From cb4203b6dbe4991fd3a38e56700edde93335c251 Mon Sep 17 00:00:00 2001
From: CalDescent <caldescent@protonmail.com>
Date: Sun, 4 Jul 2021 14:53:54 +0100
Subject: [PATCH] Use public key as parameter instead of address, since we can
 obtain the address from the public key in all cases.

---
 .../api/resource/ArbitraryResource.java       | 22 ++++++++++---------
 .../qortal/api/resource/WebsiteResource.java  | 17 ++++++--------
 2 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/src/main/java/org/qortal/api/resource/ArbitraryResource.java b/src/main/java/org/qortal/api/resource/ArbitraryResource.java
index 63d590f3..3624c129 100644
--- a/src/main/java/org/qortal/api/resource/ArbitraryResource.java
+++ b/src/main/java/org/qortal/api/resource/ArbitraryResource.java
@@ -26,6 +26,7 @@ import org.apache.logging.log4j.Logger;
 import org.qortal.api.*;
 import org.qortal.api.resource.TransactionsResource.ConfirmationStatus;
 import org.qortal.block.BlockChain;
+import org.qortal.crypto.Crypto;
 import org.qortal.data.PaymentData;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.transaction.ArbitraryTransactionData;
@@ -225,7 +226,7 @@ public class ArbitraryResource {
 	}
 
 	@POST
-	@Path("/upload/creator/{address}")
+	@Path("/upload/creator/{publickey}")
 	@Operation(
 			summary = "Build raw, unsigned, ARBITRARY transaction, based on a user-supplied path to a single file",
 			requestBody = @RequestBody(
@@ -250,12 +251,18 @@ public class ArbitraryResource {
 			}
 	)
 	@ApiErrors({ApiError.REPOSITORY_ISSUE})
-	public String uploadFileAtPath(@PathParam("address") String creatorAddress, String path) {
+	public String uploadFileAtPath(@PathParam("publickey") String creatorPublicKeyBase58, String path) {
 		Security.checkApiCallAllowed(request);
 
 		// It's too dangerous to allow user-supplied filenames in weaker security contexts
-		if (Settings.getInstance().isApiRestricted())
+		if (Settings.getInstance().isApiRestricted()) {
 			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
+		}
+
+		if (creatorPublicKeyBase58 == null || path == null) {
+			throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
+		}
+		byte[] creatorPublicKey = Base58.decode(creatorPublicKeyBase58);
 
 		// Check if a file or directory has been supplied
 		File file = new File(path);
@@ -291,13 +298,8 @@ public class ArbitraryResource {
 				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_DATA);
 			}
 
-			AccountData accountData = repository.getAccountRepository().getAccount(creatorAddress);
-			if (accountData == null || accountData.getPublicKey() == null) {
-				dataFile.deleteAll();
-				throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
-			}
-			byte[] creatorPublicKey = accountData.getPublicKey();
-			byte[] lastReference = accountData.getReference();
+			String creatorAddress = Crypto.toAddress(creatorPublicKey);
+			byte[] lastReference = repository.getAccountRepository().getLastReference(creatorAddress);
 
 			BaseTransactionData baseTransactionData = new BaseTransactionData(NTP.getTime(), Group.NO_GROUP,
 					lastReference, creatorPublicKey, BlockChain.getInstance().getUnitFee(), null);
diff --git a/src/main/java/org/qortal/api/resource/WebsiteResource.java b/src/main/java/org/qortal/api/resource/WebsiteResource.java
index 6a963669..aa25d463 100644
--- a/src/main/java/org/qortal/api/resource/WebsiteResource.java
+++ b/src/main/java/org/qortal/api/resource/WebsiteResource.java
@@ -28,6 +28,7 @@ import org.qortal.api.ApiError;
 import org.qortal.api.ApiExceptionFactory;
 import org.qortal.api.Security;
 import org.qortal.block.BlockChain;
+import org.qortal.crypto.Crypto;
 import org.qortal.data.PaymentData;
 import org.qortal.data.account.AccountData;
 import org.qortal.data.transaction.ArbitraryTransactionData;
@@ -58,7 +59,7 @@ public class WebsiteResource {
     @Context ServletContext context;
 
     @POST
-    @Path("/upload/creator/{address}")
+    @Path("/upload/creator/{publickey}")
     @Operation(
             summary = "Build raw, unsigned, ARBITRARY transaction, based on a user-supplied path to a static website",
             requestBody = @RequestBody(
@@ -82,7 +83,7 @@ public class WebsiteResource {
                     )
             }
     )
-    public String uploadWebsite(@PathParam("address") String creatorAddress, String path) {
+    public String uploadWebsite(@PathParam("publickey") String creatorPublicKeyBase58, String path) {
         Security.checkApiCallAllowed(request);
 
         // It's too dangerous to allow user-supplied filenames in weaker security contexts
@@ -90,9 +91,10 @@ public class WebsiteResource {
             throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
         }
 
-        if (creatorAddress == null || path == null) {
+        if (creatorPublicKeyBase58 == null || path == null) {
             throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.INVALID_CRITERIA);
         }
+        byte[] creatorPublicKey = Base58.decode(creatorPublicKeyBase58);
 
         DataFile dataFile = this.hostWebsite(path);
         if (dataFile == null) {
@@ -107,13 +109,8 @@ public class WebsiteResource {
         
         try (final Repository repository = RepositoryManager.getRepository()) {
 
-            AccountData accountData = repository.getAccountRepository().getAccount(creatorAddress);
-            if (accountData == null || accountData.getPublicKey() == null) {
-                dataFile.deleteAll();
-                throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.ADDRESS_UNKNOWN);
-            }
-            byte[] creatorPublicKey = accountData.getPublicKey();
-            byte[] lastReference = accountData.getReference();
+            String creatorAddress = Crypto.toAddress(creatorPublicKey);
+            byte[] lastReference = repository.getAccountRepository().getLastReference(creatorAddress);
 
             BaseTransactionData baseTransactionData = new BaseTransactionData(NTP.getTime(), Group.NO_GROUP,
                     lastReference, creatorPublicKey, BlockChain.getInstance().getUnitFee(), null);