我一直在研究一个多主机,多组织的Fabric网络,该网络运行良好。下一步将是创建一个REST API服务器,该服务器将网络与客户端应用程序连接。从我的研究来看,我没有太多可以使用的示例,但是我找到了一个非常好的库,不幸的是,该库无法在我的网络上运行,或者至少我不知道如何使用它。 >
https://github.com/olegabu/fabric-starter-rest
我尝试过的是:
服务器从主机上的端口3000启动,但出现错误:
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: 2 UNKNOWN: access denied: channel [] creator org [manager]
如果我尝试用JWT注册用户,我将得到:
JWT=`(curl -d '{"username":"user1","password":"pass"}' --header "Content-Type: application/json" http://localhost:3000/users | tr -d '"')`
echo $JWT
fabric-ca request register failed with errors [[{\code\:0,\message\:\Registration of 'user1' failed in affiliation validation: Failed getting affiliation 'manager': : scode: 404, code: 63, msg: Failed to get Affiliation: sql: no rows in result set\}]]
这是我的network.js
const fs = require('fs');
const myorg = process.env.ORG || 'manager';
const domain = process.env.DOMAIN || 'test.com';
const cryptoConfigDir = process.env.CRYPTO_CONFIG_DIR || '../crypto-config';
const enrollId = process.env.ENROLL_ID || 'admin';
const enrollSecret = process.env.ENROLL_SECRET || 'adminpw';
// default to peer0.org1.example.com:7051 inside docker-compose or export ORGS='{"org1":"peer0.org1.example.com:7051","org2":"peer0.org2.example.com:7051"}'
let orgs = process.env.ORGS || '"manager":"localhost:7051"';
let cas = process.env.CAS || '"manager":"localhost:7054"';
const t = {
name: 'Network',
version: '1.0',
};
function addOrg(t, org) {
if(!t.organizations) {
t.organizations = {};
}
t.organizations[org] = {
// mspid: `${org}MSP`,
mspid: `${org}`,
peers: [
`peer0.${org}.${domain}`
]
};
if(org === myorg) {
const keystorePath = `${cryptoConfigDir}/peerOrganizations/${org}.${domain}/users/Admin@${org}.${domain}/msp/keystore`;
const keystoreFiles = fs.readdirSync(keystorePath);
const keyPath = `${keystorePath}/${keystoreFiles[0]}`;
t.organizations[org].certificateAuthorities = [org];
t.organizations[org].adminPrivateKey = {
path: keyPath
};
t.organizations[org].signedCert = {
path: `${cryptoConfigDir}/peerOrganizations/${org}.${domain}/users/Admin@${org}.${domain}/msp/signcerts/Admin@${org}.${domain}-cert.pem`
};
}
}
function addPeer(t, org, i, peerAddress) {
if(!t.peers) {
t.peers = {};
}
t.peers[`peer${i}.${org}.${domain}`] = {
url: `grpcs://${peerAddress}`,
grpcOptions: {
'ssl-target-name-override': `peer${i}.${org}.${domain}`,
//'ssl-target-name-override': 'localhost',
'grpc.keepalive_time_ms': 600000
},
tlsCACerts: {
path: `${cryptoConfigDir}/peerOrganizations/${org}.${domain}/peers/peer${i}.${org}.${domain}/msp/tlscacerts/tlsca.${org}.${domain}-cert.pem`
}
};
}
function addCA(t, org, caAddress) {
if(!t.certificateAuthorities) {
t.certificateAuthorities = {};
}
t.certificateAuthorities[org] = {
url: `https://${caAddress}`,
httpOptions: {
verify: false
},
tlsCACerts: {
path: `${cryptoConfigDir}/peerOrganizations/${org}.${domain}/ca/ca.${org}.${domain}-cert.pem`
},
registrar: [
{
enrollId: enrollId,
enrollSecret: enrollSecret
}
],
caName: 'ca-manager'
};
}
module.exports = function () {
t.client = {
organization: myorg,
credentialStore: {
path: `hfc-kvs/${myorg}`,
cryptoStore: {
path: `hfc-cvs/${myorg}`
}
}
};
try {
orgs = JSON.parse(orgs);
} catch(e) {
orgs = JSON.parse('{' + orgs + '}');
}
try {
cas = JSON.parse(cas);
} catch(e) {
cas = JSON.parse('{' + cas + '}');
}
Object.keys(orgs).forEach(k => {
addOrg(t, k);
addPeer(t, k, 0, orgs[k]);
});
Object.keys(cas).forEach(k => {
addCA(t, k, cas[k]);
});
return t;
};
更新-来自CA容器的日志:
ca.Config: &{Version:1.3.0-rc1 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-manager Keyfile:/etc/hyperledger/fabric-ca-server-config/d7eb2855ec763f3f07071111797926920c1900c42b00f564a5aa27e6fbfd2a79_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.manager.test.com-cert.pem Chainfile:/etc/hyperledger/fabric-ca-server/ca-chain.pem} Signing:0xc4205411f0 CSR:{CN:ca.manager.test.com Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[ae9e461c2d7f localhost] KeyRequest:0xc42054e260 CA:0xc420519fe0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.Roles:* hf.Registrar.DelegateRoles:* hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:/etc/hyperledger/fabric-ca-server/fabric-ca-server.db TLS:{false [] { }} } CSP:0xc4205184a0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile:/etc/hyperledger/fabric-ca-server/IssuerPublicKey IssuerSecretKeyfile:/etc/hyperledger/fabric-ca-server/msp/keystore/IssuerSecretKey RevocationPublicKeyfile:/etc/hyperledger/fabric-ca-server/IssuerRevocationPublicKey RevocationPrivateKeyfile:/etc/hyperledger/fabric-ca-server/msp/keystore/IssuerRevocationPrivateKey RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2018/10/10 14:08:34 [DEBUG] DB: Getting identity user1
2018/10/10 14:08:34 [INFO] 172.21.0.1:59522 POST /api/v1/enroll 401 23 "Failed to get user: : scode: 404, code: 63, msg: Failed to get User: sql: no rows in result set"
2018/10/10 14:08:34 [DEBUG] Received request for /api/v1/register
2018/10/10 14:08:34 [DEBUG] Caller is using a x509 certificate
2018/10/10 14:08:34 [INFO] 172.21.0.1:59524 POST /api/v1/register 401 26 "Untrusted certificate: Failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.manager.test.com")"