Understanding the server
In the previous tutorial, we looked at how to prepare and upload a Node.js server. In this tutorial, we will look at the main functions of the server.
NOTE: The Kin blockchain has several (growing) server-side options you can choose from. For now, you have a selection of:
1. Pure Python, which works with this tutorial too
2. Bootstrapped Python which can be accessed with Swagger (tutorial coming soon)
3. Pure Node.js, which we are currently looking at
Language options for the server
Although this tutorial covers Node, the following options (linked above) are available for your client to use. The pure Python and Node implementations are available and can directly replace each other for this tutorial.
For an easy set up using a Python bootstrap and Swagger API endpoints, you can spin off the bootstrap and connect to it through a reverse proxy that uses your favorite language.
Once you understand how the client and the Node server work, you can easily replace your Node.js with the provided Python code, or create a reverse proxy to work with a bootstrap of Python and Swagger.
The reverse proxy is just a simple server that stands in between your client and the bootstrapped server. This is to protect your API endpoints from being accessed by a malicious user. For security, your client will connect and be vetted by the proxy, which will then relay instructions to the bootstrap.
We will cover security in further sections of this tutorial.
Purpose of the Server
Regardless of your favored language, the server has 4 functions:
- Receive Kin from the user (when they are buying an item from you)
- Onboard a new user’s account
- Send Kin to a user (to reward them for an action)
- Whitelist a user’s transactions.
We will look at the code for each function below.
1. Receive Kin from the user
No additional code is necessary from the server’s end. However, this is the reason we gave the server’s public address to the client in the previous tutorial.
2. Onboard a new user’s account
In the same way we onboarded an account manually using the Friendbot, the client calls the server through a URL and passes its public address. The server then onboards this address for the client.
Note: some operations are abstracted for ease of use. In the background, several operations are running.
3. Send Kin to a user
To reward a user for an action, the server can send Kin using the following call:
A Kin transaction requires a destination address, amount, and a memo text (optional) in order to process.
Note: Some operations are abstracted for ease of use. In the background, several operations are running.
4. Whitelist a user’s transactions
To avoid spam, blockchain transactions are usually charged a small fee. However, registering with the Kin Developer Program will authorise your server to approve zero fee transactions (whitelisting).
Once whitelisted, any transaction your server makes will have zero fees. Additionally, your server can whitelist a client’s transaction. For this to happen:
- The client builds and signs a transaction (e.g. Send 50 Kin)
- Instead of submitting to the blockchain, the client sends the transaction to your server
- Your server receives this string of text and signs it, ‘approving’ it for whitelisting
- Your server sends back the signed string to the client
- The client submits this to the blockchain and it is processed at zero fees.
A note on server-side security
So far, this has been a basic implementation of the server side and client side, where the client can request Kin from the server and the server can respond appropriately.
This sample code has two features that can be implemented for security.
The first is a constant that limits the maximum amount of Kin the server can grant a client.
The second is an id field that can be sent from the client and verified by the server before sending a payment.
This will allow you to store the id in a database and place restrictions on the total amount of Kin that can be sent to an id, for a given period. However, these basic security settings can be further hardened.
Luc Hendriks has written a great post on further security measures you can take for your Kin server. We will consider more details on security in future posts. For now, just keep in mind that this is a feature you will need to implement, after understanding the basics of Kin’s blockchain.
We have gone through the major functions that your server will perform and also looked at server-side security.
Homework: Before proceeding, please look at this post to get a summary of what we have done so far, with some more detail on the code that the server and client are using.
In the next tutorial, we will perform our first transaction.