From 8bf0e36bd01d78b84947f6368bfe236dbaf1c48c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Szymon=20Rz=C4=85d?= Date: Fri, 31 Mar 2023 12:33:39 +0200 Subject: [PATCH] feat: Add act to unregister identity (#57) --- Cargo.lock | 2 +- src/handlers/identity/mod.rs | 32 ---------------------- src/handlers/identity/unregister.rs | 42 +++++++++++++++++++++++------ 3 files changed, 35 insertions(+), 41 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4f59d15..c8611d2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1270,7 +1270,7 @@ dependencies = [ [[package]] name = "keyserver" -version = "1.4.0" +version = "1.4.1" dependencies = [ "anyhow", "async-trait", diff --git a/src/handlers/identity/mod.rs b/src/handlers/identity/mod.rs index 67f4fb7..7e97f46 100644 --- a/src/handlers/identity/mod.rs +++ b/src/handlers/identity/mod.rs @@ -1,35 +1,3 @@ -use { - crate::auth::jwt::{JwtClaims, JwtVerifierByIssuer}, - serde::{Deserialize, Serialize}, -}; - pub mod register; pub mod resolve; pub mod unregister; - -#[derive(Debug, Serialize, Deserialize)] -pub struct IdentityKeyClaims { - aud: String, // keys server url used for registering - exp: usize, // timestamp when jwt must expire TODO: Should be 1 hour - iat: usize, // timestamp when jwt was issued - iss: String, // public identity key in form of did:key, also used to verify jwt signature - pkh: String, // corresponding blockchain account (did:pkh) -} - -impl JwtClaims for IdentityKeyClaims { - fn is_valid(&self) -> bool { - true - // TODO: Add validation: - // aud must be equal this dns? - // exp must be in future - // iat must be in past - // iss must be valid did:key - // pkh must be valid did:pkh - } -} - -impl JwtVerifierByIssuer for IdentityKeyClaims { - fn get_iss(&self) -> &str { - &self.iss - } -} diff --git a/src/handlers/identity/unregister.rs b/src/handlers/identity/unregister.rs index 3e186c6..a2f3f00 100644 --- a/src/handlers/identity/unregister.rs +++ b/src/handlers/identity/unregister.rs @@ -1,18 +1,15 @@ use { - super::{ - super::{validate_caip10_account, validate_identity_key, Response}, - IdentityKeyClaims, - }, + super::super::{validate_caip10_account, validate_identity_key, Response}, crate::{ auth::{ did::{extract_did_data, DID_METHOD_KEY, DID_METHOD_PKH}, - jwt::Jwt, + jwt::{Jwt, JwtClaims, JwtVerifierByIssuer}, }, error, state::AppState, }, axum::{extract::State, Json}, - serde::Deserialize, + serde::{Deserialize, Serialize}, std::sync::Arc, validator::Validate, }; @@ -31,14 +28,43 @@ pub struct UnregisterIdentityParams { identity_key: String, } +#[derive(Debug, Serialize, Deserialize)] +pub struct UnregisterIdentityKeyClaims { + aud: String, // keys server url used for registering + exp: usize, // timestamp when jwt must expire TODO: Should be 1 hour + iat: usize, // timestamp when jwt was issued + iss: String, // public identity key in form of did:key, also used to verify jwt signature + pkh: String, // corresponding blockchain account (did:pkh) + act: String, // description of action intent. Must be equal to "unregister_identity" +} + +impl JwtClaims for UnregisterIdentityKeyClaims { + fn is_valid(&self) -> bool { + // TODO: Add validation: + // aud must be equal this dns? + // exp must be in future + // iat must be in past + // iss must be valid did:key + // pkh must be valid did:pkh + println!("act: {}", self.act); + self.act == "unregister_identity" + } +} + +impl JwtVerifierByIssuer for UnregisterIdentityKeyClaims { + fn get_iss(&self) -> &str { + &self.iss + } +} + pub async fn handler( State(state): State>, Json(payload): Json, ) -> error::Result { - let jwt = Jwt::::new(&payload.id_auth)?; + let jwt = Jwt::::new(&payload.id_auth)?; jwt.verify()?; - let claims: IdentityKeyClaims = jwt.claims; + let claims: UnregisterIdentityKeyClaims = jwt.claims; let account = extract_did_data(&claims.pkh, DID_METHOD_PKH)?; let identity_key = extract_did_data(&claims.iss, DID_METHOD_KEY)?;