CCProcessor:A simple Dogecoin webshop transaction

processor

Ivan Voras

A presentation for the FSEC 2014 conference: http://fsec.foi.hr

Outline WTF is Dogecoin?

I'm a poor Doge boy, from a poor family...

What is this project all about? BitDogeCoin needs more use / trade

How did I do it? Putting the pieces together

What does it look like and what does it do? UX design awards, here I come!

To the Moon!

WTF is Dogecoin? Like Bitcoin, only poorer

A cryptocurrency of the Bitcoin style with the following tweaks: the scrypt hash algorithm 100 billion coins by the end of 2014 new coins may be mined after that, indefinitely

Based on the Doge meme, a Shiba Inu dog Has a community bordering between crazy and

awesome

Why do you care? Dogecoins are currently very cheap

They have a community willing to experiment

The protocols are almost identical to that of BitCoin Meaning it's a good polygon for learning and

creating new stuff which can cheaply be tested before being applied to BitCoin

If, eventually, it goes to the Moon, even better!

Mid-September 2014:1000 doge = $0.25

Poor shibes...

So... what did I do? Mostly for learning, but with the potential to

do something serious eventually

A payment processor for web applications inspired by credit card payment processors The customer does not enter important details like

the credit card number at the webshop server

However, there is inter-server communication in my model (downsides?)

Why? For would-be web-shop owners who do not

have the knowledge, time or the inclination to interface directly to wallets Random little PHP webshops, made for non-

programmers or by programmers who don't want the hassle

The CCP (CryptoCurrencyProcessor) handles all the details and the shop owner only has to have a receiving Dogecoin address, that is all.

How it behaves The customer clicks on a BUY link

The webshop page calls JS code which opens a popup window loaded from the CCP web server

This window JS code communicates with the CCP web server, which creates a new payment address each time and processes transactions

The webshop server is notified of payment

The CCP server passes the money to the shop address

CCProcessor payment gateway

Client web shop

User interface web browser

Customer clicks on the "Buy" button

Web shop server generates a unique transaction ID

AJAX request

The transaction ID is received by the JS code, which calls

initiate_transaction()

AJAX response

CCProcessor server initiates transaction, renders intro page,

offers the user to confirm

The customer is shown a window containing product and shop info,

clicks "Confirm"

A temporary payment address is created, the web shop is

notified, the user asked to pay up

The web shop is notified that the user has confirmed the purchase and should pay up

GET page request

Async. AJAX

User is shown the address, JS code periodically asks the CCProcessor

if the payment has been made

GET page request

GET page response

GET page response

The server periodically checks with the daemon to see if the

payment has been made

AJAX request

The web shop is notified the payment has been received

The customer is notified the payment has been received

The customer is shown a thank-you message, the window

is closed

This is a basic state diagram of the most common / expected code path during a payment through the CCProcessor.

Async. AJAX

AJAX response

In case of error or cancelation, the transaction is marked

and the web shop is notified

The web shop is notified of error or cancelation

Async. AJAX

How did I do it? A Python application, with both a web server + app and a

core payment processor (multithreaded)

The web server event-driven (greenlets / gevent, WSGI) directly opens port 80 and serves everything (static+dynamic)

The payment processor (Broker) Couple of threads, talks to the wallet daemon Communicates with the web server directly and via the

PostgreSQL database Preserves state after crashes / reboots (transactional, ACID)

The web server Flask / Werkzeug micro-framework

Client-side session cookies (signed)

Initiates new transaction state at the Broker

Currently very lean and streamlined, supports only the client-side functionality (no admin)

The broker Much more interesting

Responsible for theactual work,generating new addresses,receiving payments,forwarding payments, initiating notifications...

Two threads: the work-loop and the S2S notification queue runner

The work loop Polls the database every few seconds for

transactions in need of processing Transactions flow through a state machine, e.g.: NEW: generate new wallet address WAIT: waiting for payment to this address NOTIFICATION: Notify webshop about payment PAID: everyone notified about payment PAID_TRANSFERRED: forwarded the coins to shop

The work loop Transaction state driven

Transaction states are in the database Nicely indexed and quick, with a predicted hot-spot

vs cold-everything-else usage pattern Crash-friendly

Talks to the wallet daemon JSON RPC very standard, very usable

The S2S notifier A separate thread for server-to-server

notifications on transaction state Don't want to block the broker thread with IO

It could have been done indirectly through the browser and maybe one day will be

Sends simple HTTP GET notifications waiting / paid / canceled / error...

A note on threading The default Python interpreter (CPython, aka

Guido's baby) sucks for multithreading work The GIL (Global Interpreter Lock) prevents

parallel execution of Python code!

Luckily, non-Python code is not affected C code in libraries, system calls like read() and

write(), etc. can and are executed in parallel This makes it less horrible for IO-driven tasks

How does it look like?

How does it look like?

How does it look like?

How does it look like?

Server-side

Shop side The shop is also the

buyer - the Android Dogecoin Wallet

Bought an item for100 DOGE

The Broker sent the100 10% comission

+network fees apply

An example web-shop

The end tl;dr if you want to sell using cryptocurrency,

this project is a good way to do it

Thank you for listening!

Pointing you into the direction of the Moon today:Ivan Voras

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25