Merge branch 'master' into lash/ssh-4

.env.example

@@ -2,9 +2,6 @@
 PORT=7123
 HOST=127.0.0.1
 
-#AfricasTalking USSD POST endpoint
-AT_ENDPOINT=/ussd/africastalking
-
 #PostgreSQL
 DB_HOST=localhost
 DB_USER=postgres
@@ -15,7 +12,7 @@ DB_SSLMODE=disable
 DB_TIMEZONE=Africa/Nairobi
 
 #External API Calls
-CUSTODIAL_URL_BASE=http://localhost:5003
-CUSTODIAL_BEARER_TOKEN=eyJeSIsInRcCI6IkpXVCJ.yJwdWJsaWNLZXkiOiIwrrrrrr
-DATA_URL_BASE=http://localhost:5006
-DATA_BEARER_TOKEN=eyJeSIsIRcCI6IXVCJ.yJwdWJsaLZXkiOiIwrrrrrr
+CREATE_ACCOUNT_URL=http://localhost:5003/api/v2/account/create
+TRACK_STATUS_URL=https://custodial.sarafu.africa/api/track/
+BALANCE_URL=https://custodial.sarafu.africa/api/account/status/
+TRACK_URL=http://localhost:5003/api/v2/account/status

.gitignore

@@ -6,4 +6,3 @@ go.work*
 cmd/.state/
 id_*
 *.gdbm
-*.log

README.md

@@ -1,91 +1,8 @@
-# URDT USSD service
+# ussd
 
-This is a USSD service built using the [go-vise](https://github.com/nolash/go-vise) engine.
+> USSD
 
-## Prerequisites
-### 1. [go-vise](https://github.com/nolash/go-vise)
-
-Set up `go-vise` by cloning the repository into a separate directory. The main upstream repository is hosted at: `https://git.defalsify.org/vise.git`
-```
-git clone https://git.defalsify.org/vise.git
-```
-
-## Setup
-1. Clone the ussd repo in its own directory
-
-    ```
-    git clone https://git.grassecon.net/urdt/ussd.git
-    ```
-
-2. Navigate to the project directory.
-3. Enter the `services/registration` subfolder:
-    ```
-    cd services/registration
-    ```
-4. make the .bin files from the .vis files
-    ```
-    make VISE_PATH=/var/path/to/your/go-vise -B
-    ```
-5. Return to the project root (`cd ../..`)
-6. Run the USSD menu 
-    ```
-    go run cmd/main.go -session-id=0712345678
-    ```
-## Running the different binaries
-1. ### CLI: 
-    ```
-    go run cmd/main.go -session-id=0712345678
-    ```
-2. ### Africastalking: 
-    ```
-    go run cmd/africastalking/main.go
-    ```
-3. ### Async: 
-    ```
-    go run cmd/async/main.go
-    ```
-4. ### Http: 
-    ```
-    go run cmd/http/main.go
-    ```
-    
-## Flags
-Below are the supported flags:
-
-1. `-session-id`: 
-    
-    Specifies the session ID. (CLI only). 
-    
-    Default: `075xx2123`.
-
-    Example:
-    ```
-    go run cmd/main.go -session-id=0712345678
-    ```
-
-2. `-d`: 
-
-    Enables engine debug output. 
-    
-    Default: `false`.
-
-    Example:
-    ```
-    go run cmd/main.go -session-id=0712345678 -d
-    ```
-
-3. `-db`: 
-
-    Specifies the database type.
-    
-    Default: `gdbm`.
-
-    Example:
-    ```
-    go run cmd/main.go -session-id=0712345678 -d -db=postgres
-    ```
-
-    >Note: If using `-db=postgres`, ensure PostgreSQL is running with the connection details specified in your `.env` file.
+USSD service.
 
 ## License
 

cmd/africastalking/main.go

@@ -1,13 +1,9 @@
 package main
 
 import (
-	"bytes"
 	"context"
-	"encoding/json"
 	"flag"
 	"fmt"
-	"io"
-	"log"
 	"net/http"
 	"os"
 	"os/signal"
@@ -29,8 +25,8 @@ import (
 )
 
 var (
-	logg        = logging.NewVanilla()
-	scriptDir   = path.Join("services", "registration")
+	logg      = logging.NewVanilla()
+	scriptDir = path.Join("services", "registration")
 )
 
 func init() {
@@ -42,30 +38,9 @@ type atRequestParser struct{}
 func (arp *atRequestParser) GetSessionId(rq any) (string, error) {
 	rqv, ok := rq.(*http.Request)
 	if !ok {
-		log.Println("got an invalid request:", rq)
 		return "", handlers.ErrInvalidRequest
 	}
-
-	// Capture body (if any) for logging
-	body, err := io.ReadAll(rqv.Body)
-	if err != nil {
-		log.Println("failed to read request body:", err)
-		return "", fmt.Errorf("failed to read request body: %v", err)
-	}
-	// Reset the body for further reading
-	rqv.Body = io.NopCloser(bytes.NewReader(body))
-
-	// Log the body as JSON
-	bodyLog := map[string]string{"body": string(body)}
-	logBytes, err := json.Marshal(bodyLog)
-	if err != nil {
-		log.Println("failed to marshal request body:", err)
-	} else {
-		log.Println("Received request:", string(logBytes))
-	}
-
 	if err := rqv.ParseForm(); err != nil {
-		log.Println("failed to parse form data: %v", err)
 		return "", fmt.Errorf("failed to parse form data: %v", err)
 	}
 
@@ -181,13 +156,9 @@ func main() {
 	rp := &atRequestParser{}
 	bsh := handlers.NewBaseSessionHandler(cfg, rs, stateStore, userdataStore, rp, hl)
 	sh := httpserver.NewATSessionHandler(bsh)
-
-	mux := http.NewServeMux()
-	mux.Handle(initializers.GetEnv("AT_ENDPOINT", "/"), sh)
-
 	s := &http.Server{
 		Addr:    fmt.Sprintf("%s:%s", host, strconv.Itoa(int(port))),
-		Handler: mux,
+		Handler: sh,
 	}
 	s.RegisterOnShutdown(sh.Shutdown)
 

cmd/ssh/README.md

@@ -0,0 +1,34 @@
+# URDT-USSD SSH server
+
+An SSH server entry point for the vise engine.
+
+
+## Adding public keys for access
+
+Map your (client) public key to a session identifier (e.g. phone number)
+
+```
+go run -v -tags logtrace ./cmd/ssh/sshkey/main.go -i <session_id> [--dbdir <dbpath>] <client_publickey_filepath>
+```
+
+
+## Create a private key for the server
+
+```
+ssh-keygen -N "" -f <server_privatekey_filepath>
+```
+
+
+## Run the server
+
+
+```
+go run -v -tags logtrace ./cmd/ssh/main.go -h <host> -p <port> [--dbdir <dbpath>] <server_privatekey_filepath>
+```
+
+
+## Connect to the server
+
+```
+ssh [-v] -T -p <port> -i <client_publickey_filepath> <host>
+```

cmd/ssh/main.go

@@ -0,0 +1,115 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"path"
+	"os"
+	"os/signal"
+	"sync"
+	"syscall"
+
+	"git.defalsify.org/vise.git/db"
+	"git.defalsify.org/vise.git/engine"
+	"git.defalsify.org/vise.git/logging"
+
+	"git.grassecon.net/urdt/ussd/internal/ssh"
+)
+
+var (
+	wg sync.WaitGroup
+	keyStore db.Db
+	logg      = logging.NewVanilla()
+	scriptDir = path.Join("services", "registration")
+)
+
+func main() {
+	var dbDir string
+	var resourceDir string
+	var size uint
+	var engineDebug bool
+	var stateDebug bool
+	var host string
+	var port uint
+	flag.StringVar(&dbDir, "dbdir", ".state", "database dir to read from")
+	flag.StringVar(&resourceDir, "resourcedir", path.Join("services", "registration"), "resource dir")
+	flag.BoolVar(&engineDebug, "engine-debug", false, "use engine debug output")
+	flag.BoolVar(&stateDebug, "state-debug", false, "use engine debug output")
+	flag.UintVar(&size, "s", 160, "max size of output")
+	flag.StringVar(&host, "h", "127.0.0.1", "http host")
+	flag.UintVar(&port, "p", 7122, "http port")
+	flag.Parse()
+
+	sshKeyFile := flag.Arg(0)
+	_, err := os.Stat(sshKeyFile)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "cannot open ssh server private key file: %v\n", err)
+		os.Exit(1)
+	}
+
+	ctx := context.Background()
+	logg.WarnCtxf(ctx, "!!!!! WARNING WARNING WARNING")
+	logg.WarnCtxf(ctx, "!!!!! =======================")
+	logg.WarnCtxf(ctx, "!!!!! This is not a production ready server!")
+	logg.WarnCtxf(ctx, "!!!!! Do not expose to internet and only use with tunnel!")
+	logg.WarnCtxf(ctx, "!!!!! (See ssh -L <...>)")
+
+	logg.Infof("start command", "dbdir", dbDir, "resourcedir", resourceDir, "outputsize", size, "keyfile", sshKeyFile, "host", host, "port", port)
+
+	pfp := path.Join(scriptDir, "pp.csv")
+
+	cfg := engine.Config{
+		Root:       "root",
+		OutputSize: uint32(size),
+		FlagCount:  uint32(16),
+	}
+	if stateDebug {
+		cfg.StateDebug = true
+	}
+	if engineDebug {
+		cfg.EngineDebug = true
+	}
+
+	authKeyStore, err := ssh.NewSshKeyStore(ctx, dbDir)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "keystore file open error: %v", err)
+		os.Exit(1)
+	}
+	defer func () {
+		logg.TraceCtxf(ctx, "shutdown auth key store reached")
+		err = authKeyStore.Close()
+		if err != nil {
+			logg.ErrorCtxf(ctx, "keystore close error", "err", err)
+		}
+	}()
+
+	cint := make(chan os.Signal)
+	cterm := make(chan os.Signal)
+	signal.Notify(cint, os.Interrupt, syscall.SIGINT)
+	signal.Notify(cterm, os.Interrupt, syscall.SIGTERM)
+
+	runner := &ssh.SshRunner{
+		Cfg: cfg,
+		Debug: engineDebug,
+		FlagFile: pfp,
+		DbDir: dbDir,
+		ResourceDir: resourceDir,
+		SrvKeyFile: sshKeyFile,
+		Host: host,
+		Port: port,
+	}
+	go func() {
+		select {
+		case _ = <-cint:
+		case _ = <-cterm:
+		}
+		logg.TraceCtxf(ctx, "shutdown runner reached")
+		err := runner.Stop()
+		if err != nil {
+			logg.ErrorCtxf(ctx, "runner stop error", "err", err)
+		}
+		
+	}()
+	runner.Run(ctx, authKeyStore)
+}

cmd/ssh/sshkey/main.go

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+
+	"git.grassecon.net/urdt/ussd/internal/ssh"
+)
+
+func main() {
+	var dbDir string
+	var sessionId string
+	flag.StringVar(&dbDir, "dbdir", ".state", "database dir to read from")
+	flag.StringVar(&sessionId, "i", "", "session id")
+	flag.Parse()
+
+	if sessionId == "" {
+		fmt.Fprintf(os.Stderr, "empty session id\n")
+		os.Exit(1)
+	}
+
+	ctx := context.Background()
+
+	sshKeyFile := flag.Arg(0)
+	if sshKeyFile == "" {
+		fmt.Fprintf(os.Stderr, "missing key file argument\n")
+		os.Exit(1)
+	}
+
+	store, err := ssh.NewSshKeyStore(ctx, dbDir)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%v\n", err)
+		os.Exit(1)
+	}
+	defer store.Close()
+
+	err = store.AddFromFile(ctx, sshKeyFile, sessionId)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%v\n", err)
+		os.Exit(1)
+	}
+}

common/db.go

@@ -2,7 +2,6 @@ package common
 
 import (
 	"encoding/binary"
-	"errors"
 
 	"git.defalsify.org/vise.git/logging"
 )
@@ -49,23 +48,3 @@ func PackKey(typ DataTyp, data []byte) []byte {
 	v := typToBytes(typ)
 	return append(v, data...)
 }
-
-func StringToDataTyp(str string) (DataTyp, error) {
-	switch str {
-	case "DATA_FIRST_NAME":
-		return DATA_FIRST_NAME, nil
-	case "DATA_FAMILY_NAME":
-		return DATA_FAMILY_NAME, nil
-	case "DATA_YOB":
-		return DATA_YOB, nil
-	case "DATA_LOCATION":
-		return DATA_LOCATION, nil
-	case "DATA_GENDER":
-		return DATA_GENDER, nil
-	case "DATA_OFFERINGS":
-		return DATA_OFFERINGS, nil
-
-	default:
-		return 0, errors.New("invalid DataTyp string")
-	}
-}

common/vouchers.go

@@ -135,7 +135,7 @@ func GetTemporaryVoucherData(ctx context.Context, store DataStore, sessionId str
 	return data, nil
 }
 
-// UpdateVoucherData sets the active voucher data in the DataStore.
+// UpdateVoucherData sets the active voucher data and clears the temporary voucher data in the DataStore.
 func UpdateVoucherData(ctx context.Context, store DataStore, sessionId string, data *dataserviceapi.TokenHoldings) error {
 	logg.TraceCtxf(ctx, "dtal", "data", data)
 	// Active voucher data entries

config/config.go

@@ -7,30 +7,30 @@ import (
 )
 
 const (
-	createAccountPath          = "/api/v2/account/create"
-	trackStatusPath            = "/api/track"
-	balancePathPrefix          = "/api/account"
-	trackPath                  = "/api/v2/account/status"
-	voucherHoldingsPathPrefix  = "/api/v1/holdings"
+	createAccountPath = "/api/v2/account/create"
+	trackStatusPath = "/api/track"
+	balancePathPrefix = "/api/account"
+	trackPath = "/api/v2/account/status"
+	voucherHoldingsPathPrefix = "/api/v1/holdings"
 	voucherTransfersPathPrefix = "/api/v1/transfers/last10"
-	voucherDataPathPrefix      = "/api/v1/token"
+	voucherDataPathPrefix = "/api/v1/token"
 )
 
 var (
-	custodialURLBase     string
-	dataURLBase          string
-	CustodialBearerToken string
-	DataBearerToken      string
+	custodialURLBase string
+	dataURLBase string
+	CustodialAPIKey string
+	DataAPIKey string
 )
 
 var (
-	CreateAccountURL    string
-	TrackStatusURL      string
-	BalanceURL          string
-	TrackURL            string
-	VoucherHoldingsURL  string
-	VoucherTransfersURL string
-	VoucherDataURL      string
+	CreateAccountURL string
+	TrackStatusURL   string
+	BalanceURL	string
+	TrackURL         string
+	VoucherHoldingsURL	string
+	VoucherTransfersURL	string
+	VoucherDataURL	string
 )
 
 func setBase() error {
@@ -38,8 +38,8 @@ func setBase() error {
 
 	custodialURLBase = initializers.GetEnv("CUSTODIAL_URL_BASE", "http://localhost:5003")
 	dataURLBase = initializers.GetEnv("DATA_URL_BASE", "http://localhost:5006")
-	CustodialBearerToken = initializers.GetEnv("CUSTODIAL_BEARER_TOKEN", "")
-	DataBearerToken = initializers.GetEnv("DATA_BEARER_TOKEN", "")
+	CustodialAPIKey = initializers.GetEnv("CUSTODIAL_API_KEY", "xd")
+	DataAPIKey = initializers.GetEnv("DATA_API_KEY", "xd")
 
 	_, err = url.JoinPath(custodialURLBase, "/foo")
 	if err != nil {
@@ -58,7 +58,7 @@ func LoadConfig() error {
 	if err != nil {
 		return err
 	}
-	CreateAccountURL, _ = url.JoinPath(custodialURLBase, createAccountPath)
+	CreateAccountURL, _  = url.JoinPath(custodialURLBase, createAccountPath)
 	TrackStatusURL, _ = url.JoinPath(custodialURLBase, trackStatusPath)
 	BalanceURL, _ = url.JoinPath(custodialURLBase, balancePathPrefix)
 	TrackURL, _ = url.JoinPath(custodialURLBase, trackPath)

internal/handlers/handlerservice.go

@@ -115,7 +115,6 @@ func (ls *LocalHandlerService) GetHandler(accountService remote.AccountServiceIn
 	ls.DbRs.AddLocalFunc("reset_unregistered_number", ussdHandlers.ResetUnregisteredNumber)
 	ls.DbRs.AddLocalFunc("reset_others_pin", ussdHandlers.ResetOthersPin)
 	ls.DbRs.AddLocalFunc("save_others_temporary_pin", ussdHandlers.SaveOthersTemporaryPin)
-	ls.DbRs.AddLocalFunc("get_current_profile_info", ussdHandlers.GetCurrentProfileInfo)
 
 	return ussdHandlers, nil
 }

internal/handlers/ussd/menuhandler.go

@@ -161,7 +161,6 @@ func (h *Handlers) SetLanguage(ctx context.Context, sym string, input []byte) (r
 
 	languageSetFlag, err := h.flagManager.GetFlag("flag_language_set")
 	if err != nil {
-		logg.ErrorCtxf(ctx, "Error setting the languageSetFlag", "error", err)
 		return res, err
 	}
 	res.FlagSet = append(res.FlagSet, languageSetFlag)
@@ -199,6 +198,7 @@ func (h *Handlers) createAccountNoExist(ctx context.Context, sessionId string, r
 	}
 	res.FlagSet = append(res.FlagSet, flag_account_created)
 	return nil
+
 }
 
 // CreateAccount checks if any account exists on the JSON data file, and if not
@@ -215,15 +215,13 @@ func (h *Handlers) CreateAccount(ctx context.Context, sym string, input []byte)
 	_, err = store.ReadEntry(ctx, sessionId, common.DATA_ACCOUNT_CREATED)
 	if err != nil {
 		if db.IsNotFound(err) {
-			logg.InfoCtxf(ctx, "Creating an account because it doesn't exist")
+			logg.Printf(logging.LVL_INFO, "Creating an account because it doesn't exist")
 			err = h.createAccountNoExist(ctx, sessionId, &res)
 			if err != nil {
-				logg.ErrorCtxf(ctx, "failed on createAccountNoExist", "error", err)
 				return res, err
 			}
 		}
 	}
-
 	return res, nil
 }
 
@@ -237,12 +235,10 @@ func (h *Handlers) CheckPinMisMatch(ctx context.Context, sym string, input []byt
 	store := h.userdataStore
 	blockedNumber, err := store.ReadEntry(ctx, sessionId, common.DATA_BLOCKED_NUMBER)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read blockedNumber entry with", "key", common.DATA_BLOCKED_NUMBER, "error", err)
 		return res, err
 	}
 	temporaryPin, err := store.ReadEntry(ctx, string(blockedNumber), common.DATA_TEMPORARY_VALUE)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
 	if bytes.Equal(temporaryPin, input) {
@@ -295,7 +291,6 @@ func (h *Handlers) SaveTemporaryPin(ctx context.Context, sym string, input []byt
 	store := h.userdataStore
 	err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(accountPIN))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryAccountPIN entry with", "key", common.DATA_TEMPORARY_VALUE, "value", accountPIN, "error", err)
 		return res, err
 	}
 
@@ -313,14 +308,12 @@ func (h *Handlers) SaveOthersTemporaryPin(ctx context.Context, sym string, input
 	}
 	temporaryPin := string(input)
 	blockedNumber, err := store.ReadEntry(ctx, sessionId, common.DATA_BLOCKED_NUMBER)
+
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read blockedNumber entry with", "key", common.DATA_BLOCKED_NUMBER, "error", err)
 		return res, err
 	}
-
 	err = store.WriteEntry(ctx, string(blockedNumber), common.DATA_TEMPORARY_VALUE, []byte(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "value", temporaryPin, "error", err)
 		return res, err
 	}
 
@@ -338,7 +331,6 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 	store := h.userdataStore
 	temporaryPin, err := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
 	if bytes.Equal(temporaryPin, input) {
@@ -348,7 +340,6 @@ func (h *Handlers) ConfirmPinChange(ctx context.Context, sym string, input []byt
 	}
 	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
 		return res, err
 	}
 	return res, nil
@@ -371,7 +362,6 @@ func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte
 	store := h.userdataStore
 	temporaryPin, err := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
 	if bytes.Equal(input, temporaryPin) {
@@ -384,7 +374,6 @@ func (h *Handlers) VerifyCreatePin(ctx context.Context, sym string, input []byte
 
 	err = store.WriteEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write temporaryPin entry with", "key", common.DATA_ACCOUNT_PIN, "value", temporaryPin, "error", err)
 		return res, err
 	}
 
@@ -417,13 +406,11 @@ func (h *Handlers) SaveFirstname(ctx context.Context, sym string, input []byte)
 		temporaryFirstName, _ := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 		err = store.WriteEntry(ctx, sessionId, common.DATA_FIRST_NAME, []byte(temporaryFirstName))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write firstName entry with", "key", common.DATA_FIRST_NAME, "value", temporaryFirstName, "error", err)
 			return res, err
 		}
 	} else {
 		err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(firstName))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write temporaryFirstName entry with", "key", common.DATA_TEMPORARY_VALUE, "value", firstName, "error", err)
 			return res, err
 		}
 	}
@@ -450,17 +437,14 @@ func (h *Handlers) SaveFamilyname(ctx context.Context, sym string, input []byte)
 		temporaryFamilyName, _ := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 		err = store.WriteEntry(ctx, sessionId, common.DATA_FAMILY_NAME, []byte(temporaryFamilyName))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write familyName entry with", "key", common.DATA_FAMILY_NAME, "value", temporaryFamilyName, "error", err)
 			return res, err
 		}
 	} else {
 		err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(familyName))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write temporaryFamilyName entry with", "key", common.DATA_TEMPORARY_VALUE, "value", familyName, "error", err)
 			return res, err
 		}
 	}
-
 	return res, nil
 }
 
@@ -481,13 +465,11 @@ func (h *Handlers) SaveYob(ctx context.Context, sym string, input []byte) (resou
 		temporaryYob, _ := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 		err = store.WriteEntry(ctx, sessionId, common.DATA_YOB, []byte(temporaryYob))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write yob entry with", "key", common.DATA_TEMPORARY_VALUE, "value", temporaryYob, "error", err)
 			return res, err
 		}
 	} else {
 		err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(yob))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write temporaryYob entry with", "key", common.DATA_TEMPORARY_VALUE, "value", yob, "error", err)
 			return res, err
 		}
 	}
@@ -513,13 +495,11 @@ func (h *Handlers) SaveLocation(ctx context.Context, sym string, input []byte) (
 		temporaryLocation, _ := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 		err = store.WriteEntry(ctx, sessionId, common.DATA_LOCATION, []byte(temporaryLocation))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write location entry with", "key", common.DATA_LOCATION, "value", temporaryLocation, "error", err)
 			return res, err
 		}
 	} else {
 		err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(location))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write temporaryLocation entry with", "key", common.DATA_TEMPORARY_VALUE, "value", location, "error", err)
 			return res, err
 		}
 	}
@@ -545,13 +525,11 @@ func (h *Handlers) SaveGender(ctx context.Context, sym string, input []byte) (re
 		temporaryGender, _ := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 		err = store.WriteEntry(ctx, sessionId, common.DATA_GENDER, []byte(temporaryGender))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write gender entry with", "key", common.DATA_GENDER, "value", gender, "error", err)
 			return res, err
 		}
 	} else {
 		err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(gender))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write temporaryGender entry with", "key", common.DATA_TEMPORARY_VALUE, "value", gender, "error", err)
 			return res, err
 		}
 	}
@@ -578,13 +556,11 @@ func (h *Handlers) SaveOfferings(ctx context.Context, sym string, input []byte)
 		temporaryOfferings, _ := store.ReadEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE)
 		err = store.WriteEntry(ctx, sessionId, common.DATA_OFFERINGS, []byte(temporaryOfferings))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write offerings entry with", "key", common.DATA_TEMPORARY_VALUE, "value", offerings, "error", err)
 			return res, err
 		}
 	} else {
 		err = store.WriteEntry(ctx, sessionId, common.DATA_TEMPORARY_VALUE, []byte(offerings))
 		if err != nil {
-			logg.ErrorCtxf(ctx, "failed to write temporaryOfferings entry with", "key", common.DATA_TEMPORARY_VALUE, "value", offerings, "error", err)
 			return res, err
 		}
 	}
@@ -595,7 +571,9 @@ func (h *Handlers) SaveOfferings(ctx context.Context, sym string, input []byte)
 // ResetAllowUpdate resets the allowupdate flag that allows a user to update  profile data.
 func (h *Handlers) ResetAllowUpdate(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
+
 	flag_allow_update, _ := h.flagManager.GetFlag("flag_allow_update")
+
 	res.FlagReset = append(res.FlagReset, flag_allow_update)
 	return res, nil
 }
@@ -612,6 +590,7 @@ func (h *Handlers) ResetValidPin(ctx context.Context, sym string, input []byte)
 func (h *Handlers) ResetAccountAuthorized(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	flag_account_authorized, _ := h.flagManager.GetFlag("flag_account_authorized")
+
 	res.FlagReset = append(res.FlagReset, flag_account_authorized)
 	return res, nil
 }
@@ -647,7 +626,6 @@ func (h *Handlers) Authorize(ctx context.Context, sym string, input []byte) (res
 	store := h.userdataStore
 	AccountPin, err := store.ReadEntry(ctx, sessionId, common.DATA_ACCOUNT_PIN)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read AccountPin entry with", "key", common.DATA_ACCOUNT_PIN, "error", err)
 		return res, err
 	}
 	if len(input) == 4 {
@@ -695,19 +673,18 @@ func (h *Handlers) CheckAccountStatus(ctx context.Context, sym string, input []b
 	store := h.userdataStore
 	publicKey, err := store.ReadEntry(ctx, sessionId, common.DATA_PUBLIC_KEY)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read publicKey entry with", "key", common.DATA_PUBLIC_KEY, "error", err)
 		return res, err
 	}
-
 	r, err := h.accountService.TrackAccountStatus(ctx, string(publicKey))
+
 	if err != nil {
 		res.FlagSet = append(res.FlagSet, flag_api_error)
-		logg.ErrorCtxf(ctx, "failed on TrackAccountStatus", err)
 		return res, err
 	}
-
 	res.FlagReset = append(res.FlagReset, flag_api_error)
-
+	if !ok {
+		return res, err
+	}
 	if r.Active {
 		res.FlagSet = append(res.FlagSet, flag_account_success)
 		res.FlagReset = append(res.FlagReset, flag_account_pending)
@@ -715,7 +692,6 @@ func (h *Handlers) CheckAccountStatus(ctx context.Context, sym string, input []b
 		res.FlagReset = append(res.FlagReset, flag_account_success)
 		res.FlagSet = append(res.FlagSet, flag_account_pending)
 	}
-
 	return res, nil
 }
 
@@ -807,13 +783,11 @@ func (h *Handlers) CheckBalance(ctx context.Context, sym string, input []byte) (
 			return res, nil
 		}
 
-		logg.ErrorCtxf(ctx, "failed to read activeSym entry with", "key", common.DATA_ACTIVE_SYM, "error", err)
 		return res, err
 	}
 
 	activeBal, err := store.ReadEntry(ctx, sessionId, common.DATA_ACTIVE_BAL)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read activeBal entry with", "key", common.DATA_ACTIVE_BAL, "error", err)
 		return res, err
 	}
 
@@ -837,7 +811,6 @@ func (h *Handlers) FetchCustodialBalances(ctx context.Context, sym string, input
 	store := h.userdataStore
 	publicKey, err := store.ReadEntry(ctx, sessionId, common.DATA_PUBLIC_KEY)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read publicKey entry with", "key", common.DATA_PUBLIC_KEY, "error", err)
 		return res, err
 	}
 
@@ -870,19 +843,16 @@ func (h *Handlers) ResetOthersPin(ctx context.Context, sym string, input []byte)
 	}
 	blockedPhonenumber, err := store.ReadEntry(ctx, sessionId, common.DATA_BLOCKED_NUMBER)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read blockedPhonenumber entry with", "key", common.DATA_BLOCKED_NUMBER, "error", err)
 		return res, err
 	}
 	temporaryPin, err := store.ReadEntry(ctx, string(blockedPhonenumber), common.DATA_TEMPORARY_VALUE)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read temporaryPin entry with", "key", common.DATA_TEMPORARY_VALUE, "error", err)
 		return res, err
 	}
 	err = store.WriteEntry(ctx, string(blockedPhonenumber), common.DATA_ACCOUNT_PIN, []byte(temporaryPin))
 	if err != nil {
 		return res, nil
 	}
-
 	return res, nil
 }
 
@@ -911,11 +881,10 @@ func (h *Handlers) ValidateBlockedNumber(ctx context.Context, sym string, input
 	}
 	if err != nil {
 		if db.IsNotFound(err) {
-			logg.InfoCtxf(ctx, "Invalid or unregistered number")
+			logg.Printf(logging.LVL_INFO, "Invalid or unregistered number")
 			res.FlagSet = append(res.FlagSet, flag_unregistered_number)
 			return res, nil
 		} else {
-			logg.ErrorCtxf(ctx, "Error on ValidateBlockedNumber", "error", err)
 			return res, err
 		}
 	}
@@ -1023,7 +992,6 @@ func (h *Handlers) MaxAmount(ctx context.Context, sym string, input []byte) (res
 
 	activeBal, err := store.ReadEntry(ctx, sessionId, common.DATA_ACTIVE_BAL)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read activeBal entry with", "key", common.DATA_ACTIVE_BAL, "error", err)
 		return res, err
 	}
 
@@ -1049,12 +1017,10 @@ func (h *Handlers) ValidateAmount(ctx context.Context, sym string, input []byte)
 	// retrieve the active balance
 	activeBal, err := store.ReadEntry(ctx, sessionId, common.DATA_ACTIVE_BAL)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read activeBal entry with", "key", common.DATA_ACTIVE_BAL, "error", err)
 		return res, err
 	}
 	balanceValue, err = strconv.ParseFloat(string(activeBal), 64)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "Failed to convert the activeBal to a float", "error", err)
 		return res, err
 	}
 
@@ -1077,11 +1043,10 @@ func (h *Handlers) ValidateAmount(ctx context.Context, sym string, input []byte)
 	formattedAmount := fmt.Sprintf("%.2f", inputAmount)
 	err = store.WriteEntry(ctx, sessionId, common.DATA_AMOUNT, []byte(formattedAmount))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to write amount entry with", "key", common.DATA_AMOUNT, "value", formattedAmount, "error", err)
 		return res, err
 	}
 
-	res.Content = formattedAmount
+	res.Content = fmt.Sprintf("%s", formattedAmount)
 	return res, nil
 }
 
@@ -1144,7 +1109,6 @@ func (h *Handlers) GetAmount(ctx context.Context, sym string, input []byte) (res
 	// retrieve the active symbol
 	activeSym, err := store.ReadEntry(ctx, sessionId, common.DATA_ACTIVE_SYM)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read activeSym entry with", "key", common.DATA_ACTIVE_SYM, "error", err)
 		return res, err
 	}
 
@@ -1182,7 +1146,6 @@ func (h *Handlers) InitiateTransaction(ctx context.Context, sym string, input []
 
 	account_authorized_flag, err := h.flagManager.GetFlag("flag_account_authorized")
 	if err != nil {
-		logg.ErrorCtxf(ctx, "Failed to set the flag_account_authorized", "error", err)
 		return res, err
 	}
 
@@ -1190,101 +1153,6 @@ func (h *Handlers) InitiateTransaction(ctx context.Context, sym string, input []
 	return res, nil
 }
 
-func (h *Handlers) GetCurrentProfileInfo(ctx context.Context, sym string, input []byte) (resource.Result, error) {
-	var res resource.Result
-	var profileInfo []byte
-	var err error
-	sessionId, ok := ctx.Value("SessionId").(string)
-	if !ok {
-		return res, fmt.Errorf("missing session")
-	}
-	sm, _ := h.st.Where()
-	parts := strings.SplitN(sm, "_", 2)
-	filename := parts[1]
-	dbKeyStr := "DATA_" + strings.ToUpper(filename)
-	dbKey, err := common.StringToDataTyp(dbKeyStr)
-
-	if err != nil {
-		return res, err
-	}
-	store := h.userdataStore
-
-	switch dbKey {
-	case common.DATA_FIRST_NAME:
-		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_FIRST_NAME)
-		if err != nil {
-			if db.IsNotFound(err) {
-				res.Content = "Not provided"
-				break
-			}
-			logg.ErrorCtxf(ctx, "Failed to read first name entry with", "key", "error", common.DATA_FIRST_NAME, err)
-			return res, err
-		}
-		res.Content = string(profileInfo)
-	case common.DATA_FAMILY_NAME:
-		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_FAMILY_NAME)
-		if err != nil {
-			if db.IsNotFound(err) {
-				res.Content = "Not provided"
-				break
-			}
-			logg.ErrorCtxf(ctx, "Failed to read family name entry with", "key", "error", common.DATA_FAMILY_NAME, err)
-			return res, err
-		}
-		res.Content = string(profileInfo)
-
-	case common.DATA_GENDER:
-		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_GENDER)
-		if err != nil {
-			if db.IsNotFound(err) {
-				res.Content = "Not provided"
-				break
-			}
-			logg.ErrorCtxf(ctx, "Failed to read gender entry with", "key", "error", common.DATA_GENDER, err)
-			return res, err
-		}
-		res.Content = string(profileInfo)
-	case common.DATA_YOB:
-		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_YOB)
-		if err != nil {
-			if db.IsNotFound(err) {
-				res.Content = "Not provided"
-				break
-			}
-			logg.ErrorCtxf(ctx, "Failed to read year of birth(yob) entry with", "key", "error", common.DATA_YOB, err)
-			return res, err
-		}
-		res.Content = string(profileInfo)
-
-	case common.DATA_LOCATION:
-		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_LOCATION)
-		if err != nil {
-			if db.IsNotFound(err) {
-				res.Content = "Not provided"
-				break
-			}
-			logg.ErrorCtxf(ctx, "Failed to read location entry with", "key", "error", common.DATA_LOCATION, err)
-			return res, err
-		}
-		res.Content = string(profileInfo)
-	case common.DATA_OFFERINGS:
-		profileInfo, err = store.ReadEntry(ctx, sessionId, common.DATA_OFFERINGS)
-		if err != nil {
-			if db.IsNotFound(err) {
-				res.Content = "Not provided"
-				break
-			}
-			logg.ErrorCtxf(ctx, "Failed to read offerings entry with", "key", "error", common.DATA_OFFERINGS, err)
-			return res, err
-		}
-		res.Content = string(profileInfo)
-	default:
-		break
-	}
-
-	return res, nil
-}
-
 func (h *Handlers) GetProfileInfo(ctx context.Context, sym string, input []byte) (resource.Result, error) {
 	var res resource.Result
 	var defaultValue string
@@ -1380,15 +1248,13 @@ func (h *Handlers) SetDefaultVoucher(ctx context.Context, sym string, input []by
 		if db.IsNotFound(err) {
 			publicKey, err := store.ReadEntry(ctx, sessionId, common.DATA_PUBLIC_KEY)
 			if err != nil {
-				logg.ErrorCtxf(ctx, "failed to read publicKey entry with", "key", common.DATA_PUBLIC_KEY, "error", err)
 				return res, err
 			}
 
 			// Fetch vouchers from the API using the public key
 			vouchersResp, err := h.accountService.FetchVouchers(ctx, string(publicKey))
 			if err != nil {
-				res.FlagSet = append(res.FlagSet, flag_no_active_voucher)
-				return res, nil
+				return res, err
 			}
 
 			// Return if there is no voucher
@@ -1405,20 +1271,17 @@ func (h *Handlers) SetDefaultVoucher(ctx context.Context, sym string, input []by
 			// set the active symbol
 			err = store.WriteEntry(ctx, sessionId, common.DATA_ACTIVE_SYM, []byte(defaultSym))
 			if err != nil {
-				logg.ErrorCtxf(ctx, "failed to write defaultSym entry with", "key", common.DATA_ACTIVE_SYM, "value", defaultSym, "error", err)
 				return res, err
 			}
 			// set the active balance
 			err = store.WriteEntry(ctx, sessionId, common.DATA_ACTIVE_BAL, []byte(defaultBal))
 			if err != nil {
-				logg.ErrorCtxf(ctx, "failed to write defaultBal entry with", "key", common.DATA_ACTIVE_BAL, "value", defaultBal, "error", err)
 				return res, err
 			}
 
 			return res, nil
 		}
 
-		logg.ErrorCtxf(ctx, "failed to read activeSym entry with", "key", common.DATA_ACTIVE_SYM, "error", err)
 		return res, err
 	}
 
@@ -1439,8 +1302,7 @@ func (h *Handlers) CheckVouchers(ctx context.Context, sym string, input []byte)
 	store := h.userdataStore
 	publicKey, err := store.ReadEntry(ctx, sessionId, common.DATA_PUBLIC_KEY)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed to read publicKey entry with", "key", common.DATA_PUBLIC_KEY, "error", err)
-		return res, err
+		return res, nil
 	}
 
 	// Fetch vouchers from the API using the public key
@@ -1475,7 +1337,6 @@ func (h *Handlers) GetVoucherList(ctx context.Context, sym string, input []byte)
 	// Read vouchers from the store
 	voucherData, err := h.prefixDb.Get(ctx, []byte("sym"))
 	if err != nil {
-		logg.ErrorCtxf(ctx, "Failed to read the voucherData from prefixDb", "error", err)
 		return res, err
 	}
 
@@ -1511,7 +1372,6 @@ func (h *Handlers) ViewVoucher(ctx context.Context, sym string, input []byte) (r
 	}
 
 	if err := common.StoreTemporaryVoucher(ctx, h.userdataStore, sessionId, metadata); err != nil {
-		logg.ErrorCtxf(ctx, "failed on StoreTemporaryVoucher", "error", err)
 		return res, err
 	}
 
@@ -1533,13 +1393,11 @@ func (h *Handlers) SetVoucher(ctx context.Context, sym string, input []byte) (re
 	// Get temporary data
 	tempData, err := common.GetTemporaryVoucherData(ctx, h.userdataStore, sessionId)
 	if err != nil {
-		logg.ErrorCtxf(ctx, "failed on GetTemporaryVoucherData", "error", err)
 		return res, err
 	}
 
 	// Set as active and clear temporary data
 	if err := common.UpdateVoucherData(ctx, h.userdataStore, sessionId, tempData); err != nil {
-		logg.ErrorCtxf(ctx, "failed on UpdateVoucherData", "error", err)
 		return res, err
 	}
 

internal/ssh/keystore.go

@@ -0,0 +1,64 @@
+package ssh
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path"
+
+	"golang.org/x/crypto/ssh"
+
+	"git.defalsify.org/vise.git/db"
+
+	"git.grassecon.net/urdt/ussd/internal/storage"
+)
+
+type SshKeyStore struct {
+	store db.Db
+}
+
+func NewSshKeyStore(ctx context.Context, dbDir string) (*SshKeyStore, error) {
+	keyStore := &SshKeyStore{}
+	keyStoreFile := path.Join(dbDir, "ssh_authorized_keys.gdbm")
+	keyStore.store = storage.NewThreadGdbmDb()
+	err := keyStore.store.Connect(ctx, keyStoreFile)
+	if err != nil {
+		return nil, err
+	}
+	return keyStore, nil
+}
+
+func(s *SshKeyStore) AddFromFile(ctx context.Context, fp string, sessionId string) error {
+	_, err := os.Stat(fp)
+	if err != nil {
+		return fmt.Errorf("cannot open ssh server public key file: %v\n", err)
+	}
+
+	publicBytes, err := os.ReadFile(fp)
+	if err != nil {
+		return fmt.Errorf("Failed to load public key: %v", err)
+	}
+	pubKey, _, _, _, err := ssh.ParseAuthorizedKey(publicBytes)
+	if err != nil {
+		return fmt.Errorf("Failed to parse public key: %v", err)
+	}
+	k := append([]byte{0x01}, pubKey.Marshal()...)
+	s.store.SetPrefix(storage.DATATYPE_EXTEND)
+	logg.Infof("Added key", "sessionId", sessionId, "public key", string(publicBytes))
+	return s.store.Put(ctx, k, []byte(sessionId))
+}
+
+func(s *SshKeyStore) Get(ctx context.Context, pubKey ssh.PublicKey) (string, error) {
+	s.store.SetLanguage(nil)
+	s.store.SetPrefix(storage.DATATYPE_EXTEND)
+	k := append([]byte{0x01}, pubKey.Marshal()...)
+	v, err := s.store.Get(ctx, k)
+	if err != nil {
+		return "", err
+	}
+	return string(v), nil
+}
+
+func(s *SshKeyStore) Close() error {
+	return s.store.Close()
+}

internal/ssh/ssh.go

@@ -0,0 +1,284 @@
+package ssh
+
+import (
+	"context"
+	"encoding/hex"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"sync"
+
+	"golang.org/x/crypto/ssh"
+
+	"git.defalsify.org/vise.git/engine"
+	"git.defalsify.org/vise.git/logging"
+	"git.defalsify.org/vise.git/resource"
+	"git.defalsify.org/vise.git/state"
+
+	"git.grassecon.net/urdt/ussd/internal/handlers"
+	"git.grassecon.net/urdt/ussd/internal/storage"
+)
+
+var (
+	logg = logging.NewVanilla().WithDomain("ssh")
+)
+
+type auther struct {
+	Ctx context.Context
+	keyStore *SshKeyStore
+	auth map[string]string
+}
+
+func NewAuther(ctx context.Context, keyStore *SshKeyStore) *auther {
+	return &auther{
+		Ctx: ctx,
+		keyStore: keyStore,
+		auth: make(map[string]string),
+	}
+}
+
+func(a *auther) Check(conn ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
+	va, err := a.keyStore.Get(a.Ctx, pubKey)
+	if err != nil {
+		return nil, err
+	}
+	ka := hex.EncodeToString(conn.SessionID())
+	a.auth[ka] = va 
+	fmt.Fprintf(os.Stderr, "connect: %s -> %s\n", ka, va)
+	return nil, nil
+}
+
+func(a *auther) FromConn(c *ssh.ServerConn) (string, error) {
+	if c == nil {
+		return "", errors.New("nil server conn")
+	}
+	if c.Conn == nil {
+		return "", errors.New("nil underlying conn")
+	}
+	return a.Get(c.Conn.SessionID())
+}
+
+
+func(a *auther) Get(k []byte) (string, error) {
+	ka := hex.EncodeToString(k)
+	v, ok := a.auth[ka]
+	if !ok {
+		return "", errors.New("not found")
+	}
+	return v, nil
+}
+
+func(s *SshRunner) serve(ctx context.Context, sessionId string, ch ssh.NewChannel, en engine.Engine) error {
+	if ch == nil {
+		return errors.New("nil channel")
+	}
+	if ch.ChannelType() != "session" {
+		ch.Reject(ssh.UnknownChannelType, "that is not the channel you are looking for")
+		return errors.New("not a session")
+	}
+	channel, requests, err := ch.Accept()
+	if err != nil {
+		panic(err)
+	}
+	defer channel.Close()
+	s.wg.Add(1)
+	go func(reqIn <-chan *ssh.Request) {
+		defer s.wg.Done()
+		for req := range reqIn {
+			req.Reply(req.Type == "shell", nil)	
+		}
+		_ = requests
+	}(requests)
+
+	cont, err := en.Exec(ctx, []byte{})
+	if err != nil {
+		return fmt.Errorf("initial engine exec err: %v", err)
+	}
+
+	var input [state.INPUT_LIMIT]byte
+	for cont {
+		c, err := en.Flush(ctx, channel)
+		if err != nil {
+			return fmt.Errorf("flush err: %v", err)
+		}
+		_, err = channel.Write([]byte{0x0a})
+		if err != nil {
+			return fmt.Errorf("newline err: %v", err)
+		}
+		c, err = channel.Read(input[:])
+		if err != nil {
+			return fmt.Errorf("read input fail: %v", err)
+		}
+		logg.TraceCtxf(ctx, "input read", "c", c, "input", input[:c-1])
+		cont, err = en.Exec(ctx, input[:c-1])
+		if err != nil {
+			return fmt.Errorf("engine exec err: %v", err)
+		}
+		logg.TraceCtxf(ctx, "exec cont", "cont", cont, "en", en)
+		_ = c
+	}
+	c, err := en.Flush(ctx, channel)
+	if err != nil {
+		return fmt.Errorf("last flush err: %v", err)
+	}
+	_ = c
+	return nil
+}
+
+type SshRunner struct {
+	Ctx context.Context
+	Cfg engine.Config
+	FlagFile string
+	DbDir string
+	ResourceDir string
+	Debug bool
+	SrvKeyFile string
+	Host string
+	Port uint
+	wg sync.WaitGroup
+	lst net.Listener
+}
+
+func(s *SshRunner) Stop() error {
+	return s.lst.Close()
+}
+
+func(s *SshRunner) GetEngine(sessionId string) (engine.Engine, func(), error) {
+	ctx := s.Ctx
+	menuStorageService := storage.NewMenuStorageService(s.DbDir, s.ResourceDir)
+
+	err := menuStorageService.EnsureDbDir()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	rs, err := menuStorageService.GetResource(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe, err := menuStorageService.GetPersister(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	userdatastore, err := menuStorageService.GetUserdataDb(ctx)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	dbResource, ok := rs.(*resource.DbResource)
+	if !ok {
+		return nil, nil, err
+	}
+
+	lhs, err := handlers.NewLocalHandlerService(s.FlagFile, true, dbResource, s.Cfg, rs)
+	lhs.SetDataStore(&userdatastore)
+	lhs.SetPersister(pe)
+	lhs.Cfg.SessionId = sessionId
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	hl, err := lhs.GetHandler()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	en := lhs.GetEngine()
+	en = en.WithFirst(hl.Init)
+	if s.Debug {
+		en = en.WithDebug(nil)
+	}
+	// TODO: this is getting very hacky!
+	closer := func() {
+		err := menuStorageService.Close()
+		if err != nil {
+			logg.ErrorCtxf(ctx, "menu storage service cleanup fail", "err", err)
+		}
+	}
+	return en, closer, nil
+}
+
+// adapted example from crypto/ssh package, NewServerConn doc
+func(s *SshRunner) Run(ctx context.Context, keyStore *SshKeyStore) {
+	running := true
+
+	// TODO: waitgroup should probably not be global
+	defer s.wg.Wait()
+
+	auth := NewAuther(ctx, keyStore)
+	cfg := ssh.ServerConfig{
+		PublicKeyCallback: auth.Check,
+	}
+
+	privateBytes, err := os.ReadFile(s.SrvKeyFile)
+	if err != nil {
+		logg.ErrorCtxf(ctx, "Failed to load private key", "err", err)
+	}
+	private, err := ssh.ParsePrivateKey(privateBytes)
+	if err != nil {
+		logg.ErrorCtxf(ctx, "Failed to parse private key", "err", err)
+	}
+	srvPub := private.PublicKey()
+	srvPubStr := base64.StdEncoding.EncodeToString(srvPub.Marshal())
+	logg.InfoCtxf(ctx, "have server key", "type", srvPub.Type(), "public", srvPubStr)
+	cfg.AddHostKey(private)
+
+	s.lst, err = net.Listen("tcp", fmt.Sprintf("%s:%d", s.Host, s.Port))
+	if err != nil {
+		panic(err)
+	}
+
+	for running {
+		conn, err := s.lst.Accept()
+		if err != nil {
+			logg.ErrorCtxf(ctx, "ssh accept error", "err", err)
+			running = false
+			continue
+		}
+
+		go func(conn net.Conn) {
+			defer conn.Close()
+			for true {
+				srvConn, nC, rC, err := ssh.NewServerConn(conn, &cfg)
+				if err != nil {
+					logg.InfoCtxf(ctx, "rejected client", "err", err)
+					return
+				}
+				logg.DebugCtxf(ctx, "ssh client connected", "conn", srvConn)
+
+				s.wg.Add(1)
+				go func() {
+					ssh.DiscardRequests(rC)
+					s.wg.Done()
+				}()
+				
+				sessionId, err := auth.FromConn(srvConn)
+				if err != nil {
+					logg.ErrorCtxf(ctx, "Cannot find authentication")
+					return
+				}
+				en, closer, err := s.GetEngine(sessionId)
+				if err != nil {
+					logg.ErrorCtxf(ctx, "engine won't start", "err", err)
+					return
+				}
+				defer func() {
+					err := en.Finish()
+					if err != nil {
+						logg.ErrorCtxf(ctx, "engine won't stop", "err", err)
+					}
+					closer()
+				}()
+				for ch := range nC {
+					err = s.serve(ctx, sessionId, ch, en)
+					logg.ErrorCtxf(ctx, "ssh server finish", "err", err)
+				}
+			}
+		}(conn)
+	}
+}

internal/storage/storage.go

@@ -5,6 +5,10 @@ import (
 	"git.defalsify.org/vise.git/persist"
 )
 
+const (
+	DATATYPE_EXTEND = 128
+)
+
 type Storage struct {
 	Persister *persist.Persister
 	UserdataDb db.Db	

menutraversal_test/group_test.json

@@ -54,7 +54,7 @@
                 },
                 {
                     "input": "1235",
-                    "expectedContent": "Incorrect pin\n1:Retry\n9:Quit"
+                    "expectedContent": "Incorrect pin\n1:retry\n9:Quit"
                 },
                 {
                     "input": "1",
@@ -95,7 +95,7 @@
                 },
                 {
                     "input": "1235",
-                    "expectedContent": "Incorrect pin\n1:Retry\n9:Quit"
+                    "expectedContent": "Incorrect pin\n1:retry\n9:Quit"
                 },
                 {
                     "input": "1",
@@ -141,7 +141,7 @@
                 },
                 {
                     "input": "1235",
-                    "expectedContent": "Incorrect pin\n1:Retry\n9:Quit"
+                    "expectedContent": "Incorrect pin\n1:retry\n9:Quit"
                 },
                 {
                     "input": "1",

menutraversal_test/test_setup.json

@@ -23,7 +23,7 @@
                     },
                     {
                         "input": "1111",
-                        "expectedContent": "The PIN is not a match. Try again\n1:Retry\n9:Quit"
+                        "expectedContent": "The PIN is not a match. Try again\n1:retry\n9:Quit"
                     },
                     {
                         "input": "1",
@@ -65,7 +65,7 @@
                     },
                     {
                         "input": "000",
-                        "expectedContent": "000 is not registered or invalid, please try again:\n1:Retry\n9:Quit"
+                        "expectedContent": "000 is not registered or invalid, please try again:\n1:retry\n9:Quit"
                     },
                     {
                         "input": "1",
@@ -77,7 +77,7 @@
                     },
                     {
                         "input": "10000000",
-                        "expectedContent": "Amount 10000000 is invalid, please try again:\n1:Retry\n9:Quit"
+                        "expectedContent": "Amount 10000000 is invalid, please try again:\n1:retry\n9:Quit"
                     },
                     {
                         "input": "1",
@@ -89,7 +89,7 @@
                     },
                     {
                         "input": "1222",
-                        "expectedContent": "Incorrect pin\n1:Retry\n9:Quit"
+                        "expectedContent": "Incorrect pin\n1:retry\n9:Quit"
                     },
                     {
                         "input": "1",
@@ -140,7 +140,7 @@
                     },
                     {
                         "input": "6",
-                        "expectedContent": "Address: {public_key}\n0:Back\n9:Quit"
+                        "expectedContent": "Address: {public_key}\n9:Quit"
                     },
                     {
                         "input": "9",

remote/accountservice.go

@@ -1,19 +1,20 @@
 package remote
 
 import (
-	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
 	"io"
-	"log"
 	"net/http"
 	"net/url"
 
+	dataserviceapi "github.com/grassrootseconomics/ussd-data-service/pkg/api"
+	"github.com/grassrootseconomics/eth-custodial/pkg/api"
 	"git.grassecon.net/urdt/ussd/config"
 	"git.grassecon.net/urdt/ussd/models"
-	"github.com/grassrootseconomics/eth-custodial/pkg/api"
-	dataserviceapi "github.com/grassrootseconomics/ussd-data-service/pkg/api"
+)
+
+var (
 )
 
 type AccountServiceInterface interface {
@@ -50,7 +51,7 @@ func (as *AccountService) TrackAccountStatus(ctx context.Context, publicKey stri
 		return nil, err
 	}
 
-	_, err = doCustodialRequest(ctx, req, &r)
+	_, err =  doCustodialRequest(ctx, req, &r)
 	if err != nil {
 		return nil, err
 	}
@@ -78,6 +79,7 @@ func (as *AccountService) CheckBalance(ctx context.Context, publicKey string) (*
 	return &balanceResult, err
 }
 
+
 // CreateAccount creates a new account in the custodial system.
 // Returns:
 //   - *models.AccountResponse: A pointer to an AccountResponse struct containing the details of the created account.
@@ -91,7 +93,8 @@ func (as *AccountService) CreateAccount(ctx context.Context) (*models.AccountRes
 	if err != nil {
 		return nil, err
 	}
-	_, err = doCustodialRequest(ctx, req, &r)
+
+	_, err =  doCustodialRequest(ctx, req, &r)
 	if err != nil {
 		return nil, err
 	}
@@ -115,7 +118,7 @@ func (as *AccountService) FetchVouchers(ctx context.Context, publicKey string) (
 		return nil, err
 	}
 
-	_, err = doDataRequest(ctx, req, r)
+	_, err =  doDataRequest(ctx, req, r)
 	if err != nil {
 		return nil, err
 	}
@@ -123,6 +126,7 @@ func (as *AccountService) FetchVouchers(ctx context.Context, publicKey string) (
 	return r, nil
 }
 
+
 // FetchTransactions retrieves the last 10 transactions for a given public key from the data indexer API endpoint
 // Parameters:
 //   - publicKey: The public key associated with the account.
@@ -139,7 +143,7 @@ func (as *AccountService) FetchTransactions(ctx context.Context, publicKey strin
 		return nil, err
 	}
 
-	_, err = doDataRequest(ctx, req, r)
+	_, err =  doDataRequest(ctx, req, r)
 	if err != nil {
 		return nil, err
 	}
@@ -147,6 +151,7 @@ func (as *AccountService) FetchTransactions(ctx context.Context, publicKey strin
 	return r, nil
 }
 
+
 // VoucherData retrieves voucher metadata from the data indexer API endpoint.
 // Parameters:
 //   - address: The voucher address.
@@ -168,18 +173,17 @@ func (as *AccountService) VoucherData(ctx context.Context, address string) (*mod
 }
 
 func doRequest(ctx context.Context, req *http.Request, rcpt any) (*api.OKResponse, error) {
-	var okResponse api.OKResponse
+	var okResponse  api.OKResponse
 	var errResponse api.ErrResponse
+
 	req.Header.Set("Content-Type", "application/json")
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
-		log.Printf("Failed to make %s request to endpoint: %s with reason: %s", req.Method, req.URL, err.Error())
 		errResponse.Description = err.Error()
 		return nil, err
 	}
 	defer resp.Body.Close()
 
-	log.Printf("Received response for %s: Status Code: %d | Content-Type: %s", req.URL, resp.StatusCode, resp.Header.Get("Content-Type"))
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
@@ -198,6 +202,7 @@ func doRequest(ctx context.Context, req *http.Request, rcpt any) (*api.OKRespons
 	if len(okResponse.Result) == 0 {
 		return nil, errors.New("Empty api result")
 	}
+	return &okResponse, nil
 
 	v, err := json.Marshal(okResponse.Result)
 	if err != nil {
@@ -209,30 +214,11 @@ func doRequest(ctx context.Context, req *http.Request, rcpt any) (*api.OKRespons
 }
 
 func doCustodialRequest(ctx context.Context, req *http.Request, rcpt any) (*api.OKResponse, error) {
-	req.Header.Set("Authorization", "Bearer "+config.CustodialBearerToken)
-	logRequestDetails(req)
+	req.Header.Set("X-GE-KEY", config.CustodialAPIKey)
 	return doRequest(ctx, req, rcpt)
 }
 
 func doDataRequest(ctx context.Context, req *http.Request, rcpt any) (*api.OKResponse, error) {
-	req.Header.Set("Authorization", "Bearer "+config.DataBearerToken)
-	logRequestDetails(req)
+	req.Header.Set("X-GE-KEY", config.DataAPIKey)
 	return doRequest(ctx, req, rcpt)
 }
-
-func logRequestDetails(req *http.Request) {
-	var bodyBytes []byte
-	contentType := req.Header.Get("Content-Type")
-	if req.Body != nil {
-		bodyBytes, err := io.ReadAll(req.Body)
-		if err != nil {
-			log.Printf("Error reading request body: %s", err)
-			return
-		}
-		req.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-	} else {
-		bodyBytes = []byte("-")
-	}
-
-	log.Printf("URL: %s | Content-Type: %s | Method: %s| Request Body: %s", req.URL, contentType, req.Method, string(bodyBytes))
-}

services/registration/address.vis

@@ -1,8 +1,6 @@
 LOAD check_identifier 0
 RELOAD check_identifier
 MAP check_identifier
-MOUT back 0
 MOUT quit 9
 HALT
-INCMP _ 0
 INCMP quit 9

services/registration/address_swa

@@ -1 +0,0 @@
-Anwani:{{.check_identifier}}

services/registration/api_failure.vis

@@ -1,5 +1,5 @@
-MOUT retry 1
+MOUT retry 0
 MOUT quit 9
 HALT
-INCMP _ 1
+INCMP _ 0
 INCMP quit 9

services/registration/confirm_others_new_pin_swa

@@ -1 +0,0 @@
-Tafadhali thibitisha PIN mpya ya: {{.retrieve_blocked_number}}

services/registration/edit_family_name

@@ -1,2 +0,0 @@
-Current family name: {{.get_current_profile_info}}
-Enter family name:

services/registration/edit_family_name_swa

@@ -1,2 +0,0 @@
-Jina la familia la sasa: {{.get_current_profile_info}}
-Weka jina la familia

services/registration/edit_first_name

@@ -1,2 +0,0 @@
-Current name: {{.get_current_profile_info}}
-Enter your first names:

services/registration/edit_first_name_swa

@@ -1,2 +0,0 @@
-Jina la kwanza la sasa {{.get_current_profile_info}}
-Weka majina yako ya kwanza:

services/registration/edit_location

@@ -1,2 +0,0 @@
-Current location: {{.get_current_profile_info}}
-Enter your location:

services/registration/edit_location_swa

@@ -1,2 +0,0 @@
-Eneo la sasa {{.get_current_profile_info}}
-Weka eneo:

services/registration/edit_offerings

@@ -1,2 +0,0 @@
-Current offerings: {{.get_current_profile_info}}
-Enter the services or goods you offer: 

services/registration/edit_offerings_swa

@@ -1,2 +0,0 @@
-Unachouza kwa sasa: {{.get_current_profile_info}}
-Weka unachouza

services/registration/edit_profile.vis

@@ -2,8 +2,8 @@ LOAD reset_account_authorized 16
 RELOAD reset_account_authorized
 LOAD reset_allow_update 0
 RELOAD reset_allow_update
-MOUT edit_first_name 1
-MOUT edit_family_name 2
+MOUT edit_name 1
+MOUT edit_familyname 2
 MOUT edit_gender 3
 MOUT edit_yob 4
 MOUT edit_location 5
@@ -12,10 +12,10 @@ MOUT view 7
 MOUT back 0
 HALT
 INCMP my_account 0
-INCMP edit_first_name 1
-INCMP edit_family_name 2
+INCMP enter_name 1
+INCMP enter_familyname 2
 INCMP select_gender 3
-INCMP edit_yob 4
-INCMP edit_location 5
-INCMP edit_offerings 6
+INCMP enter_yob 4
+INCMP enter_location 5
+INCMP enter_offerings 6
 INCMP view_profile 7

services/registration/edit_yob

@@ -1,2 +0,0 @@
-Current year of birth: {{.get_current_profile_info}}
-Enter your year of birth

services/registration/edit_yob_swa

@@ -1,2 +0,0 @@
-Mwaka wa sasa wa kuzaliwa {{.get_current_profile_info}}
-Weka mwaka wa kuzaliwa

services/registration/enter_familyname

@@ -0,0 +1 @@
+Enter family name:

services/registration/enter_familyname.vis

@@ -1,7 +1,5 @@
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH update_familyname flag_allow_update 1
-LOAD get_current_profile_info 0
-RELOAD get_current_profile_info
 MOUT back 0
 HALT
 LOAD save_familyname 0

services/registration/enter_familyname_swa

@@ -0,0 +1 @@
+Weka jina la familia

services/registration/enter_location

@@ -0,0 +1 @@
+Enter your location:

services/registration/enter_location.vis

@@ -1,7 +1,5 @@
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH update_location flag_allow_update 1
-LOAD get_current_profile_info 0
-RELOAD get_current_profile_info
 MOUT back 0
 HALT
 LOAD save_location 0

services/registration/enter_location_swa

@@ -0,0 +1 @@
+Weka eneo:

services/registration/enter_name

@@ -0,0 +1 @@
+Enter your first names:

services/registration/enter_name.vis

@@ -1,8 +1,5 @@
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH update_firstname flag_allow_update 1
-LOAD get_current_profile_info 0
-RELOAD get_current_profile_info
-MAP get_current_profile_info
 MOUT back 0
 HALT
 LOAD save_firstname 0

services/registration/enter_name_swa

@@ -0,0 +1 @@
+Weka majina yako ya kwanza:

services/registration/enter_offerings

@@ -0,0 +1 @@
+Enter the services or goods you offer: 

services/registration/enter_offerings.vis

@@ -1,7 +1,5 @@
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH update_offerings flag_allow_update 1
-LOAD get_current_profile_info 0
-RELOAD get_current_profile_info
 LOAD save_offerings 0
 MOUT back 0
 HALT

services/registration/enter_offerings_swa

@@ -0,0 +1 @@
+Weka unachouza

services/registration/enter_other_number_swa

@@ -1 +0,0 @@
-Weka nambari ya simu ili kutuma ombi la kubadilisha nambari ya siri:

services/registration/enter_others_new_pin_swa

@@ -1 +0,0 @@
-Tafadhali weka PIN mpya ya: {{.retrieve_blocked_number}}

services/registration/enter_yob

@@ -0,0 +1 @@
+Enter your year of birth

services/registration/enter_yob.vis

@@ -1,12 +1,8 @@
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH update_yob flag_allow_update 1
-LOAD get_current_profile_info 0
-RELOAD get_current_profile_info
-MAP get_current_profile_info
 MOUT back 0
 HALT
-LOAD verify_yob 6
-RELOAD verify_yob
+LOAD verify_yob 0
 CATCH incorrect_date_format flag_incorrect_date_format 1
 LOAD save_yob 0
 RELOAD save_yob

services/registration/enter_yob_swa

@@ -0,0 +1 @@
+Weka mwaka wa kuzaliwa

services/registration/incorrect_date_format.vis

@@ -2,5 +2,5 @@ LOAD reset_incorrect_date_format 8
 MOUT retry 1
 MOUT quit 9
 HALT
-INCMP _ 1
+INCMP enter_yob 1
 INCMP quit 9

services/registration/no_admin_privilege_swa

@@ -1 +0,0 @@
-Huna mapendeleo ya kufanya kitendo hiki

services/registration/no_voucher

@@ -1 +1 @@
-You need a voucher to proceed
+You need a voucher to send

services/registration/no_voucher_swa

@@ -1 +1 @@
-Unahitaji sarafu kuendelea
+Unahitaji sarafu kutuma

services/registration/others_pin_mismatch_swa

@@ -1 +0,0 @@
-PIN uliyoweka hailingani.Jaribu tena.

services/registration/pin_reset_mismatch_swa

@@ -1 +0,0 @@
-PIN uliyoweka hailingani.Jaribu tena.

services/registration/pin_reset_result_swa

@@ -1 +0,0 @@
-Ombi la kuweka upya PIN ya {{.retrieve_blocked_number}} limefanikiwa

services/registration/retry_menu

@@ -1 +0,0 @@
-Retry

services/registration/retry_menu_swa

@@ -1 +0,0 @@
-Jaribu tena

services/registration/select_gender

@@ -1,2 +1 @@
-Current gender: {{.get_current_profile_info}}
 Select gender: 

services/registration/select_gender.vis

@@ -1,7 +1,5 @@
 CATCH incorrect_pin flag_incorrect_pin 1
 CATCH profile_update_success flag_allow_update 1
-LOAD get_current_profile_info 0
-RELOAD get_current_profile_info
 MOUT male 1
 MOUT female 2
 MOUT unspecified 3
@@ -11,3 +9,7 @@ INCMP _ 0
 INCMP set_male 1
 INCMP set_female 2
 INCMP set_unspecified 3
+
+
+
+

services/registration/select_gender_swa

@@ -1,2 +1 @@
-Jinsia ya sasa {{.get_current_profile_info}}
 Chagua jinsia

services/registration/select_voucher.vis

@@ -1,4 +1,3 @@
-CATCH no_voucher flag_no_active_voucher 1
 LOAD get_vouchers 0
 MAP get_vouchers
 MOUT back 0

services/registration/select_voucher_menu_swa

@@ -1 +0,0 @@
-Chagua Sarafu

services/registration/unregistered_number_swa

@@ -1 +0,0 @@
-Nambari uliyoingiza haijasajiliwa na Sarafu au sio sahihi.

services/registration/voucher_details_menu_swa

@@ -1 +0,0 @@
-Maelezo ya Sarafu