From 4291a5d14de791b33b20d0d71eb7567ee2c0327e Mon Sep 17 00:00:00 2001 From: lauti7 Date: Thu, 4 May 2023 16:39:53 -0300 Subject: [PATCH 1/4] quest rpc login --- content/ADR-220-quests-rpc-login.md | 62 +++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 content/ADR-220-quests-rpc-login.md diff --git a/content/ADR-220-quests-rpc-login.md b/content/ADR-220-quests-rpc-login.md new file mode 100644 index 00000000..4e034c06 --- /dev/null +++ b/content/ADR-220-quests-rpc-login.md @@ -0,0 +1,62 @@ +--- +layout: adr +adr: 220 +title: Authentication Mechanism for Quests RPC Service +date: 2023-05-04 +status: Review +type: RFC +spdx-license: CC0-1.0 +authors: + - lauti7 + - guidota +--- + +## Abstract + +The objective of this document is to present the mechanism that the Quests RPC Service will use to authenticate their users. + +The Quest RPC Service is the service that will be used in-world by scenes, and explorer to send events about user's progress, get state updates for each active quest, and get information about the quests that the user is involved. + +## Context, Reach & Prioritization + +The Quest RPC Service needs a way to validate who is the user that is requesting to connect to the service in order to know who is the user which is sending the events about a progress on a quest or trying to subscribe to quests' updates. The transport protocol for the service is WebSockets. + +The Quest RPC Service will be requested by scenes and explorer as long as the user take part in a at least one quest. The way the service use to identify users to store the information about user's quests progress and relating this information to a user is by their Ethereum Address. + +The [Quest RPC Service](https://github.com/decentraland/quests/tree/main/crates/server/src/rpc) is written in Rust and using the [dcl-rpc](https://github.com/decentraland/rpc-rust) crate. + +## Specification + +The solution we proposed is to use the [Decentraland's AuthChain concept](https://docs.decentraland.org/contributor/auth/authchain/), [dcl-crypto](https://github.com/decentraland/decentraland-crypto-rust) crate, and a signature challenge after the connection upgrading. + +Once the client opens the connection to the server, the server will sends the signature challenge which consists of a text message with a random unsigned 32-bit number ("signature_challenge_{random_u32}").Then, it will wait 30 seconds for the client to send a response back to the server. The response of the client must be the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) containing the sent signature challenge signed. If 30 seconds elapse, the connection will be closed by the server or if the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) signature or the message sent by the client is not a valid one, the connection will be also closed by the server. + +If the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) signature is valid, then the server will create a [WebSocketTransport](https://docs.rs/dcl-rpc/latest/dcl_rpc/transports/index.html) and attach it to the [RpcServer](https://docs.rs/dcl-rpc/latest/dcl_rpc/server/index.html) + +The happy-path of this solution is: +```mermaid +sequenceDiagram + WebSocketClient-->WebSocketServer: opens connection + WebSocketServer-->WebSocketServer: upgrades connection + WebSocketServer-->WebSocketClient: signature_challenge_{random_u32} + note over WebSocketServer: wait 30 seconds for signature or close connection + WebSocketClient-->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) + WebSocketServer-->WebSocketServer: verifies signature & is valid + WebSocketServer-->WebSocketServer: creates WebSocketTransport + WebSocketServer-->RpcServer: attaches new transport +``` + + +The unhappy-path of this solution is: +```mermaid +sequenceDiagram + WebSocketClient-->WebSocketServer: opens connection + WebSocketServer-->WebSocketServer: upgrades connection + WebSocketServer-->WebSocketClient: signature_challenge_{random_u32} + note over WebSocketServer: wait 30 seconds for signature or close connection + WebSocketClient-->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) + WebSocketServer-->WebSocketServer: verifies signature & is not valid + WebSocketServer-->WebSocketClient: closes connection +``` + + From a88fabc78c4ae26e8b66232864d313bce8e99684 Mon Sep 17 00:00:00 2001 From: lauti7 Date: Fri, 5 May 2023 10:59:25 -0300 Subject: [PATCH 2/4] add suggestions --- content/ADR-220-quests-rpc-login.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/ADR-220-quests-rpc-login.md b/content/ADR-220-quests-rpc-login.md index 4e034c06..52f177c7 100644 --- a/content/ADR-220-quests-rpc-login.md +++ b/content/ADR-220-quests-rpc-login.md @@ -19,7 +19,7 @@ The Quest RPC Service is the service that will be used in-world by scenes, and e ## Context, Reach & Prioritization -The Quest RPC Service needs a way to validate who is the user that is requesting to connect to the service in order to know who is the user which is sending the events about a progress on a quest or trying to subscribe to quests' updates. The transport protocol for the service is WebSockets. +The Quest RPC Service needs a way to validate who is the user that is requesting to connect to the service in order to identify who is sending the events about progress on a quest or trying to subscribe to quests' updates. The transport protocol for the service is WebSockets. The Quest RPC Service will be requested by scenes and explorer as long as the user take part in a at least one quest. The way the service use to identify users to store the information about user's quests progress and relating this information to a user is by their Ethereum Address. @@ -27,9 +27,9 @@ The [Quest RPC Service](https://github.com/decentraland/quests/tree/main/crates/ ## Specification -The solution we proposed is to use the [Decentraland's AuthChain concept](https://docs.decentraland.org/contributor/auth/authchain/), [dcl-crypto](https://github.com/decentraland/decentraland-crypto-rust) crate, and a signature challenge after the connection upgrading. +The solution proposed in this document is to use the [Decentraland's AuthChain concept](https://docs.decentraland.org/contributor/auth/authchain/), [dcl-crypto](https://github.com/decentraland/decentraland-crypto-rust) crate, and a signature challenge after the connection upgrading. -Once the client opens the connection to the server, the server will sends the signature challenge which consists of a text message with a random unsigned 32-bit number ("signature_challenge_{random_u32}").Then, it will wait 30 seconds for the client to send a response back to the server. The response of the client must be the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) containing the sent signature challenge signed. If 30 seconds elapse, the connection will be closed by the server or if the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) signature or the message sent by the client is not a valid one, the connection will be also closed by the server. +Once the client opens the connection to the server, the server will send the signature challenge which consists of a text message with a random unsigned 32-bit number (`"signature_challenge_{random_u32}"`). Then, it will wait 30 seconds for the client to send a response back to the server. The client's response must be the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) containing the signed sent signature challenge. If 30 seconds elapse without receiving the signature challenge or if the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) signature of the message sent by the client is not a valid one, then the connection will be closed by the server. If the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) signature is valid, then the server will create a [WebSocketTransport](https://docs.rs/dcl-rpc/latest/dcl_rpc/transports/index.html) and attach it to the [RpcServer](https://docs.rs/dcl-rpc/latest/dcl_rpc/server/index.html) From f06cfaf58e51a03959187bb777ad54d780e3e52d Mon Sep 17 00:00:00 2001 From: lauti7 Date: Fri, 5 May 2023 11:13:11 -0300 Subject: [PATCH 3/4] fix arrows --- content/ADR-220-quests-rpc-login.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/content/ADR-220-quests-rpc-login.md b/content/ADR-220-quests-rpc-login.md index 52f177c7..56a3ce45 100644 --- a/content/ADR-220-quests-rpc-login.md +++ b/content/ADR-220-quests-rpc-login.md @@ -36,27 +36,27 @@ If the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) si The happy-path of this solution is: ```mermaid sequenceDiagram - WebSocketClient-->WebSocketServer: opens connection - WebSocketServer-->WebSocketServer: upgrades connection - WebSocketServer-->WebSocketClient: signature_challenge_{random_u32} + WebSocketClient->WebSocketServer: opens connection + WebSocketServer->WebSocketServer: upgrades connection + WebSocketServer->WebSocketClient: signature_challenge_{random_u32} note over WebSocketServer: wait 30 seconds for signature or close connection - WebSocketClient-->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) - WebSocketServer-->WebSocketServer: verifies signature & is valid - WebSocketServer-->WebSocketServer: creates WebSocketTransport - WebSocketServer-->RpcServer: attaches new transport + WebSocketClient->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) + WebSocketServer->WebSocketServer: verifies signature & is valid + WebSocketServer->WebSocketServer: creates WebSocketTransport + WebSocketServer->RpcServer: attaches new transport ``` The unhappy-path of this solution is: ```mermaid sequenceDiagram - WebSocketClient-->WebSocketServer: opens connection - WebSocketServer-->WebSocketServer: upgrades connection - WebSocketServer-->WebSocketClient: signature_challenge_{random_u32} + WebSocketClient->WebSocketServer: opens connection + WebSocketServer->WebSocketServer: upgrades connection + WebSocketServer->WebSocketClient: signature_challenge_{random_u32} note over WebSocketServer: wait 30 seconds for signature or close connection - WebSocketClient-->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) - WebSocketServer-->WebSocketServer: verifies signature & is not valid - WebSocketServer-->WebSocketClient: closes connection + WebSocketClient->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) + WebSocketServer->WebSocketServer: verifies signature & is not valid + WebSocketServer->WebSocketClient: closes connection ``` From 4626b6b2007d075dfeb989dffb1a338f31e6d718 Mon Sep 17 00:00:00 2001 From: lauti7 Date: Fri, 5 May 2023 11:15:33 -0300 Subject: [PATCH 4/4] fix arrows --- content/ADR-220-quests-rpc-login.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/content/ADR-220-quests-rpc-login.md b/content/ADR-220-quests-rpc-login.md index 56a3ce45..a9f4fd3b 100644 --- a/content/ADR-220-quests-rpc-login.md +++ b/content/ADR-220-quests-rpc-login.md @@ -36,27 +36,27 @@ If the [AuthChain](https://docs.decentraland.org/contributor/auth/authchain/) si The happy-path of this solution is: ```mermaid sequenceDiagram - WebSocketClient->WebSocketServer: opens connection - WebSocketServer->WebSocketServer: upgrades connection - WebSocketServer->WebSocketClient: signature_challenge_{random_u32} + WebSocketClient->>+WebSocketServer: opens connection + WebSocketServer->>+WebSocketServer: upgrades connection + WebSocketServer->>+WebSocketClient: signature_challenge_{random_u32} note over WebSocketServer: wait 30 seconds for signature or close connection - WebSocketClient->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) - WebSocketServer->WebSocketServer: verifies signature & is valid - WebSocketServer->WebSocketServer: creates WebSocketTransport - WebSocketServer->RpcServer: attaches new transport + WebSocketClient->>+WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) + WebSocketServer->>+WebSocketServer: verifies signature & is valid + WebSocketServer->>+WebSocketServer: creates WebSocketTransport + WebSocketServer->>+RpcServer: attaches new transport ``` The unhappy-path of this solution is: ```mermaid sequenceDiagram - WebSocketClient->WebSocketServer: opens connection - WebSocketServer->WebSocketServer: upgrades connection - WebSocketServer->WebSocketClient: signature_challenge_{random_u32} + WebSocketClient->>+WebSocketServer: opens connection + WebSocketServer->>+WebSocketServer: upgrades connection + WebSocketServer->>+WebSocketClient: signature_challenge_{random_u32} note over WebSocketServer: wait 30 seconds for signature or close connection - WebSocketClient->WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) - WebSocketServer->WebSocketServer: verifies signature & is not valid - WebSocketServer->WebSocketClient: closes connection + WebSocketClient->>+WebSocketServer: auth_chain(payload=signature_challenge_{random_u32}) + WebSocketServer->>+WebSocketServer: verifies signature & is not valid + WebSocketServer->>+WebSocketClient: closes connection ```