bounties-network / bountiesapi Goto Github PK
View Code? Open in Web Editor NEWThe caching layer of the Bounties Network
License: MIT License
The caching layer of the Bounties Network
License: MIT License
Currently, we run into a few issues:
We need to decouple the slack client from the bounty client. I'd like the master client to look like this:
bounty_client = BountyClient()
slack_client = SlackMessageClient()
sc = SlackClient(settings.SLACK_TOKEN)
def bounty_issued(bounty_id, **kwargs):
bounty = Bounty.objects.filter(bounty_id=bounty_id)
if not bounty.exists():
bounty = bounty_client.issue_bounty(**kwargs)
slack_client.bounty_issued(bounty)```
(That's of course just one example).
In this case, I removed the event field and just pass the bounty through. This makes it cleaner, and now we can add an email client or notificer client after this in the master client. Eventually, these will be all long-running jobs as well.
Additionally, the template strings I'd like to be in a slack_templates.py file and imported.
We'd like to provide an endpoint that returns all tokens that have been used at least once in a contract. It should also return its associated token data.
We do not want to refactor or change the current structure (address is on the bounty, but pricing token data is a separate model) due to various reasons at this point. Feel free to disagree with that approach, but I've wanted to keep a separation of concerns between third party data and our internal data. For example, we may have a token as part of a contract that does not exist yet on coinmarketcap. Additionally, the address and decimals live on the bounty schema in the contract, so I want to keep things consistent.
When request a user address that doesn't exist, I think it would make sense for the api to return a 404
code along with normal response rather than a 200
.
{
"user": null,
"stats": {}
}
Example endpoint to mock should return the following:
https://api.bounties.network/analytics/stats?publish_date__range=2016-01-01,2016-01-04
Please stay in touch with the person also working on this task: #21
[{
date: 2016-01-01,
bounties_issued: 44,
fulfillments_submitted: 23,
fulfillments_accepted: 21,
fulfillments_pending_acceptance: 2,
fulfillment_acceptance_rate: .91,
bounty_fulfilled_rate: .83,
avg_fulfiller_acceptance_rate: .73,
avg_fulfillment_amount: 45.32,
total_fulfillment_amount: 184,
bounty_draft: 11,
bounty_active: 48,
bounty_completed: 22,
bounty_expired: 5,
bounty_dead: 11
}, {
date: 2016-01-02,
bounties_issued: 44,
fulfillments_submitted: 23,
fulfillments_accepted: 21,
fulfillments_pending_acceptance: 2,
fulfillment_acceptance_rate: .91,
bounty_fulfilled_rate: .83,
avg_fulfiller_acceptance_rate: .73,
avg_fulfillment_amount: 45.32,
total_fulfillment_amount: 184,
bounty_draft: 11,
bounty_active: 48,
bounty_completed: 22,
bounty_expired: 5,
bounty_dead: 11
}]
The endpoint should also return the above stats as full aggregates (representing the aggregate of the entire date range), and these should also be visualized.
You may also filter by schema, ie:
https://api.bounties.network/analytics/stats?publish_date__range=2016-01-01,2016-01-04&schema=gitcoin
Myself and @mbeylin
This is the first bounty in an upcoming set of bounties focused around building an analytics dashboard for projects that utilize the standard bounties contract such as gitcoin, and other upcoming open source sites.
This first task begins the work of exposing endpoints around daily stats for a range of time. Ultimately, these will be used to build a react frontend connected to highcharts or other charting libraries. The data is already stored in PSQL, it just needs to be served up via the format requested below. This task ultimately requires just one endpoint to be built for now.
?publish_date__range=2016-01-01,2016-02-01
formatAll of the above should be a separate field on one model that the job writes to. For the current day, this should be calculated in realtime. These should all be exposed on one api endpoint.
Myself and @mbeylin
These are some of the areas we need to begin to tackle. Feedback on prioritization and any other discussion is encouraged.
Opening a thread to begin discussing, researching major changes we will need to implement for Std. Bounties V2.
The new proxy architecture - which is awesome ๐ฏ- https://github.com/Bounties-Network/StandardBounties/blob/develop/contracts/inherited/Proxy.sol is going to require some major changes. For example, each bounty will create a proxy contract with its own address.
This should be our first bountied issue. @mbeylin let me know if we're missing anything here.
@mbeylin these mimic a lot of what we have in the app right now. Let me know if you have ideas/thoughts on other metrics we may want. Also, we may want to narrow down to just a few of the above to make v1 of the dashboard as simple as possible. We can expand on it later.
We want to show the cumulative number of unique bounty issuers and cumulative bounty fulfillers over time. We also want to show cumulative USD over time. You can view the current beta analytics dashboard. This task only requires updating the API. A separate task will be created around the frontend.
Before starting work, please communicate your plan and availability along with your intention to take the task. After initial communication, I'll approve the best candidate to take the task.
Hi there,
Iโm a Security Researcher and I found some Vulnerabilities in your websites. Where Can I Report Security issues?
Do you have a Running Bug bounty program?
Thank you
Simple. Codecov - bring the % up by 5. :D
We want to show the most used categories in our beta analytics dashboard
There is a bit of base work that needs to be done to first tackle this.
bounties-network
and gitcoin
. bounties-network
should be the default if no schema is attached.Before starting work, please communicate your plan and availability along with your intention to take the task. After initial communication, I'll approve the best candidate to take the task.
Currently the analytics endpoint aggregates everything by day. We'd like to also have an aggregation by week option.
So this is my report:
i find a text injection can be used in phishing 404 page should not include attacker text !
Description :
This report is about how an attacker is able to spoof the content of 404 page and can add thr own Text in way that the Current Website is moved to someone new URL which is Attackers website , yet its not that much effective to make this attacker successful but still this need to fix .
Vulnerable URL : https://api.bounties.network
POC URL: https://api.bounties.network/%20https://api.bounties.network%20has%20been%20changed%20to%20http://ATTACKER.com%20so%20please%20visit%20it%20or%20contact%20the%20support%20on%20this%20email:%[email protected]%20,%20and%20about%20Bounties.network%20service
Reference : https://www.owasp.org/index.php/Content_Spoofing
POC : https://i.imgur.com/Ez9SBpq.png
Mediation :
User Predefined 404 page , with fixed error content !
Please let me know if any more info needed !
Regard's
NESSIM JERBI
New bounty was created in Rinkeby: https://rinkeby.etherscan.io/address/0x38f1886081759f7d352c28984908d04e8d2205a6
When querying for bounties with the issuer specified in the successful issueAndContribute
call, no bounties were found. This was queried using the Rinkeby API for Standard Bounties, http://rinkeby.api.bounties.network/.
If no new events occur between iterations of the contract subscriber loop, it will process the same block over and over again.
BountiesAPI/contract_subscriber/index.js
Lines 15 to 21 in fa40025
I think that eventBlock
should be incremented by 1 before updating the currentBlock
in the Redis cache. This is a minor issue since messageDeduplicationId
should stop it from actually getting processed, however it seems like it puts unnecessary strain on the cache.
Hi there. When I was working on adding tests, I stumbled upon update_fulfillment
method. When I tried to call it from test code, it failed.
I think the reason of failing is that it should call is_valid
before saving the object to DB, similar to the fulfill_bounty
method just above.
Here's the method: https://github.com/Bounties-Network/BountiesAPI/blob/master/bounties_api/std_bounties/bounty_client.py#L122-L124
Advanced issue. Solidity and python experience required.
Here is the current stack trace for the error:
bounties_subscriber_1 | Traceback (most recent call last):
bounties_subscriber_1 | File "/code/std_bounties/management/commands/bounties_subscriber.py", line 68, in handle
bounties_subscriber_1 | bounty_id, contract_method_inputs, event_timestamp)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/contextlib.py", line 52, in inner
bounties_subscriber_1 | return func(*args, **kwds)
bounties_subscriber_1 | File "/code/std_bounties/client.py", line 38, in issue_bounty
bounties_subscriber_1 | inputs.get('fulfillmentAmount'))
bounties_subscriber_1 | File "/code/std_bounties/client_helpers.py", line 149, in map_token_data
bounties_subscriber_1 | token_symbol = HumanStandardToken.symbol()
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/web3/contract.py", line 805, in __call__
bounties_subscriber_1 | return self.__prepared_function(**kwargs)(*args)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/web3/contract.py", line 844, in call_contract_function
bounties_subscriber_1 | output_data = decode_abi(output_types, return_data)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/abi.py", line 109, in decode_abi
bounties_subscriber_1 | return decoder(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 102, in __call__
bounties_subscriber_1 | return self.decode(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_utils/functional.py", line 22, in inner
bounties_subscriber_1 | return callback(fn(*args, **kwargs))
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 138, in decode
bounties_subscriber_1 | yield HeadTailDecoder.as_decoder(tail_decoder=decoder)(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 102, in __call__
bounties_subscriber_1 | return self.decode(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 118, in decode
bounties_subscriber_1 | stream.seek(start_pos)
bounties_subscriber_1 | OverflowError: Python int too large to convert to C ssize_t
bounties_subscriber_1 | Traceback (most recent call last):
bounties_subscriber_1 | File "manage.py", line 22, in <module>
bounties_subscriber_1 | execute_from_command_line(sys.argv)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
bounties_subscriber_1 | utility.execute()
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/__init__.py", line 356, in execute
bounties_subscriber_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/base.py", line 283, in run_from_argv
bounties_subscriber_1 | self.execute(*args, **cmd_options)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/base.py", line 330, in execute
bounties_subscriber_1 | output = self.handle(*args, **options)
bounties_subscriber_1 | File "/code/std_bounties/management/commands/bounties_subscriber.py", line 132, in handle
bounties_subscriber_1 | raise e
bounties_subscriber_1 | File "/code/std_bounties/management/commands/bounties_subscriber.py", line 68, in handle
bounties_subscriber_1 | bounty_id, contract_method_inputs, event_timestamp)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/contextlib.py", line 52, in inner
bounties_subscriber_1 | return func(*args, **kwds)
bounties_subscriber_1 | File "/code/std_bounties/client.py", line 38, in issue_bounty
bounties_subscriber_1 | inputs.get('fulfillmentAmount'))
bounties_subscriber_1 | File "/code/std_bounties/client_helpers.py", line 149, in map_token_data
bounties_subscriber_1 | token_symbol = HumanStandardToken.symbol()
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/web3/contract.py", line 805, in __call__
bounties_subscriber_1 | return self.__prepared_function(**kwargs)(*args)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/web3/contract.py", line 844, in call_contract_function
bounties_subscriber_1 | output_data = decode_abi(output_types, return_data)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/abi.py", line 109, in decode_abi
bounties_subscriber_1 | return decoder(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 102, in __call__
bounties_subscriber_1 | return self.decode(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_utils/functional.py", line 22, in inner
bounties_subscriber_1 | return callback(fn(*args, **kwargs))
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 138, in decode
bounties_subscriber_1 | yield HeadTailDecoder.as_decoder(tail_decoder=decoder)(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 102, in __call__
bounties_subscriber_1 | return self.decode(stream)
bounties_subscriber_1 | File "/usr/local/lib/python3.6/site-packages/eth_abi/decoding.py", line 118, in decode
bounties_subscriber_1 | stream.seek(start_pos)
bounties_subscriber_1 | OverflowError: Python int too large to convert to C ssize_t
It points to this line of code: https://github.com/ethereum/eth-abi/blob/master/eth_abi/decoding.py#L118 in the eth_abi decoding for web3
This error is triggered by the symbol() call for the human standard token: https://github.com/Bounties-Network/BountiesAPI/blob/master/bounties_api/std_bounties/client_helpers.py#L144
This is for the Coin DAI represented at this address: https://github.com/Bounties-Network/BountiesAPI/blob/master/bounties_api/std_bounties/client_helpers.py#L145
That line of code is a major workaround for now until this issues is solved. I tried to call different ERC20 token standards, but it still did not fix the issue.
A solution to the bug has been implemented and presented
Myself and @mbeylin
The current system sends events directly via sqs, and then the std_bounties client responds directly to the messaged events.
As we want to include more realtime systems in response (ie. stats and more to come), we are running into the issue of how we accomplish it without resyncing everything to the blockchain and passing through the events via sqs. In addition, we want to store the actual events that have passed in a table for analytics reasons.
A good solution to everything is to store the events in a table and use this table to resync. This will require a refactor of the current system.
@mbeylin and myself
A WIP pull request along the way with initial progress
Key questions posted here
Conversational and longer discussions should be directed to the bounties network slack in this channel: https://bountiesnetwork.slack.com/messages/community-dev
I want to leave some thoughts I've had while building the SDK that may help to inform the development of the next iteration of the API.
Does it make sense to prescribe one notification to be push
and another to be activity
? As an open protocol I'd argue that they are all notification
and it should be up to developers building on our platform to make that distinction in their frontend by choosing which are quickly visible and through a setting panel that allows users to turn on and off emails for specific notifications.
The leaderboard endpoint is a departure from the pattern put in place by bounties, fulfillments, etc where a single entity can be retrieved by drilling down /{entity}/{id}
or a list could be retrieved via some query to the /{entity}
endpoint. I believe that leaderboard should be generalized and accessible via the /user
endpoint and customizable using queries.
For continuity sake, I think the categories
, skills
, tokens
, and languages
should also follow the /{entity}/{id}
|| /{entity}
pattern.
The comments
endpoint should be decoupled from a bounty
like fulfillments
. It may be useful to retrieve all of a specific user's comments.
How are we going to seamlessly integrate STB2 where bounties are identified by addresses instead of id
s? It doesn't make sense to me to require users who want to know about a bounty at 0x123...456
to first ping our API to determine that bounties id
before calling the /bounty
endpoint.
I'll add more to this thread as they come up!
We should drop the json.dumps
, otherwise it looks like this:
As an example, code coverage is already setup within the django application. However, the configuration needs to be fixed as it is not covering the right files. To run it, just try docker-compose exec bounties_api python manage.py test --with-coverage
Myself and @mbeylin
This is an advanced task and we are only accepting candidates who have time, resources, and bandwidth to put significant time into this.
We want to take our first step into integrating ENS int our app, but we want to start off with it at just a functional level.
We would like a daily script that does a reverse lookup of all our current users with their address to see if they own any root ENS domains. If they own multiple, then choose the smallest. A new field should be added on the user model. Additionally, the frontend repo should update the avatar component here to accept an ENS input and prioritize that vs. the address if it is there. All instances of avatar across the app should be updated appropriately to pass that through.
Currently, we have a notification channel in slack that lets us know when contract events have occurred.
In its current state, it only sends the following info to the slack channel:
'Event {} passed for bounty {}'.format(event, str(bounty_id))
or an example:
Event BountyFulfilled passed for bounty 162
We would like to make this slack channel public, and would like to provide more information. Gitcoin's notification channel provides a great example of detailed messages.
In our iteration, we'd actually like the std_bounties client to call the slack function at the end of each of the functions. Keep in mind, the std_bounties client is called by the long-running job bounties_subscriber. A file should be added called slack_clienty.py with the same functions as the std_bounties client and work as a mirror.
We want the following info posted for each event:
issue_bounty: Bounty Title, ID, Token info (symbol @ price), Fulfillment Amount, USD Price, Deadline
activate_bounty: Bounty Title, ID, Token, USD_Price
fulfill_bounty: Same as issue_bounty with fulfillment_id included
fulfillment_updated: Bounty Title, ID, fulfillment_id
fulfillment_accepted: Same as issue_bounty with fulfillment_id included
bounty_killed: Bounty Title, ID
contribution_added: Bounty Title, ID, Balance Added (token and USD_PRICE), Previous Balance, Token Info.
deadline_extended: Bounty Title, ID, previous deadline, new deadline
bounty_changed: Bounty title, ID
Issuer Transferred: Bounty Title, ID
Payout Increased: Bounty title, ID, Payout added (token and USD_PRICE), previous payout amount
Also, each should give a link to the issue on the bounty network: beta.bounties.network
Once work has been started, we will give access to the appropriate slack channels. Once completed, the channels will be public.
Pep8 compliance required
This is the first bounty in an upcoming set of bounties focused around building an analytics dashboard for projects that utilize the standard bounties contract such as gitcoin, and other upcoming open source sites.
This first task begins the work of exposing endpoints around daily stats for a range of time. Ultimately, these will be used to build a react frontend connected to highcharts or other charting libraries. The data is already stored in PSQL, it just needs to be served up via the format requested below. This task ultimately requires just one endpoint to be built for now.
?publish_date__range=2016-01-01,2016-02-01
formatAll of the above should be a separate field on one model that the job writes to. These should all be exposed on one api endpoint.
Example Response to https://api.bounties.network/analytics/stats?publish_date__range=2016-01-01,2016-01-04
The example response is missing the aggregate response. The aggregate response should include the values over the entire timerange.
[{
date: 2016-01-01,
bounties_issued: 44,
fulfillments_submitted: 23,
fulfillments_accepted: 21,
fulfillments_pending_acceptance: 2,
fulfillment_acceptance_rate: .91,
bounty_fulfilled_rate: .83,
avg_fulfiller_acceptance_rate: .73,
avg_fulfillment_amount: 45.32,
total_fulfillment_amount: 184,
bounty_draft: 11,
bounty_active: 48,
bounty_completed: 22,
bounty_expired: 5,
bounty_dead: 11
}, {
date: 2016-01-02,
bounties_issued: 44,
fulfillments_submitted: 23,
fulfillments_accepted: 21,
fulfillments_pending_acceptance: 2,
fulfillment_acceptance_rate: .91,
bounty_fulfilled_rate: .83,
avg_fulfiller_acceptance_rate: .73,
avg_fulfillment_amount: 45.32,
total_fulfillment_amount: 184,
bounty_draft: 11,
bounty_active: 48,
bounty_completed: 22,
bounty_expired: 5,
bounty_dead: 11
}]
Myself and @mbeylin
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.