add_bitcoind_watch_address
19 |
20 | def add_bitcoind_watch_address
21 | # Don't need to rescan blockchain because the address is brand new it so won't have ever received btc.
22 | if payment_method.is_bitcoin?
23 | Market_bitcoinrpc.importaddress(address, Rails.configuration.bitcoind_watch_address_label, false)
24 | elsif payment_method.is_litecoin?
25 | Market_litecoinrpc.importaddress(address, Rails.configuration.bitcoind_watch_address_label, false)
26 | else
27 | raise
28 | end
29 | end
30 |
31 | protected
32 | # returns whether the string is a bitcoin address.
33 | def address_valid?
34 | return false if payment_method.nil?
35 | if payment_method.is_bitcoin?
36 | Market_bitcoinrpc.validateaddress(address)["isvalid"]
37 | elsif payment_method.is_litecoin?
38 | Market_litecoinrpc.validateaddress(address)["isvalid"]
39 | else
40 | false
41 | end
42 | end
43 | end
44 |
--------------------------------------------------------------------------------
/lib/gpg_operations.rb:
--------------------------------------------------------------------------------
1 | # After import we are expecting to read back something like this
2 | # gpg: key 84CC7D38: "example666 " not changed
3 | # gpg: Total number processed: 1
4 | # gpg: unchanged: 1
5 |
6 | # ascii message format described here - https://tools.ietf.org/html/rfc4880#page-54
7 |
8 | # Normally user keys are not save to gpg keyring but when they use 2FA then their key is saved.
9 | class GpgOperations
10 | attr_reader :key_id
11 |
12 | def initialize(public_key)
13 | @key_id = ''
14 | # Import pub key into the keyring of user running rails server process.
15 | # The only way to encrypt to some key is to have the key in the keyring.
16 | # Output result of import goes to stderr by default so --logger-fd makes it go to stdout.
17 | result = IO.popen("gpg --import --logger-fd 1", "r+") do |pipe|
18 | pipe.write(public_key)
19 | pipe.close_write
20 | pipe.read
21 | end
22 | matches = result.match /gpg: key ([\d\w]+):/
23 | if matches && matches[1]
24 | @key_id = matches[1]
25 | end
26 | end
27 |
28 | # Output ascii enamored PGP message.
29 | def encrypt(str)
30 | return nil if @key_id.empty?
31 | # The option --trust-model always omits the requirement for you to type y about trusting this key.
32 | result = IO.popen("gpg --trust-model always -e -a -r #{@key_id}", "r+") do |pipe|
33 | pipe.write(str)
34 | pipe.close_write
35 | pipe.read
36 | end
37 | result[/-----BEGIN PGP MESSAGE-----/] ? result : nil
38 | end
39 |
40 | # Used by rspec tests.
41 | # Requires the private key that message encrypted with exist in key ring already.
42 | def self.decrypt(str)
43 | # The option -q omits showing what key it was encrypted with so test output cleaner.
44 | IO.popen("gpg -q -d", "r+") do |pipe|
45 | pipe.write(str)
46 | pipe.close_write
47 | pipe.read
48 | end
49 | end
50 | end
51 |
--------------------------------------------------------------------------------
/app/views/tickets/index.html.erb:
--------------------------------------------------------------------------------
1 |
62 | <% end %>
63 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | # This is for building production images. Development environment gems are not installed.
2 |
3 | # Before building image, copy logo file to app/assets/images/ and gpgkeyimport.txt to main directory.
4 |
5 | # It is not efficient to use rails:onbuild image because every change to the app's source code will mean
6 | # every step in this Dockerfile needs to run again. This is because the ONBUILD commands are run
7 | # before anything in the Dockerfile.
8 | FROM ruby:2.5
9 |
10 | # throw errors if Gemfile has been modified since Gemfile.lock
11 | RUN bundle config --global frozen 1
12 |
13 | RUN groupadd rails && useradd --create-home -g rails rails
14 | RUN mkdir -p /usr/src/app
15 | WORKDIR /usr/src/app
16 |
17 | RUN apt-get update && apt-get install -y gnupg --no-install-recommends && rm -rf /var/lib/apt/lists/*
18 | #RUN apt-get update && apt-get install -y nodejs --no-install-recommends && rm -rf /var/lib/apt/lists/*
19 | RUN apt-get update && apt-get install -y mysql-client postgresql-client sqlite3 --no-install-recommends && rm -rf /var/lib/apt/lists/*
20 |
21 | COPY Gemfile /usr/src/app/
22 | COPY Gemfile.lock /usr/src/app/
23 | RUN bundle install --without development test
24 |
25 | COPY . /usr/src/app
26 | # The config option in development.rb means 'listen' gem is required and "rake assets:precompile" won't run when that gem is missing.
27 | # Removing that line prevents the dependence on 'listen' gem when running commands in non-production environment.
28 | # Other workaround is to run rake with RAILS_ENV=production SECRET_KEY_BASE=anything env.
29 | RUN sed -i '/ActiveSupport::EventedFileUpdateChecker/d' config/environments/development.rb
30 | RUN chown -R rails:rails /usr/src/app
31 |
32 | # CVE-2016–3714
33 | COPY imagemagick-policy.xml /etc/ImageMagick-6/policy.xml
34 |
35 | USER rails
36 | RUN mkdir -p tmp/pids
37 | RUN gpg --import gpgkeyimport.txt
38 | RUN echo "personal-digest-preferences SHA512 SHA384 SHA256\nno-emit-version" > ~/.gnupg/gpg.conf
39 | # this is for use in prod instances but doesn't hurt having them in dev.
40 | RUN bundle exec rake assets:precompile
41 |
42 | EXPOSE 3000
43 | CMD ["rails", "server", "-b", "0.0.0.0"]
44 |
--------------------------------------------------------------------------------
/app/helpers/application_helper.rb:
--------------------------------------------------------------------------------
1 | module ApplicationHelper
2 | # This method is used by views. Application controller has same method defined too.
3 | def admin_controller?
4 | controller.class.name.split("::").first=="Admin"
5 | end
6 |
7 | def currency_format(number, precision=2)
8 | # Round cent values based on precision, format with commas, but don't show currency symbol.
9 | number_to_currency(number, unit: "", precision: precision)
10 | end
11 |
12 | # Vendors save product prices in their preferred currency.
13 | # When others view these prices, a conversion is done to the current user's preference currency.
14 | # Do not use this function for conversions related to an order because each order has its own exchange rates.
15 | def to_users_currency(fromCurrency, price, precision=2)
16 | fromRate = PaymentMethod.bitcoin.btc_rates.find_by(code: fromCurrency).rate
17 | toRate = PaymentMethod.bitcoin.btc_rates.find_by(code: current_user.currency).rate
18 | number_to_currency( (price * toRate ) / fromRate, unit: "", precision: precision)
19 | end
20 |
21 | def number_to_range(num, ranges)
22 | ranges.each do |range|
23 | if range.include?(num)
24 | return "#{range.first}-#{range.last}"
25 | end
26 | end
27 | return "over #{ranges.last.last}"
28 | end
29 |
30 | # For new order form.
31 | def unitprice_label(unitprice)
32 | "#{sprintf("%g", unitprice.unit)} #{unitprice.product.unitdesc} - #{to_users_currency(unitprice.currency, unitprice.price)} #{current_user.currency}"
33 | end
34 |
35 | # The lastseen attribute of a user is a string that logs in UTC the last hour they were active.
36 | # This converts that string into another string representing the time in the current user's timezone.
37 | # Historically lastseen was displayed directly in views as UTC for simplicity but nicer to convert to users timezone.
38 | # lastseen may be nil, so to avoid exception on parse, check this case.
39 | def lastseen_to_current_users_timezone(lastseen)
40 | if lastseen
41 | t = Time.zone.parse(lastseen)
42 | t.in_time_zone(session_user.timezone).to_s(:FHM)
43 | else
44 | "n/a"
45 | end
46 | end
47 | end
48 |
--------------------------------------------------------------------------------
/app/views/admin/btc_address/search_form.html.erb:
--------------------------------------------------------------------------------
1 |
62 | <%if @btc_address.order %>
63 | Assigned to <%= link_to 'order', admin_order_path(@btc_address.order) %>
64 | <%else%>
65 | Available to be assigned to a new order.
66 | <%end%>
67 |
68 | <% end %>
69 |
--------------------------------------------------------------------------------
/app/controllers/tickets_controller.rb:
--------------------------------------------------------------------------------
1 | class TicketsController < ApplicationController
2 | before_action :require_login
3 | before_action :set_ticket, only: [:show, :update, :destroy]
4 |
5 | def index
6 | @tickets = current_user.tickets.order('created_at DESC, status DESC')
7 | end
8 |
9 | def new
10 | @ticket = Ticket.new
11 | @ticket.ticket_messages.build(message: '')
12 | end
13 |
14 | # A ticket has one or more ticket messages. New text is added by adding another ticket message (TM).
15 | # Using accepts_nested_attributes_for to make saving the TM easier.
16 | def create
17 | @ticket = Ticket.new(ticket_params)
18 | @ticket.user = current_user
19 | @ticket.status = 'open'
20 | if @ticket.save
21 | redirect_to @ticket, notice: 'Ticket was created'
22 | else
23 | # If user submitted the form without a message, then we need to build one for the view. See model.
24 | @ticket.ticket_messages.build(message: '') if @ticket.ticket_messages.empty?
25 | render :new
26 | end
27 | end
28 |
29 | def show
30 | # Form will allow saving a new message.
31 | @ticket.ticket_messages.build(message: '')
32 | @ticket.ticket_messages.update_all response_seen: true
33 | end
34 |
35 | def update
36 | # Creates a new ticket_message with message attribute set from form field.
37 | if @ticket.update(ticket_params)
38 | redirect_to @ticket, notice: 'Support ticket saved'
39 | else
40 | render :show
41 | end
42 | end
43 |
44 | def destroy
45 | @ticket.destroy
46 | redirect_to tickets_path, notice: 'Support ticket was deleted'
47 | end
48 |
49 | private
50 | def set_ticket
51 | @ticket = Ticket.find(params[:id])
52 | raise NotAuthorized unless @ticket.user == current_user
53 | end
54 |
55 | # Title is readonly so doesn't matter if user attempts to edit it.
56 | def ticket_params
57 | # We only add new TicketMessages, never edit existing ones so no need to allow id in ticket_message_attributes.
58 | # Since no TicketMessage ids received, no need to check if owned by user.
59 | params.require(:ticket).permit(:title, :status, ticket_messages_attributes: [:message])
60 | end
61 | end
62 |
--------------------------------------------------------------------------------
/app/views/application/_admin_nav.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 | <%# @orders has at least 2 payment pending orders. All of them have same payment method. %>
4 |
5 | This feature allows you to pay multiple orders using a single payment to one <%=@primary_order.payment_method.name%> address.
6 | This is an advanced feature because it requires you to pay the exact amount specified. If you are not confident in wallet operation to ensure the exact amount is paid,
7 | then avoid this feature and pay each order separately.
8 |
9 |
10 |
11 | Please pay <%=@total_to_pay%> <%=@primary_order.payment_method.code%> to <%=@primary_order.btc_address.address%>
12 |
13 |
14 | This is the address of your first (oldest) payment pending order.
15 | Once you have paid the amount specified, do not make additional payments to the other orders.
16 | When the payment has sufficient confirmations, all your orders shown here will change to paid.
17 | If you pay too much or pay less than specified, this feature will not work and only the first order will receive the payment.
18 |
55 |
--------------------------------------------------------------------------------
/config/environments/development.rb:
--------------------------------------------------------------------------------
1 | Rails.application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb.
3 |
4 | # In the development environment your application's code is reloaded on
5 | # every request. This slows down response time but is perfect for development
6 | # since you don't have to restart the web server when you make code changes.
7 | config.cache_classes = false
8 |
9 | # Do not eager load code on boot.
10 | config.eager_load = false
11 |
12 | # Show full error reports.
13 | config.consider_all_requests_local = true
14 |
15 | # Enable/disable caching. By default caching is disabled.
16 | # Run rails dev:cache to toggle caching.
17 | if Rails.root.join('tmp', 'caching-dev.txt').exist?
18 | config.action_controller.perform_caching = true
19 |
20 | config.cache_store = :memory_store
21 | config.public_file_server.headers = {
22 | 'Cache-Control' => "public, max-age=#{2.days.to_i}"
23 | }
24 | else
25 | config.action_controller.perform_caching = false
26 |
27 | config.cache_store = :null_store
28 | end
29 |
30 | # Store uploaded files on the local file system (see config/storage.yml for options)
31 | config.active_storage.service = :local
32 |
33 | # Don't care if the mailer can't send.
34 | config.action_mailer.raise_delivery_errors = false
35 |
36 | config.action_mailer.perform_caching = false
37 |
38 | # Print deprecation notices to the Rails logger.
39 | config.active_support.deprecation = :log
40 |
41 | # Raise an error on page load if there are pending migrations.
42 | config.active_record.migration_error = :page_load
43 |
44 | # Highlight code that triggered database queries in logs.
45 | config.active_record.verbose_query_logs = true
46 |
47 | # Debug mode disables concatenation and preprocessing of assets.
48 | # This option may cause significant delays in view rendering with a large
49 | # number of complex assets.
50 | config.assets.debug = true
51 |
52 | # Suppress logger output for asset requests.
53 | config.assets.quiet = true
54 |
55 | # Raises error for missing translations
56 | # config.action_view.raise_on_missing_translations = true
57 |
58 | # Use an evented file watcher to asynchronously detect changes in source code,
59 | # routes, locales, etc. This feature depends on the listen gem.
60 | config.file_watcher = ActiveSupport::EventedFileUpdateChecker
61 | end
62 |
--------------------------------------------------------------------------------
/app/models/generated_address.rb:
--------------------------------------------------------------------------------
1 | # Used on payout server when creating bitcoin address.
2 | class GeneratedAddress < ApplicationRecord
3 | validates :btc_address, uniqueness: true
4 | validates :address_type, inclusion: { in: %w(LTC BTC) }
5 | validate :address_valid?
6 | # Try to save all created bitcoin addresses to DB even if problem using pgp and pgp_signature is empty.
7 | # The web interface of payout server can show if any GeneratedAddresses have nil or empty pgp_signature,
8 | # these can be corrected manually on console to ensure a signature exists or discarded.
9 | validates :pgp_signature, format: { with: /\A[[[:print:]]\r\n]*\z/, message: "unexpected characters" }
10 |
11 | scope :loaded_to_market, -> { where(loaded_to_market: true) }
12 | scope :uploadable, -> { where(loaded_to_market: false) }
13 | scope :signed, -> { where("pgp_signature LIKE '-----BEGIN PGP SIGNED MESSAGE%'") }
14 | scope :bitcoin, -> { where(address_type: 'BTC') }
15 | scope :litecoin, -> { where(address_type: 'LTC') }
16 |
17 | # You need to ensure gpg doesn't have passphrase or else get environment setup with gpg agent info.
18 | # If using agent, note signing uses a different key to decryption so do an initial clearsign on console to make agent cache passphrase.
19 | def sign
20 | gpg_key_id = Rails.configuration.gpg_key_id
21 | # The batch option just prevents the tty output about passphrase required which is annoying.
22 | self.pgp_signature = IO.popen("gpg --clearsign --batch --default-key #{gpg_key_id}", 'r+') do |pipe|
23 | pipe.write(btc_address + "\n")
24 | pipe.close_write()
25 | pipe.read()
26 | end
27 | end
28 |
29 | # Requires address_type attribute to be set on the instance before calling this method.
30 | def generate
31 | if address_type == 'BTC'
32 | rpc = Payout_bitcoinrpc
33 | elsif address_type == 'LTC'
34 | rpc = Payout_litecoinrpc
35 | end
36 | addr = rpc.getnewaddress(Rails.configuration.bitcoind_order_address_label)
37 | self.btc_address = addr
38 | end
39 |
40 | protected
41 | # returns whether the string is a bitcoin address.
42 | def address_valid?
43 | if address_type == 'BTC'
44 | Payout_bitcoinrpc.validateaddress(btc_address)["isvalid"]
45 | elsif address_type == 'LTC'
46 | Payout_litecoinrpc.validateaddress(btc_address)["isvalid"]
47 | else
48 | false
49 | end
50 | end
51 |
52 | end
53 |
--------------------------------------------------------------------------------
/lib/bitcoin_rpc.rb:
--------------------------------------------------------------------------------
1 | # https://en.bitcoin.it/wiki/API_reference_%28JSON-RPC%29#Ruby
2 | # If you see this "EOFError: end of file reached" in the log it means the port was closed.
3 | # This "Net::ReadTimeout: Net::ReadTimeout" can mean the connect was successful but bitcoind didn't write a response back. ie too busy.
4 | class BitcoinRPC
5 |
6 | def initialize(service_url)
7 | @uri = URI.parse(service_url)
8 | end
9 |
10 | def method_missing(name, *args)
11 | post_body = { 'method' => name, 'params' => args, 'id' => 'jsonrpc' }.to_json
12 | responsebody = http_post_request(post_body)
13 | # JSON::ParserError raised if response not json such as empty string from HTTP 403.
14 | resp = JSON.parse( responsebody )
15 | raise(JSONRPCError, resp['error']) if resp['error']
16 |
17 | # Hack to return BigDecimal instead of Float.
18 | if resp["result"].is_a?(Float)
19 | match = responsebody.match %r|"result":([\d\.]+)|
20 | BigDecimal.new(match[1])
21 | else
22 | resp['result']
23 | end
24 | end
25 |
26 | def http_post_request(post_body)
27 | http = Net::HTTP.new(@uri.host, @uri.port)
28 | request = Net::HTTP::Post.new(@uri.request_uri)
29 | request.basic_auth @uri.user, @uri.password
30 | request.content_type = 'application/json'
31 | request.body = post_body
32 | http.request(request).body
33 | end
34 |
35 | # Return sum of transaction amounts paid to specified address,
36 | # each having at least confirmations, and were created no later than time.
37 | def getreceivedbyaddress_at_time(address, confirmations, time)
38 | # It includes unconfirmed transactions as well.
39 | # blocktime parameter is not present in unconfirmed transactions but they have a time parameter (broadcast time).
40 | transactions = self.listtransactions(::DummyStar, Rails.configuration.listtransactions_count, 0, true)
41 |
42 | total_received = BigDecimal.new(0)
43 |
44 | transactions.each do |t|
45 | time_attr = t["confirmations"] == 0 ? 'time' : 'blocktime'
46 | if t["address"] == address &&
47 | t["confirmations"] >= confirmations &&
48 | t[time_attr] <= time.to_i
49 |
50 | total_received += BigDecimal.new(t["amount"].to_s)
51 | end
52 | end
53 | return total_received
54 | end
55 |
56 | def get_version
57 | self.getnetworkinfo['version']
58 | end
59 |
60 | class JSONRPCError < RuntimeError; end
61 | end
62 |
--------------------------------------------------------------------------------
/app/views/admin/generated_address/search_form.html.erb:
--------------------------------------------------------------------------------
1 |
64 |
65 | uploaded: <%=@btc_address.loaded_to_market%>
66 |
67 | <% end %>
68 |
--------------------------------------------------------------------------------
/config/environments/test.rb:
--------------------------------------------------------------------------------
1 | Rails.application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb.
3 |
4 | # The test environment is used exclusively to run your application's
5 | # test suite. You never need to work with it otherwise. Remember that
6 | # your test database is "scratch space" for the test suite and is wiped
7 | # and recreated between test runs. Don't rely on the data there!
8 | config.cache_classes = true
9 |
10 | # Do not eager load code on boot. This avoids loading your whole application
11 | # just for the purpose of running a single test. If you are using a tool that
12 | # preloads Rails for running tests, you may have to set it to true.
13 | config.eager_load = false
14 |
15 | # Configure public file server for tests with Cache-Control for performance.
16 | config.public_file_server.enabled = true
17 | config.public_file_server.headers = {
18 | 'Cache-Control' => "public, max-age=#{1.hour.to_i}"
19 | }
20 |
21 | # Show full error reports and disable caching.
22 | config.consider_all_requests_local = true
23 | config.action_controller.perform_caching = false
24 |
25 | # Raise exceptions instead of rendering exception templates.
26 | config.action_dispatch.show_exceptions = false
27 |
28 | # Disable request forgery protection in test environment.
29 | config.action_controller.allow_forgery_protection = false
30 |
31 | # Store uploaded files on the local file system in a temporary directory
32 | config.active_storage.service = :test
33 |
34 | config.action_mailer.perform_caching = false
35 |
36 | # Tell Action Mailer not to deliver emails to the real world.
37 | # The :test delivery method accumulates sent emails in the
38 | # ActionMailer::Base.deliveries array.
39 | config.action_mailer.delivery_method = :test
40 |
41 | # Print deprecation notices to the stderr.
42 | config.active_support.deprecation = :stderr
43 |
44 | # Raises error for missing translations
45 | # config.action_view.raise_on_missing_translations = true
46 |
47 | ## Instead of saving images files to public/system where they will remain forever, save them here.
48 | ## Since the hash has timestamp as an input the number of images in the directory will increase on every test.
49 | ## spec_helper.rb will delete test_files directory automatically.
50 | Paperclip::Attachment.default_options[:path] = "#{Rails.root}/spec/test_files/:hash.:extension"
51 |
52 | end
53 |
--------------------------------------------------------------------------------
/check_bitcoind_watches_setup.rb:
--------------------------------------------------------------------------------
1 | # This script runs on the market server and verifies that all the bitcoin addresses in the database
2 | # have been loaded into bitcoind as watch addresses.
3 | # The bitcoind RPC for importing addresses does not return failure if an invalid account name argument is provided.
4 | # If any are missed then the order payments checks will fail to notice the payment.
5 | # This script can't simply check the address balance to test if address known to wallet
6 | # because getreceivedbyaddress returns 0 for addresses unknown to wallet.
7 |
8 | # If the BtcAddress model gets a failure code from bitcoind RPC, then it rolls back the create transaction so the database
9 | # *should* only hold addresses that were successfully added as watch addresses.
10 |
11 | if Market_bitcoinrpc.get_version >= 170000
12 | # RPC returns hash with keys being the addresses.
13 | watches = Market_bitcoinrpc.getaddressesbylabel(Rails.configuration.bitcoind_watch_address_label).keys
14 | else
15 | # Returns array.
16 | watches = Market_bitcoinrpc.getaddressesbyaccount(Rails.configuration.bitcoind_watch_address_label)
17 | end
18 |
19 | BtcAddress.bitcoin.unassigned.each do |b|
20 | unless watches.include?(b.address)
21 | raise "#{b.address} not found"
22 | end
23 | if Market_bitcoinrpc.getreceivedbyaddress(b.address) > 0
24 | # This address should have no transaction history before assigning to an order.
25 | raise "non-zero balance in #{b.address}"
26 | end
27 | end
28 | puts "Count of addresses in bitcoind: #{watches.size}"
29 | puts "Count of bitcoin addresses in market database: #{BtcAddress.bitcoin.count}"
30 | puts "Count of unassigned bitcoin market addresses: #{BtcAddress.bitcoin.unassigned.count}"
31 |
32 | exit unless PaymentMethod.litecoin
33 |
34 | # When litecoind RPC supports labels, this code will need to change like above.
35 | watches = Market_litecoinrpc.getaddressesbyaccount(Rails.configuration.bitcoind_watch_address_label)
36 | BtcAddress.litecoin.unassigned.each do |b|
37 | unless watches.include?(b.address)
38 | raise "#{b.address} not found"
39 | end
40 | if Market_litecoinrpc.getreceivedbyaddress(b.address) > 0
41 | raise "non-zero balance in #{b.address}"
42 | end
43 | end
44 | puts "Count of addresses in litecoind: #{watches.size}"
45 | puts "Count of litecoin addresses in market database: #{BtcAddress.litecoin.count}"
46 | puts "Count of unassigned litecoin market addresses: #{BtcAddress.litecoin.unassigned.count}"
47 |
--------------------------------------------------------------------------------
/app/views/products/_indextable.html.erb:
--------------------------------------------------------------------------------
1 |
2 | <% @products.each do |product| %>
3 |
4 |
5 |
6 | <% primary_image = product.image_set_array.first %>
7 | <% primary_image = 1 if primary_image.nil? %>
8 | <%# Displays a placeholder if no images are defined. %>
9 | <%= link_to image_tag(product.method("image#{primary_image}").call.url(:thumb), alt: 'product picture'), product %>
10 |
14 | <%# Long strings like URLs in description will overflow outside their container, messing up formatting.
15 | # Normally this is an easy css fix but Firefox makes it difficult inside tables (read css file for more info).
16 | # Browsers seem to automatically break long strings on "-_" chars but if none present the string will overflow container.
17 | # Here it looks for long 60 char strings and wraps them in a div to apply word-breaking css.
18 | # The pattern needs to avoid matching any strings with html tags because it will break the html,
19 | # ie "
xxxxxxxxxxxxxxxxxx yyyyyyy
" would break p tag html if first non-whitespace string wrapped in div tags.
20 | #%>
21 | <% html = simple_format h( truncate(product.description, length: 400, separator: ' ') ) %>
22 | <% html.gsub!(/([^<>\-_\s]{60,})/, '
\\1
') %>
23 | <%# rails automatically escapes html so this function will prevent escaping. It is already safe from calling h() above. %>
24 | <%=html.html_safe %>
25 |
26 | <% if product.fe_enabled %>
27 |
43 | <%= paginate @products %>
44 |
--------------------------------------------------------------------------------
/config/puma.rb:
--------------------------------------------------------------------------------
1 | # Puma can serve each request in a thread from an internal thread pool.
2 | # The `threads` method setting takes two numbers: a minimum and maximum.
3 | # Any libraries that use thread pools should be configured to match
4 | # the maximum value specified for Puma. Default is set to 5 threads for minimum
5 | # and maximum; this matches the default thread size of Active Record.
6 | #
7 | threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }
8 | threads threads_count, threads_count
9 |
10 | # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
11 | #
12 | port ENV.fetch("PORT") { 3000 }
13 |
14 | # Specifies the `environment` that Puma will run in.
15 | #
16 | environment ENV.fetch("RAILS_ENV") { "development" }
17 |
18 | # Specifies the number of `workers` to boot in clustered mode.
19 | # Workers are forked webserver processes. If using threads and workers together
20 | # the concurrency of the application would be max `threads` * `workers`.
21 | # Workers do not work on JRuby or Windows (both of which do not support
22 | # processes).
23 | #
24 | # workers ENV.fetch("WEB_CONCURRENCY") { 2 }
25 |
26 | # Use the `preload_app!` method when specifying a `workers` number.
27 | # This directive tells Puma to first boot the application and load code
28 | # before forking the application. This takes advantage of Copy On Write
29 | # process behavior so workers use less memory. If you use this option
30 | # you need to make sure to reconnect any threads in the `on_worker_boot`
31 | # block.
32 | #
33 | # preload_app!
34 |
35 | # If you are preloading your application and using Active Record, it's
36 | # recommended that you close any connections to the database before workers
37 | # are forked to prevent connection leakage.
38 | #
39 | # before_fork do
40 | # ActiveRecord::Base.connection_pool.disconnect! if defined?(ActiveRecord)
41 | # end
42 |
43 | # The code in the `on_worker_boot` will be called if you are using
44 | # clustered mode by specifying a number of `workers`. After each worker
45 | # process is booted, this block will be run. If you are using the `preload_app!`
46 | # option, you will want to use this block to reconnect to any threads
47 | # or connections that may have been created at application boot, as Ruby
48 | # cannot share connections between processes.
49 | #
50 | # on_worker_boot do
51 | # ActiveRecord::Base.establish_connection if defined?(ActiveRecord)
52 | # end
53 | #
54 |
55 | # Allow puma to be restarted by `rails restart` command.
56 | plugin :tmp_restart
57 |
--------------------------------------------------------------------------------
/app/views/layouts/application.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | <%= Rails.configuration.sitename %>
5 | <%= stylesheet_link_tag "application", media: "all" %>
6 | <%# admin_controller? is a helper %>
7 | <%= stylesheet_link_tag("admin") if admin_controller? %>
8 | <%= csrf_meta_tags %>
9 |
10 |
11 |
12 |
38 | <% flash.each do |name, msg| %>
39 | <% # map redirect_to flash keys (notice, alert) to bootstrap names.
40 | if name == 'notice'
41 | name = 'success'
42 | elsif name == 'alert'
43 | name = 'danger'
44 | else
45 | next # not interested in every flash key; some are for controlling logic ie newuser variable.
46 | end
47 | %>
48 | <%= content_tag :div, msg, :class => "alert alert-#{name}" %>
49 | <% end %>
50 |
51 |
52 | <%= yield %>
53 |
54 |
55 |
56 |
<%# col-md-9 %>
57 |
<%# row %>
58 |
<%# container %>
59 |
60 |
61 | <%# Randomize page sizes so fingerprinting by packet analysis is harder. Don't bother with admin pages. %>
62 | <% if Rails.configuration.random_pad_http_response && Rails.env.production? && !is_admin? %>
63 |
71 | <% end %>
72 |
--------------------------------------------------------------------------------
/generate_address.rb:
--------------------------------------------------------------------------------
1 | require 'getoptlong'
2 | require 'json'
3 |
4 | def verbose(msg)
5 | if $verbose
6 | puts msg
7 | end
8 | end
9 |
10 | # If rails runner sees an argument it recognizes such as --help
11 | # it will use the argument for itself. Therefore to use the --help argument
12 | # on this script you need to call it like this:
13 | # rails r script.rb -- --help
14 | ARGV.shift if ARGV.first == '--'
15 |
16 | opts = GetoptLong.new(
17 | ['--test', GetoptLong::NO_ARGUMENT],
18 | ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
19 | ['--address-type', '-a', GetoptLong::REQUIRED_ARGUMENT],
20 | ['--count', '-c', GetoptLong::OPTIONAL_ARGUMENT],
21 | ['--help', '-h', GetoptLong::NO_ARGUMENT],
22 | )
23 |
24 | $verbose = false
25 | test_connectivity = false
26 | address_type = ''
27 | count = 1
28 | opts.each do |opt, arg|
29 | case opt
30 | when '--verbose'
31 | $verbose = true
32 | when '--test'
33 | test_connectivity = true
34 | when '--address-type'
35 | address_type = arg
36 | when '--count'
37 | count = arg.to_i
38 | when '--help'
39 | puts "#{$0} [--verbose] [--test] [--count n] --address-type "
40 | puts "\n --test : check connectivity to RPC and GPG"
41 | puts "\n --count n : number of addresses to generate"
42 | exit
43 | end
44 | end
45 |
46 | unless address_type[/BTC|LTC/]
47 | verbose("address-type must be BTC or LTC")
48 | exit
49 | end
50 |
51 | if test_connectivity
52 |
53 | verbose("new addresses will be assigned to [label] name: #{Rails.configuration.bitcoind_order_address_label}")
54 |
55 | if address_type == 'BTC'
56 | rpc = Payout_bitcoinrpc
57 | elsif address_type == 'LTC'
58 | rpc = Payout_litecoinrpc
59 | end
60 | info = rpc.getblockchaininfo # return ruby hash.
61 | if info.has_key?("blocks")
62 | verbose("RPC test success")
63 | else
64 | verbose("RPC test failed")
65 | end
66 |
67 | ga = GeneratedAddress.new
68 | ga.btc_address = 'test message'
69 | ga.sign
70 | if ga.pgp_signature[/BEGIN PGP SIGNED MESSAGE/]
71 | verbose("GPG signing test success")
72 | else
73 | verbose("GPG signing test failed")
74 | end
75 | exit
76 | end
77 |
78 | (1..count).each do
79 | ga = GeneratedAddress.new
80 | ga.address_type = address_type
81 | ga.generate # populate btc_address
82 | ga.sign # populate pgp_signature
83 | if ga.save
84 | ScriptLog.info("generated [#{ga.address_type}] address: #{ga.btc_address}")
85 | else
86 | ScriptLog.info "failed to save [#{ga.btc_address}]"
87 | end
88 | end
89 |
--------------------------------------------------------------------------------
/app/jobs/update_market_order_payouts_job.rb:
--------------------------------------------------------------------------------
1 | require 'socksify/http'
2 |
3 | class UpdateMarketOrderPayoutsJob < ApplicationJob
4 | queue_as :default
5 |
6 | # This job runs only on the payout server.
7 | # Called by the process payouts job to update market with txids of payments.
8 | # Can be called manually if a previous run failed to connect to market. ie rails r "UpdateMarketOrderPayoutsJob.perform_now"
9 | # Builds json http request and calls the set_paid api on the market.
10 | # When txids on payout server change due to bumpfee, this will update market with new txids. PayoutConfirmationsJob needs to
11 | # run and it will detect transactions that have had their fee bumped and replace the txid field in local database and set
12 | # market_updated to false so that this job will update market. Note feebumping is not done in this app; bitcoind RPC must be
13 | # called externally.
14 | # Note, the update_all ActiveRecord method called here does not change the updated_at timestamp on the local payouts.
15 | def perform
16 | payouts = Payout.where(market_updated: false).where(paid: true)
17 | count = payouts.size
18 | if count == 0
19 | ScriptLog.info("All paid Payouts have already had their corresponding OrderPayout updated on the market. Nothing to do.")
20 | return
21 | end
22 | if payouts.where(txid: nil).count > 0
23 | ScriptLog.info("A payout is missing the txid field. aborting.")
24 | return
25 | end
26 |
27 | ScriptLog.info("updating #{count} OrderPayouts on market")
28 |
29 | update_hash = {}
30 | payouts.each do |p|
31 | update_hash[p.order_payout_id] = { paid: true, txid: p.txid }
32 | end
33 |
34 | uri = URI.parse(Rails.configuration.admin_api_uri_base +
35 | '/admin/orderpayouts/set_paid')
36 | http = nil
37 | if Rails.env.production?
38 | tor_proxy_host = Rails.configuration.tor_proxy_host
39 | tor_proxy_port = Rails.configuration.tor_proxy_port
40 | http = Net::HTTP.SOCKSProxy(tor_proxy_host, tor_proxy_port).new(uri.host, uri.port)
41 | else
42 | http = Net::HTTP.new(uri.host, uri.port)
43 | end
44 |
45 | request = Net::HTTP::Post.new(uri.request_uri)
46 | request.content_type = 'application/json'
47 | request.body = {
48 | admin_api_key: Rails.configuration.admin_api_key,
49 | changes: update_hash,
50 | }.to_json
51 | response = http.request(request)
52 | r = JSON.parse response.body # generate exception if json not returned
53 | if r['api_return_code'] == 'success'
54 | payouts.update_all(market_updated: true)
55 | end
56 | end
57 | end
58 |
--------------------------------------------------------------------------------
/app/jobs/payout_confirmations_job.rb:
--------------------------------------------------------------------------------
1 | # Since this job is only run when admin views payout index, it is possible that a payouts transaction is no longer
2 | # in the mempool when this runs. In that case getrawtransaction will fail and fee , vsize will not be saved.
3 | # To avoid that problem, schedule this job daily, or recode to save_fee after processing payments instead of after being confirmed. Or stop using prune option.
4 | class PayoutConfirmationsJob < ApplicationJob
5 | queue_as :default
6 |
7 | def save_fee(payout, rpc)
8 | begin
9 | tx = rpc.gettransaction(payout.txid)
10 | fee_in_satoshi = tx['fee'].abs * 100000000
11 | # This only works for transactions in the mempool if you don't have -txindex set.
12 | tx = rpc.getrawtransaction(payout.txid, true)
13 | vsize = tx['vsize']
14 | payout.update!(fee: fee_in_satoshi, vsize: vsize)
15 | rescue BitcoinRPC::JSONRPCError
16 | ScriptLog.error "rpc unable to get info to calculate fee on #{payout.txid}"
17 | end
18 | end
19 |
20 | def perform
21 | ScriptLog.info "Looking unconfirmed payouts to check if they are now confirmed."
22 | payouts = Payout.where(paid: true, confirmed: false)
23 | payouts_count = payouts.count
24 | if payouts_count > 0
25 | ScriptLog.info "Found #{payouts_count} payouts to check."
26 | end
27 | payouts.each do |payout|
28 | if payout.address_type == 'BTC'
29 | rpc = Payout_bitcoinrpc
30 | elsif payout.address_type == 'LTC'
31 | rpc = Payout_litecoinrpc
32 | end
33 | tx = rpc.gettransaction(payout.txid)
34 | save_fee(payout, rpc) if payout.fee.nil?
35 | if tx['confirmations'] > 0
36 | if payout.update(confirmed: true)
37 | ScriptLog.info "payout id: #{payout.id}, txid: #{payout.txid} is now confirmed."
38 | else
39 | ScriptLog.error "payout id: #{payout.id} error updating payout confirmed:true."
40 | end
41 | elsif tx.has_key? 'replaced_by_txid'
42 | tx_new = rpc.gettransaction(tx['replaced_by_txid'])
43 | # Update txid and force update_market_order_payouts.rb to re-update market.
44 | payout.update(txid: tx['replaced_by_txid'], market_updated: false)
45 | save_fee(payout, rpc)
46 | if tx_new['confirmations'] > 0
47 | if payout.update(confirmed: true)
48 | ScriptLog.info "payout id: #{payout.id}, txid: #{payout.txid} is now confirmed. txid was replaced."
49 | else
50 | ScriptLog.error "payout id: #{payout.id} error updating payout confirmed:true."
51 | end
52 | end
53 | end
54 | end
55 | end
56 | end
57 |
--------------------------------------------------------------------------------
/app/controllers/admin/messages_controller.rb:
--------------------------------------------------------------------------------
1 | # Mostly copied from MessagesController with much removed since we are only viewing.
2 | class Admin::MessagesController < ApplicationController
3 | before_action :require_admin
4 |
5 | # List of all conversations the specified user had with other parties.
6 | # Every interaction with another user is a converstation. There is only one conversation thread with each other user (very simple).
7 | def conversations
8 | # GET /messages/:id
9 | @user = User.find(params[:id])
10 | # Array of MessageRef objects but due to GROUP BY they only have attributes otherparty_id, newest_message_date, cnt, unseen_cnt.
11 | @conversations = MessageRef.select('otherparty_id, max(created_at) newest_message_date, count(1) as cnt, sum(unseen) as unseen_cnt').
12 | group('otherparty_id').
13 | where(user: @user).
14 | order('unseen_cnt desc, newest_message_date desc') # Primary sort groups with unread messages so they appear at top.
15 |
16 | # Additional list is generated to help with seeing deleted messages (refs).
17 | all_recipients = Message.select('recipient_id').where(sender: @user).group('recipient_id').unscope(:order).collect{|row| User.find(row['recipient_id']) }
18 | all_senders = Message.select('sender_id').where(recipient: @user).group('sender_id').unscope(:order).collect{|row| User.find(row['sender_id']) }
19 | @parties = all_recipients | all_senders
20 | end
21 |
22 | def show_conversation
23 | # GET /messages/:id/:otherparty_id
24 | @user = User.find(params[:id])
25 | @otherparty = User.find(params[:otherparty_id])
26 |
27 | # This is a ruby group_by not SQL GROUP BY.
28 | # Returns hash where keys are string from strftime and value is an array of messages that have same value
29 | # so messages grouped by day they were created. We sort the hash keys in the view.
30 | @message_daygroups = @user.message_refs.where(otherparty: @otherparty).group_by do |msg|
31 | msg.created_at.in_time_zone(admin_user.timezone).strftime('%F')
32 | end
33 |
34 | # undeleted_messages is the list of messages that have references pointing to them.
35 | undeleted_messages = @user.message_refs.where(otherparty: @otherparty).collect{|msg_ref| msg_ref.message }
36 | all_messages = Message.where(sender: [@user, @otherparty]).where(recipient: [@user, @otherparty])
37 | @deleted_messages = all_messages - undeleted_messages
38 | @deleted_message_daygroups = @deleted_messages.group_by do |msg|
39 | msg.created_at.in_time_zone(admin_user.timezone).strftime('%F')
40 | end
41 | end
42 |
43 |
44 | end
45 |
--------------------------------------------------------------------------------
/app/views/messages/_conversation.html.erb:
--------------------------------------------------------------------------------
1 | <%# Originally timestamps were not displayed to increase security of traffic correlation. Then decided that displaying minute, not seconds mitigates the risk somewhat.
2 | However, haven't found a nice way to display the timestamps without making message list ugly. So make timestamps available in source html only. %>
3 |
4 | <% encrypted_messages = {} %>
5 | <%# sort hash by keys %>
6 | <% @message_daygroups.sort.reverse.each do |day, message_refs| %>
7 |
25 | <%# The above message is printed on one long line in the source code with no newline chars.
26 | This allows copying PGP messages correctly while using the break-word styling in Firefox.
27 | Chrome doesn't have the copy problem that Firefox has. %>
28 | <% end %>
29 |
<%# daygroup %>
30 |
31 | <% end %>
32 |
33 | <%# These modals rendered at bottom of page instead of loop above just to make code and html tidier %>
34 | <% encrypted_messages.each do |id, body| %>
35 |
36 |
37 |
38 |
Copy PGP message
39 |
click text box and press
40 | ctrl a
41 | ctrl c
42 |
50 | <%end%>
51 |
--------------------------------------------------------------------------------
/app/controllers/vendor/order_payouts_controller.rb:
--------------------------------------------------------------------------------
1 | class Vendor::OrderPayoutsController < ApplicationController
2 | before_action :require_vendor
3 |
4 | def index
5 | # To find bitcoin order_payouts, need to join orders (for payment_method_id) then join payment_methods to access payment method code.
6 | # This is a similar query to one used in admin/order_payouts_api_controller.rb.
7 | @btc_order_payouts = OrderPayout.joins(order: [:payment_method]).joins(:user).
8 | select('order_payouts.order_id, orders.created_at as order_created, orders.title, order_payouts.txid IS NULL as txid_missing,
9 | orders.btc_price, order_payouts.btc_address, order_payouts.btc_amount, orders.commission, order_payouts.txid, order_payouts.updated_at').
10 | where(paid: true).where(payment_methods: {code: "BTC"}).where(user: current_user).where(orders: {deleted_by_vendor: false}).
11 | order('txid_missing, order_payouts.updated_at DESC')
12 |
13 | # Ensure conditions are identical to above query.
14 | @btc_summary = OrderPayout.joins(order: [:payment_method]).joins(:user).
15 | select('SUM(orders.btc_price) as total_orders, SUM(orders.commission) as total_commissions, SUM(order_payouts.btc_amount) as total_payouts').
16 | where(paid: true).where(payment_methods: {code: "BTC"}).where(user: current_user).where(orders: {deleted_by_vendor: false})
17 |
18 | if PaymentMethod.litecoin_exists?
19 |
20 | @ltc_order_payouts = OrderPayout.joins(order: [:payment_method]).joins(:user).
21 | select('order_payouts.order_id, orders.created_at as order_created, orders.title, order_payouts.txid IS NULL as txid_missing,
22 | orders.btc_price, order_payouts.btc_address, order_payouts.btc_amount, orders.commission, order_payouts.txid, order_payouts.updated_at').
23 | where(paid: true).where(payment_methods: {code: "LTC"}).where(user: current_user).where(orders: {deleted_by_vendor: false}).
24 | order('txid_missing, order_payouts.updated_at DESC')
25 |
26 | # Ensure conditions are identical to above query.
27 | @ltc_summary = OrderPayout.joins(order: [:payment_method]).joins(:user).
28 | select('SUM(orders.btc_price) as total_orders, SUM(orders.commission) as total_commissions, SUM(order_payouts.btc_amount) as total_payouts').
29 | where(paid: true).where(payment_methods: {code: "LTC"}).where(user: current_user).where(orders: {deleted_by_vendor: false})
30 |
31 | end
32 |
33 | @revenue = current_user.revenue(current_user.currency)
34 | end
35 |
36 | end
37 |
--------------------------------------------------------------------------------
/config/locales/humanizer.en.yml:
--------------------------------------------------------------------------------
1 | en:
2 | humanizer:
3 | validation:
4 | error: is not correct
5 | questions:
6 | - question: Two plus two?
7 | answers: ["4", "four"]
8 | - question: Jack and Jill went up the...
9 | answer: hill
10 | - question: What is the number before twelve?
11 | answers: ["11", "eleven"]
12 | - question: Five times two is what?
13 | answers: ["10", "ten"]
14 | - question: "Insert the next number in this sequence: 10, 11, 12, 13, 14, .."
15 | answers: ["15", "fifteen"]
16 | - question: "What is five times five?"
17 | answers: ["25", "twenty-five"]
18 | - question: "Ten divided by two is what?"
19 | answers: ["5", "five"]
20 | - question: What day comes after Monday?
21 | answer: "tuesday"
22 | - question: What is the last month of the year?
23 | answer: "december"
24 | - question: How many minutes are in an hour?
25 | answers: ["60", "sixty"]
26 | - question: What is the opposite of down?
27 | answer: "up"
28 | - question: What is the opposite of north?
29 | answer: "south"
30 | - question: What is the opposite of bad?
31 | answer: "good"
32 | - question: What is 4 times four?
33 | answers: ["16", "sixteen"]
34 | - question: What number comes after 20?
35 | answers: ["21", "twenty one"]
36 | - question: What month comes before July?
37 | answer: "june"
38 | - question: What is fifteen divided by three?
39 | answer: ["five", "5"]
40 | - question: What is one hundred divided by one?
41 | answer: ["100", "one hundred"]
42 | - question: What is 14 minus 4?
43 | answers: ["10", "ten"]
44 | - question: "What comes next? Monday, Tuesday, Wednesday.."
45 | answer: "Thursday"
46 | - question: "Number of days in a week?"
47 | answers: ["7", "seven"]
48 | - question: "Five plus 3 plus 2 ?"
49 | answers: ["10", "ten"]
50 | - question: The country bordering western Spain?
51 | answer: portugal
52 | - question: The country bordering south USA?
53 | answer: mexico
54 | - question: The country bordering north USA?
55 | answer: canada
56 | - question: Saskatoon is in what country?
57 | answer: canada
58 | - question: Three plus 3 is?
59 | answers: ["6", "six"]
60 | - question: In what country is the city Amsterdam?
61 | answer: netherlands
62 | - question: The compass points to ...
63 | answer: north
64 | - question: The earth orbits the ...
65 | answer: sun
66 | - question: What is the opposite of left?
67 | answer: right
68 |
--------------------------------------------------------------------------------
/app/views/messages/conversations.html.erb:
--------------------------------------------------------------------------------
1 |
28 | <%# unseen is only set on 'received' message refs (see controller create method).
29 | It would be more efficient to use a single query in controller rather than in this loop but there shouldn't be huge numbers of conversations (Todo).%>
30 |
63 | <% end %>
64 |
--------------------------------------------------------------------------------
/spec/rails_helper.rb:
--------------------------------------------------------------------------------
1 | # This file is copied to spec/ when you run 'rails generate rspec:install'
2 | ENV["RAILS_ENV"] ||= 'test'
3 | require 'spec_helper'
4 | require File.expand_path("../../config/environment", __FILE__)
5 | require 'rspec/rails'
6 | # Add additional requires below this line. Rails is not loaded until this point!
7 |
8 | # Requires supporting ruby files with custom matchers and macros, etc, in
9 | # spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
10 | # run as spec files by default. This means that files in spec/support that end
11 | # in _spec.rb will both be required and run as specs, causing the specs to be
12 | # run twice. It is recommended that you do not name files matching this glob to
13 | # end with _spec.rb. You can configure this pattern with the --pattern
14 | # option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
15 | #
16 | # The following line is provided for convenience purposes. It has the downside
17 | # of increasing the boot-up time by auto-requiring all files in the support
18 | # directory. Alternatively, in the individual `*_spec.rb` files, manually
19 | # require only the support files necessary.
20 | #
21 | # Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
22 |
23 | # Checks for pending migrations before tests are run.
24 | # If you are not using ActiveRecord, you can remove this line.
25 | ActiveRecord::Migration.maintain_test_schema!
26 |
27 | RSpec.configure do |config|
28 | # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
29 | config.fixture_path = "#{::Rails.root}/spec/fixtures"
30 |
31 | # If you're not using ActiveRecord, or you'd prefer not to run each of your
32 | # examples within a transaction, remove the following line or assign false
33 | # instead of true.
34 | config.use_transactional_fixtures = true
35 |
36 | # RSpec Rails can automatically mix in different behaviours to your tests
37 | # based on their file location, for example enabling you to call `get` and
38 | # `post` in specs under `spec/controllers`.
39 | #
40 | # You can disable this behaviour by removing the line below, and instead
41 | # explicitly tag your specs with their type, e.g.:
42 | #
43 | # RSpec.describe UsersController, :type => :controller do
44 | # # ...
45 | # end
46 | #
47 | # The different available types are documented in the features, such as in
48 | # https://relishapp.com/rspec/rspec-rails/docs
49 | config.infer_spec_type_from_file_location!
50 | end
51 |
52 | # After making modal dialogs have hidden html tag, capybara couldn't click buttons on them so changed this setting.
53 | # They have hidden tag because firefox will briefly show the modals before css has loaded.
54 | Capybara.ignore_hidden_elements = false
55 |
--------------------------------------------------------------------------------