Feature/vault (#3)

* remove user data from the database; move blinder and issuer auth data to the vault * minor config fix * remove unused func * import dig lib
rarimo · Feb 27, 2024 · 0b73ad0 · 0b73ad0
1 parent 11b918c
commit 0b73ad0
Show file tree

Hide file tree

Showing 21 changed files with 342 additions and 182 deletions.
diff --git a/config.yaml b/config.yaml
@@ -1,3 +1,6 @@
+vault:
+  address: "http://127.0.0.1:8200"
+
 network:
   eth_rpc:
   state_contract:
@@ -8,13 +11,10 @@ verifier:
     sha256: "./sha256_verification_key.json"
   master_certs_path: "./masterList.dev.pem"
   allowed_age: 18
-  blinder: 1 # big value required
 
 issuer:
   base_url: "http://localhost:3002/v1"
   did: ""
-  auth_username: ""
-  auth_password: ""
   claim_type: "VotingCredential"
   credential_schema: "https://bafybeibbniic63etdbcn5rs5ir5bhelym6ogv46afj35keatzhn2eqnioi.ipfs.w3s.link/VotingCredential.json"
 

diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/go-chi/chi v4.1.2+incompatible
 	github.com/go-ozzo/ozzo-validation/v4 v4.2.1
 	github.com/google/uuid v1.3.0
+	github.com/hashicorp/vault/api v1.12.0
 	github.com/iden3/contracts-abi/state/go/abi v1.0.1
 	github.com/iden3/go-iden3-core/v2 v2.0.4
 	github.com/iden3/go-iden3-crypto v0.0.15
@@ -19,6 +20,7 @@ require (
 	github.com/rarimo/certificate-transparency-go v0.0.0-20240216144634-4291bc43f73b
 	github.com/rubenv/sql-migrate v1.6.1
 	gitlab.com/distributed_lab/ape v1.7.1
+	gitlab.com/distributed_lab/dig v0.0.0-20230207152643-c44f80a4294c
 	gitlab.com/distributed_lab/figure v2.1.0+incompatible
 	gitlab.com/distributed_lab/figure/v3 v3.1.3
 	gitlab.com/distributed_lab/kit v1.11.2
@@ -32,6 +34,7 @@ require (
 	github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 // indirect
 	github.com/andybalholm/brotli v1.0.6 // indirect
 	github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect
+	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/deckarep/golang-set/v2 v2.1.0 // indirect
@@ -40,14 +43,21 @@ require (
 	github.com/getsentry/raven-go v0.2.0 // indirect
 	github.com/getsentry/sentry-go v0.18.0 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/go-ole/go-ole v1.2.1 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/google/jsonapi v0.0.0-20200226002910-c8283f632fb7 // indirect
 	github.com/google/pprof v0.0.0-20231229205709-960ae82b1e42 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.6 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/holiman/uint256 v1.2.0 // indirect
 	github.com/jmoiron/sqlx v1.2.0 // indirect
@@ -56,7 +66,8 @@ require (
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/magiconair/properties v1.8.0 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/onsi/ginkgo/v2 v2.13.2 // indirect
@@ -66,6 +77,7 @@ require (
 	github.com/quic-go/qtls-go1-20 v0.4.1 // indirect
 	github.com/quic-go/quic-go v0.40.1 // indirect
 	github.com/refraction-networking/utls v1.6.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/afero v1.1.2 // indirect
@@ -84,6 +96,7 @@ require (
 	golang.org/x/net v0.21.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.16.1 // indirect
 	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

diff --git a/go.sum b/go.sum
diff --git a/internal/assets/migrations/001_initial.sql b/internal/assets/migrations/001_initial.sql
@@ -1,11 +1,10 @@
 -- +migrate Up
-create table proofs(
-    id           bigserial primary key,
-    did          text  not null,
-    data         jsonb not null,
-    pub_signals  jsonb not null,
-    document_sod jsonb not null
+create table claims(
+    id            uuid primary key,
+    user_did      text not null,
+    issuer_did    text not null,
+    document_hash text not null
 );
 
 -- +migrate Down
-drop table proofs;
+drop table claims;
diff --git a/internal/assets/migrations/002_claims.sql b/internal/assets/migrations/002_claims.sql
diff --git a/internal/config/issuer.go b/internal/config/issuer.go
@@ -1,22 +1,24 @@
 package config
 
 import (
+	"fmt"
+	"github.com/iden3/go-iden3-core/v2/w3c"
 	"gitlab.com/distributed_lab/figure"
 	"gitlab.com/distributed_lab/kit/comfig"
 	"gitlab.com/distributed_lab/kit/kv"
+	"gitlab.com/distributed_lab/logan/v3/errors"
+	"reflect"
 )
 
 type IssuerConfiger interface {
 	IssuerConfig() *IssuerConfig
 }
 
 type IssuerConfig struct {
-	BaseUrl          string `fig:"base_url,required"`
-	AuthUsername     string `fig:"auth_username,required"`
-	AuthPassword     string `fig:"auth_password,required"`
-	DID              string `fig:"did,required"`
-	ClaimType        string `fig:"claim_type,required"`
-	CredentialSchema string `fig:"credential_schema,required"`
+	BaseUrl          string   `fig:"base_url,required"`
+	DID              *w3c.DID `fig:"did,required"`
+	ClaimType        string   `fig:"claim_type,required"`
+	CredentialSchema string   `fig:"credential_schema,required"`
 }
 
 type issuer struct {
@@ -36,6 +38,7 @@ func (i *issuer) IssuerConfig() *IssuerConfig {
 
 		err := figure.
 			Out(&result).
+			With(figure.BaseHooks, iden3Hooks).
 			From(kv.MustGetStringMap(i.getter, "issuer")).
 			Please()
 		if err != nil {
@@ -45,3 +48,20 @@ func (i *issuer) IssuerConfig() *IssuerConfig {
 		return &result
 	}).(*IssuerConfig)
 }
+
+var iden3Hooks = figure.Hooks{
+	"*w3c.DID": func(value interface{}) (reflect.Value, error) {
+		switch v := value.(type) {
+		case string:
+			did, err := w3c.ParseDID(v)
+			if err != nil {
+				return reflect.Value{}, errors.Wrap(err, "failed to parse DID")
+			}
+			return reflect.ValueOf(did), nil
+		case nil:
+			return reflect.ValueOf(nil), nil
+		default:
+			return reflect.Value{}, fmt.Errorf("unsupported conversion from %T", value)
+		}
+	},
+}
diff --git a/internal/config/main.go b/internal/config/main.go
@@ -17,6 +17,7 @@ type Config interface {
 	IssuerConfiger
 	VerifierConfiger
 	NetworkConfiger
+	VaultConfiger
 }
 
 type config struct {
@@ -29,6 +30,7 @@ type config struct {
 	IssuerConfiger
 	VerifierConfiger
 	NetworkConfiger
+	VaultConfiger
 }
 
 func New(getter kv.Getter) Config {
@@ -41,5 +43,6 @@ func New(getter kv.Getter) Config {
 		IssuerConfiger:   NewIssuerConfiger(getter),
 		VerifierConfiger: NewVerifierConfiger(getter),
 		NetworkConfiger:  NewNetworkConfiger(getter),
+		VaultConfiger:    NewVaultConfiger(getter),
 	}
 }
diff --git a/internal/config/vault.go b/internal/config/vault.go
@@ -0,0 +1,50 @@
+package config
+
+import (
+	"gitlab.com/distributed_lab/dig"
+	"gitlab.com/distributed_lab/figure/v3"
+	"gitlab.com/distributed_lab/kit/comfig"
+	"gitlab.com/distributed_lab/kit/kv"
+)
+
+type VaultConfiger interface {
+	VaultConfig() *VaultConfig
+}
+
+type VaultConfig struct {
+	Address string `fig:"address,required"`
+	Token   string `dig:"VAULT_TOKEN,clear"`
+}
+
+type vault struct {
+	once   comfig.Once
+	getter kv.Getter
+}
+
+func NewVaultConfiger(getter kv.Getter) VaultConfiger {
+	return &vault{
+		getter: getter,
+	}
+}
+
+func (v *vault) VaultConfig() *VaultConfig {
+	return v.once.Do(func() interface{} {
+		var result VaultConfig
+
+		err := figure.
+			Out(&result).
+			From(kv.MustGetStringMap(v.getter, "vault")).
+			Please()
+		if err != nil {
+			panic(err)
+		}
+
+		if err := dig.Out(&result).Where(map[string]interface{}{
+			"address": result.Address,
+		}).Now(); err != nil {
+			panic(err)
+		}
+
+		return &result
+	}).(*VaultConfig)
+}
diff --git a/internal/config/verifier.go b/internal/config/verifier.go
@@ -4,8 +4,6 @@ import (
 	"gitlab.com/distributed_lab/figure/v3"
 	"gitlab.com/distributed_lab/kit/comfig"
 	"gitlab.com/distributed_lab/kit/kv"
-	"gitlab.com/distributed_lab/logan/v3/errors"
-	"math/big"
 	"os"
 )
 
@@ -17,7 +15,6 @@ type VerifierConfig struct {
 	VerificationKeys map[string][]byte
 	MasterCerts      []byte
 	AllowedAge       int
-	Blinder          *big.Int
 }
 
 type verifier struct {
@@ -37,7 +34,6 @@ func (v *verifier) VerifierConfig() *VerifierConfig {
 			VerificationKeysPaths map[string]string `fig:"verification_keys_paths,required"`
 			MasterCertsPath       string            `fig:"master_certs_path,required"`
 			AllowedAge            int               `fig:"allowed_age,required"`
-			Blinder               string            `fig:"blinder,required"`
 		}{}
 
 		err := figure.
@@ -63,16 +59,10 @@ func (v *verifier) VerifierConfig() *VerifierConfig {
 			panic(err)
 		}
 
-		blinder, ok := new(big.Int).SetString(newCfg.Blinder, 10)
-		if !ok {
-			panic(errors.New("failed to set blinder string to big.Int"))
-		}
-
 		return &VerifierConfig{
 			VerificationKeys: verificationKeys,
 			MasterCerts:      masterCerts,
 			AllowedAge:       newCfg.AllowedAge,
-			Blinder:          blinder,
 		}
 	}).(*VerifierConfig)
 }
diff --git a/internal/data/claims.go b/internal/data/claims.go
@@ -14,8 +14,8 @@ type ClaimQ interface {
 }
 
 type Claim struct {
-	ID        uuid.UUID `db:"id" structs:"id"`
-	UserDID   string    `db:"user_did" structs:"user_did"`
-	IssuerDID string    `db:"issuer_did" structs:"issuer_did"`
-	Document  string    `db:"document" structs:"document"`
+	ID           uuid.UUID `db:"id" structs:"id"`
+	UserDID      string    `db:"user_did" structs:"user_did"`
+	IssuerDID    string    `db:"issuer_did" structs:"issuer_did"`
+	DocumentHash string    `db:"document_hash" structs:"document_hash"`
 }
diff --git a/internal/data/main.go b/internal/data/main.go
@@ -3,7 +3,6 @@ package data
 type MasterQ interface {
 	New() MasterQ
 
-	Proof() ProofQ
 	Claim() ClaimQ
 
 	Transaction(fn func(db MasterQ) error) error

diff --git a/internal/data/pg/main.go b/internal/data/pg/main.go
@@ -25,10 +25,6 @@ func (m *masterQ) Transaction(fn func(q data.MasterQ) error) error {
 	})
 }
 
-func (m *masterQ) Proof() data.ProofQ {
-	return NewProofsQ(m.db)
-}
-
 func (m *masterQ) Claim() data.ClaimQ {
 	return NewClaimsQ(m.db)
 }
diff --git a/internal/data/pg/proofs.go b/internal/data/pg/proofs.go
diff --git a/internal/data/proofs.go b/internal/data/proofs.go