Feature/credential proxy jwt

Cargo.toml

@@ -453,6 +453,11 @@ opt-level = 'z'
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(tokio_unstable)'] }
 
 [workspace.lints.clippy]
+suspicious = "deny"
+complexity = "deny"
+perf = "deny"
+style = "deny"
+
 unwrap_used = "deny"
 expect_used = "deny"
 todo = "deny"

common/credential-proxy/build.rs

@@ -8,7 +8,7 @@ async fn main() -> anyhow::Result<()> {
     use sqlx::{Connection, SqliteConnection};
     use std::env;
 
-    let out_dir = env::var("OUT_DIR")?;
+    let out_dir = env::var("OUT_DIR").context("missing OUT_DIR env variable")?;
     let database_path = format!("{out_dir}/nym-credential-proxy-example.sqlite");
 
     // remove the db file if it already existed from previous build

common/credential-proxy/src/error.rs

@@ -127,6 +127,13 @@ pub enum CredentialProxyError {
     #[error("failed to create deposit")]
     DepositFailure,
 
+    #[error("failed to load jwt signing key from {path}: {err}")]
+    JWTSigningKeyLoadFailure {
+        path: String,
+        #[source]
+        err: std::io::Error,
+    },
+
     #[error("can't obtain sufficient number of credential shares due to unavailable quorum")]
     UnavailableSigningQuorum,
 

common/credential-proxy/src/ticketbook_manager/ticketbook_handlers.rs

@@ -7,9 +7,9 @@ use crate::ticketbook_manager::TicketbookManager;
 use nym_compact_ecash::Base58;
 use nym_credential_proxy_requests::api::v1::ticketbook::models::{
     CurrentEpochResponse, DepositResponse, GlobalDataParams, MasterVerificationKeyResponse,
-    PartialVerificationKey, PartialVerificationKeysResponse, TicketbookAsyncRequest,
-    TicketbookObtainParams, TicketbookRequest, TicketbookWalletSharesAsyncResponse,
-    TicketbookWalletSharesResponse,
+    ObtainTicketBookSharesAsyncResponse, PartialVerificationKey, PartialVerificationKeysResponse,
+    TicketbookAsyncRequest, TicketbookObtainParams, TicketbookRequest,
+    TicketbookWalletSharesAsyncResponse, TicketbookWalletSharesResponse,
 };
 use time::OffsetDateTime;
 use tracing::{Instrument, Level, error, info, span, warn};
@@ -65,7 +65,7 @@ impl TicketbookManager {
         uuid: Uuid,
         request: TicketbookAsyncRequest,
         params: TicketbookObtainParams,
-    ) -> Result<TicketbookWalletSharesAsyncResponse, CredentialProxyError> {
+    ) -> Result<ObtainTicketBookSharesAsyncResponse, CredentialProxyError> {
         let requested_on = OffsetDateTime::now_utc();
         let span = span!(Level::INFO, "[async] obtain ticketboook", uuid = %uuid);
         async move {
@@ -110,7 +110,7 @@ impl TicketbookManager {
             }
 
             // 4. in the meantime, return the id to the user
-            Ok(TicketbookWalletSharesAsyncResponse { id, uuid })
+            Ok(TicketbookWalletSharesAsyncResponse { id, uuid }.into())
         }
         .instrument(span)
         .await

common/crypto/Cargo.toml

@@ -36,7 +36,11 @@ nym-sphinx-types = { path = "../nymsphinx/types", version = "0.2.0", default-fea
 nym-pemstore = { path = "../../common/pemstore", version = "0.3.0" }
 
 [dev-dependencies]
+anyhow = { workspace = true }
 rand_chacha = { workspace = true }
+serde_json = { workspace = true }
+nym-test-utils = { path = "../test-utils" }
+
 
 [features]
 default = []

common/crypto/src/asymmetric/ed25519/serde_helpers.rs

@@ -17,6 +17,51 @@ pub mod bs58_ed25519_pubkey {
     }
 }
 
+pub mod vec_bs58_ed25519_pubkey {
+    use super::*;
+    use serde::{Deserialize, Deserializer, Serializer, ser::SerializeSeq};
+
+    pub fn serialize<S: Serializer>(
+        keys: &Vec<PublicKey>,
+        serializer: S,
+    ) -> Result<S::Ok, S::Error> {
+        let mut seq = serializer.serialize_seq(Some(keys.len()))?;
+        for key in keys {
+            seq.serialize_element(&Bs58KeyWrapper(*key))?;
+        }
+        seq.end()
+    }
+
+    pub fn deserialize<'de, D: Deserializer<'de>>(
+        deserializer: D,
+    ) -> Result<Vec<PublicKey>, D::Error> {
+        let wrapped = Vec::<Bs58KeyWrapper>::deserialize(deserializer)?;
+        Ok(wrapped.into_iter().map(|k| k.0).collect())
+    }
+
+    struct Bs58KeyWrapper(PublicKey);
+
+    impl serde::Serialize for Bs58KeyWrapper {
+        fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+        where
+            S: Serializer,
+        {
+            bs58_ed25519_pubkey::serialize(&self.0, serializer)
+        }
+    }
+
+    impl<'de> Deserialize<'de> for Bs58KeyWrapper {
+        fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+        where
+            D: Deserializer<'de>,
+        {
+            Ok(Bs58KeyWrapper(bs58_ed25519_pubkey::deserialize(
+                deserializer,
+            )?))
+        }
+    }
+}
+
 pub mod bs58_ed25519_signature {
     use crate::asymmetric::ed25519::Signature;
     use serde::{Deserialize, Deserializer, Serializer};
@@ -33,3 +78,53 @@ pub mod bs58_ed25519_signature {
         Signature::from_base58_string(s).map_err(serde::de::Error::custom)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use jwt_simple::reexports::{anyhow, serde_json};
+    use nym_test_utils::helpers::deterministic_rng;
+    use serde::{Deserialize, Serialize};
+
+    #[test]
+    fn vec_bs58_ed25519_pubkey_json() -> anyhow::Result<()> {
+        #[derive(Serialize, Deserialize, Debug, PartialEq)]
+        struct KeysWrapper(#[serde(with = "vec_bs58_ed25519_pubkey")] Vec<PublicKey>);
+
+        use crate::asymmetric::ed25519;
+        let mut rng = deterministic_rng();
+        let empty = KeysWrapper(vec![]);
+        let single_key = KeysWrapper(vec![PublicKey::from_base58_string(
+            "Be9wH7xuXBRJAuV1pC7MALZv6a61RvWQ3SypsNarqTt",
+        )?]);
+        let three_keys = KeysWrapper(vec![
+            ed25519::KeyPair::new(&mut rng).public_key,
+            ed25519::KeyPair::new(&mut rng).public_key,
+            ed25519::KeyPair::new(&mut rng).public_key,
+        ]);
+
+        let se_empty = serde_json::to_string(&empty)?;
+        let se_single_key = serde_json::to_string(&single_key)?;
+        let se_three_keys = serde_json::to_string(&three_keys)?;
+
+        assert_eq!(se_empty, r#"[]"#);
+        assert_eq!(
+            se_single_key,
+            r#"["Be9wH7xuXBRJAuV1pC7MALZv6a61RvWQ3SypsNarqTt"]"#
+        );
+        assert_eq!(
+            se_three_keys,
+            r#"["HmgHDV79LpnEaSUp8QZQwSroxVvS4RewF7yM9e7qu8y3","311xRh859qCd5MVqoPRCoNx26eYhLknGwtjzkkTJFGhf","A5BMp8WJ6Uk91U4JpWRv2Bc6X35AaRaSEy8QEWeAkaBv"]"#
+        );
+
+        let empty_de = serde_json::from_str::<KeysWrapper>(&se_empty)?;
+        let single_key_de = serde_json::from_str::<KeysWrapper>(&se_single_key)?;
+        let three_keys_de = serde_json::from_str::<KeysWrapper>(&se_three_keys)?;
+
+        assert_eq!(empty, empty_de);
+        assert_eq!(single_key, single_key_de);
+        assert_eq!(three_keys, three_keys_de);
+
+        Ok(())
+    }
+}

common/http-api-client/src/lib.rs

@@ -902,6 +902,8 @@ impl Client {
 
         if self.base_urls.len() > 1 {
             let orig = self.current_idx.load(Ordering::Relaxed);
+
+            #[allow(unused_mut)]
             let mut next = (orig + 1) % self.base_urls.len();
 
             // if fronting is enabled we want to update to a host that has fronts configured

common/upgrade-mode-check/Cargo.toml

@@ -15,16 +15,23 @@ jwt-simple = { workspace = true }
 reqwest = { workspace = true, features = ["rustls-tls"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
-time = { workspace = true, features = ["serde"] }
+time = { workspace = true, features = ["serde", "formatting", "parsing"] }
 thiserror = { workspace = true }
 tracing = { workspace = true }
+utoipa = { workspace = true, optional = true }
 
 nym-http-api-client = { path = "../http-api-client", default-features = false }
 nym-crypto = { path = "../crypto", features = ["asymmetric", "serde", "naive_jwt"] }
 
 [dev-dependencies]
 anyhow = { workspace = true }
 time = { workspace = true, features = ["macros"] }
+nym-test-utils = { path = "../test-utils" }
+nym-crypto = { path = "../crypto", features = ["rand"] }
+
+
+[features]
+openapi = ["utoipa"]
 
 [lints]
 workspace = true