From a94a33736343eaaa1118e3a8a489a7d675db3495 Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Sat, 29 Feb 2020 14:22:45 +0300
Subject: [PATCH] contribution hash; authorize fix

---
 package.json                     |  1 +
 pages/authorize-contribution.vue | 16 +++++++++++++---
 pages/make-contribution.vue      | 15 +++++++++++----
 server/controllers/contribute.js | 18 ++++++++++++------
 yarn.lock                        |  9 ++++++++-
 5 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/package.json b/package.json
index 712f932..b0451f5 100644
--- a/package.json
+++ b/package.json
@@ -16,6 +16,7 @@
     "@open-wc/webpack-import-meta-loader": "^0.4.1",
     "async-mutex": "^0.1.4",
     "aws-sdk": "^2.610.0",
+    "blake2": "^4.0.0",
     "body-parser": "^1.19.0",
     "cross-env": "^5.2.0",
     "crypto": "^1.0.1",
diff --git a/pages/authorize-contribution.vue b/pages/authorize-contribution.vue
index 1e98493..5e3593d 100644
--- a/pages/authorize-contribution.vue
+++ b/pages/authorize-contribution.vue
@@ -4,7 +4,7 @@
       Hello, <span>@{{ handle }}</span>
     </h1>
     <h2 class="subtitle">
-      Do you want to authorize your contribution #{{ contributionIndex }}? Please sign in.
+      {{ title }}
     </h2>
     <fieldset :disabled="hideSaveBtn" class="authorize">
       <Form />
@@ -46,7 +46,7 @@ export default {
   },
   data() {
     return {
-      contributionIndex: 1,
+      contributionIndex: null,
       token: null,
       status: {
         type: '',
@@ -57,7 +57,17 @@ export default {
   },
   computed: {
     ...mapState('user', ['name', 'handle', 'company']),
-    ...mapGetters('user', ['isLoggedIn', 'hasErrorName'])
+    ...mapGetters('user', ['isLoggedIn', 'hasErrorName']),
+    title() {
+      if (this.status.type === 'is-danger' || !this.contributionIndex) {
+        return null
+      }
+      if (!this.isLoggedIn) {
+        return `Do you want to authorize your contribution #${this.contributionIndex}? Please sign in.`
+      } else {
+        return `Please, specify your name and organization.`
+      }
+    }
   },
   async mounted() {
     this.$root.$emit('enableLoading')
diff --git a/pages/make-contribution.vue b/pages/make-contribution.vue
index 86601c2..93cd2c1 100644
--- a/pages/make-contribution.vue
+++ b/pages/make-contribution.vue
@@ -30,6 +30,12 @@
     <div v-show="status.type === 'is-danger' || status.type === 'is-success'" class="status">
       <div :class="status.type" class="status-message">{{ status.msg }}</div>
     </div>
+    <div v-show="contributionHash" class="is-success status-message">
+      Your contribution hash (Blake2b) is {{ contributionHash }}
+    </div>
+    <div v-show="authorizeLink" class="is-success status-message">
+      You still can authorize your contribution by following this <a :href="authorizeLink">link.</a>
+    </div>
 
     <div class="buttons is-centered">
       <b-button
@@ -77,7 +83,9 @@ export default {
       status: {
         type: '',
         msg: ''
-      }
+      },
+      contributionHash: null,
+      authorizeLink: null
     }
   },
   computed: {
@@ -164,10 +172,9 @@ export default {
           this.$store.commit('user/SET_CONTRIBUTION_INDEX', responseData.contributionIndex)
           this.status.msg = 'Your contribution is verified and recorded.'
           this.status.type = 'is-success'
+          this.contributionHash = responseData.hash
           if (this.contributionType === 'anonymous') {
-            console.log(
-              `${window.location.origin}/authorize-contribution?token=${responseData.token}`
-            )
+            this.authorizeLink = `${window.location.origin}/authorize-contribution?token=${responseData.token}`
           } else {
             this.status.msg += ' Now you can post attestation from your twitter account.'
           }
diff --git a/server/controllers/contribute.js b/server/controllers/contribute.js
index c2375c6..088797f 100644
--- a/server/controllers/contribute.js
+++ b/server/controllers/contribute.js
@@ -8,6 +8,7 @@ const aws = require('aws-sdk')
 const express = require('express')
 const { Mutex } = require('async-mutex')
 const multer = require('multer')
+const blake2 = require('blake2')
 
 const mutex = new Mutex()
 const s3 = new aws.S3()
@@ -83,7 +84,12 @@ router.post('/response', upload.single('response'), async (req, res) => {
         token = crypto.randomBytes(32).toString('hex')
       }
 
-      await Contribution.create({ name, company, handle, socialType, token })
+      const contribution = await fs.readFile(`/tmp/tornado/${req.file.filename}`)
+      const blake2Instance = blake2.createHash('blake2b')
+      blake2Instance.update(contribution)
+      const hash = '0x' + blake2Instance.digest('hex')
+
+      await Contribution.create({ name, company, handle, socialType, token, hash })
 
       console.log('Contribution is correct, uploading to storage')
       if (process.env.DISABLE_S3 !== 'true') {
@@ -97,8 +103,8 @@ router.post('/response', upload.single('response'), async (req, res) => {
         `./server/snark_files/response_${contributionIndex}`
       )
 
-      console.log('Finished')
-      res.json({ contributionIndex, token })
+      console.log('Finished. The hash of the contribution is', hash)
+      res.json({ contributionIndex, token, hash })
     } catch (e) {
       console.error('Got error during save', e)
       await fs.unlink(`/tmp/tornado/${req.file.filename}`)
@@ -113,6 +119,7 @@ router.post('/authorize_contribution', async (req, res) => {
   }
 
   const contribution = await Contribution.findOne({ where: { token: req.body.token } })
+  console.log('contribution', contribution.dataValues.id)
   if (!contribution) {
     res.status(404).send('There is no such contribution')
     return
@@ -136,14 +143,13 @@ router.post('/authorize_contribution', async (req, res) => {
         handle: req.session.handle,
         socialType: req.session.socialType
       },
-      { individualHooks: true, where: { token: req.body.token }, returning: true }
+      { where: { id: contribution.dataValues.id }, individualHooks: true }
     )
+    res.send('OK')
   } catch (e) {
     console.error('updateError', e)
     res.status(404).send('Update error')
   }
-
-  res.send('OK')
 })
 
 router.post('/get_contribution_index', async (req, res) => {
diff --git a/yarn.lock b/yarn.lock
index 01828c7..ffe9c57 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1799,6 +1799,13 @@ bindings@^1.5.0:
   dependencies:
     file-uri-to-path "1.0.0"
 
+blake2@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/blake2/-/blake2-4.0.0.tgz#32ae4c3568ef5ee4d74c50b99d774abf8fff4f60"
+  integrity sha512-PIOc6RXAZYBYcdpyMzI6/SCU3BH8EbmA9vr0BAVyQv48CQTXDN6viHOTM+8KQue2IPsyHNpIR3UDisz8rZDPTA==
+  dependencies:
+    nan "^2.14.0"
+
 block-stream@*:
   version "0.0.9"
   resolved "https://registry.yarnpkg.com/block-stream/-/block-stream-0.0.9.tgz#13ebfe778a03205cfe03751481ebb4b3300c126a"
@@ -5882,7 +5889,7 @@ named-placeholders@^1.1.2:
   dependencies:
     lru-cache "^4.1.3"
 
-nan@^2.12.1, nan@^2.13.2:
+nan@^2.12.1, nan@^2.13.2, nan@^2.14.0:
   version "2.14.0"
   resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.0.tgz#7818f722027b2459a86f0295d434d1fc2336c52c"
   integrity sha512-INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==