From f8c3de3a95159c14155b2ffa1f5e099ce2a0c4eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Holm=20Gj=C3=B8rup?= Date: Fri, 16 Aug 2024 10:52:51 +0200 Subject: [PATCH 1/5] Add parameter for /v1/ip_info to include company ID providers --- ChangeLog.md | 4 ++++ app/Main.hs | 5 ++++- src/Proxy.hs | 8 +++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 1e31d22..de0a89b 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -2,6 +2,10 @@ ## Unreleased changes +## 0.31.0 + +- Make `/v1/ip_info` endpoint only include company ID providers when query parameter `company` is `true`. + ## 0.30.1 - Reduce the amount of set-cookie headers set in complex queries. diff --git a/app/Main.hs b/app/Main.hs index 79ea2fb..1cf37c9 100644 --- a/app/Main.hs +++ b/app/Main.hs @@ -47,6 +47,7 @@ data ProxyConfig = ProxyConfig pcHealthTolerance :: Maybe Int, pcIpInfo :: FilePath, pcIpInfoV1 :: FilePath, + pcIpInfoWithCompanyV1 :: FilePath, logLevel :: Logging.LogLevel, tcVersion :: Maybe String, tcUrl :: Maybe String @@ -69,7 +70,8 @@ parser = <*> optional (strOption (long "forced-update-config-v1" <> metavar "FILE" <> help "file with the version configuration for forced app updates for the new mobile wallet.")) <*> optional (option auto (long "health-tolerance" <> metavar "SECONDS" <> help "the maximum tolerated age of the last final block in seconds before the health query returns false.")) <*> strOption (long "ip-data" <> metavar "FILE" <> help "File with public and private information on the identity providers, together with metadata.") - <*> strOption (long "ip-data-v1" <> metavar "FILE" <> help "File with public and private information on the identity providers for the flow without initial accounts, together with metadata.") + <*> strOption (long "ip-data-v1" <> metavar "FILE" <> help "File with public and private information on the identity providers (excluding Company ID providers) for the flow without initial accounts, together with metadata.") + <*> strOption (long "ip-data-company-v1" <> metavar "FILE" <> help "File with public and private information on the identity providers (including Company ID providers) for the flow without initial accounts, together with metadata.") <*> option (eitherReader Logging.logLevelFromString) (long "log-level" <> metavar "LOGLEVEL" <> value Logging.LLOff <> showDefault <> help "Log level. Can be one of either 'off', 'error', 'warning', 'info', 'debug' or 'trace'.") <*> optional (strOption (long "tc-version" <> metavar "STRING" <> help "Version of terms and conditions in effect.")) <*> optional (strOption (long "tc-url" <> metavar "URL" <> help "Link to the terms and conditions.")) @@ -168,6 +170,7 @@ main = do Right cfg -> return cfg Right ipInfo <- AE.eitherDecode' <$> LBS.readFile pcIpInfo Right ipInfoV1 <- AE.eitherDecode' <$> LBS.readFile pcIpInfoV1 + Right ipInfoWithCompanyV1 <- AE.eitherDecode' <$> LBS.readFile pcIpInfoWithCompanyV1 runStderrLoggingT . filterL $ do $logDebug ("Using iOS V0 update config: " <> fromString (show forcedUpdateConfigIOSV0)) $logDebug ("Using Android V0 update config: " <> fromString (show forcedUpdateConfigAndroidV0)) diff --git a/src/Proxy.hs b/src/Proxy.hs index 71ad582..25f2d01 100644 --- a/src/Proxy.hs +++ b/src/Proxy.hs @@ -204,6 +204,7 @@ data Proxy = Proxy globalInfo :: Value, ipInfo :: Value, ipInfoV1 :: Value, + ipInfoWithCompanyV1 :: Value, logLevel :: Logging.LogLevel, -- | The version of terms and conditions currently in effect. -- If not set the endpoint termsAndConditionsVersion is disabled. @@ -2312,7 +2313,12 @@ getIpsR :: Handler TypedContent getIpsR = toTypedContent . ipInfo <$> getYesod getIpsV1R :: Handler TypedContent -getIpsV1R = toTypedContent . ipInfoV1 <$> getYesod +getIpsV1R = do + includeCompanyParam <- lookupGetParam "company" + let ipInfo = case includeCompanyParam of + (Just "true") -> ipInfoWithCompanyV1 + _ -> ipInfoV1 + toTypedContent . ipInfo <$> getYesod getTermsAndConditionsVersion :: Handler TypedContent getTermsAndConditionsVersion = do From 2de51d13cbba9e596a008db698d69d955bc85a53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Holm=20Gj=C3=B8rup?= Date: Fri, 16 Aug 2024 11:20:34 +0200 Subject: [PATCH 2/5] Fix formatting --- src/Proxy.hs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Proxy.hs b/src/Proxy.hs index 25f2d01..e087b83 100644 --- a/src/Proxy.hs +++ b/src/Proxy.hs @@ -2314,11 +2314,11 @@ getIpsR = toTypedContent . ipInfo <$> getYesod getIpsV1R :: Handler TypedContent getIpsV1R = do - includeCompanyParam <- lookupGetParam "company" - let ipInfo = case includeCompanyParam of - (Just "true") -> ipInfoWithCompanyV1 - _ -> ipInfoV1 - toTypedContent . ipInfo <$> getYesod + includeCompanyParam <- lookupGetParam "company" + let ipInfo = case includeCompanyParam of + (Just "true") -> ipInfoWithCompanyV1 + _ -> ipInfoV1 + toTypedContent . ipInfo <$> getYesod getTermsAndConditionsVersion :: Handler TypedContent getTermsAndConditionsVersion = do From c5f298349efcb63f2fc51a74b347512ee0b4ab08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Holm=20Gj=C3=B8rup?= Date: Fri, 16 Aug 2024 11:54:55 +0200 Subject: [PATCH 3/5] Add v2 endpoint instead of query parameter --- ChangeLog.md | 2 +- app/Main.hs | 6 +++--- src/Proxy.hs | 13 ++++++------- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index de0a89b..370d2c1 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -4,7 +4,7 @@ ## 0.31.0 -- Make `/v1/ip_info` endpoint only include company ID providers when query parameter `company` is `true`. +- Introduce `/v2/ip_info` endpoint which include Company ID providers, the information is provided to the service using `--ip-data-v2 `. ## 0.30.1 diff --git a/app/Main.hs b/app/Main.hs index 1cf37c9..e528ac0 100644 --- a/app/Main.hs +++ b/app/Main.hs @@ -47,7 +47,7 @@ data ProxyConfig = ProxyConfig pcHealthTolerance :: Maybe Int, pcIpInfo :: FilePath, pcIpInfoV1 :: FilePath, - pcIpInfoWithCompanyV1 :: FilePath, + pcIpInfoV2 :: FilePath, logLevel :: Logging.LogLevel, tcVersion :: Maybe String, tcUrl :: Maybe String @@ -71,7 +71,7 @@ parser = <*> optional (option auto (long "health-tolerance" <> metavar "SECONDS" <> help "the maximum tolerated age of the last final block in seconds before the health query returns false.")) <*> strOption (long "ip-data" <> metavar "FILE" <> help "File with public and private information on the identity providers, together with metadata.") <*> strOption (long "ip-data-v1" <> metavar "FILE" <> help "File with public and private information on the identity providers (excluding Company ID providers) for the flow without initial accounts, together with metadata.") - <*> strOption (long "ip-data-company-v1" <> metavar "FILE" <> help "File with public and private information on the identity providers (including Company ID providers) for the flow without initial accounts, together with metadata.") + <*> strOption (long "ip-data-v2" <> metavar "FILE" <> help "File with public and private information on the identity providers (including Company ID providers) for the flow without initial accounts, together with metadata.") <*> option (eitherReader Logging.logLevelFromString) (long "log-level" <> metavar "LOGLEVEL" <> value Logging.LLOff <> showDefault <> help "Log level. Can be one of either 'off', 'error', 'warning', 'info', 'debug' or 'trace'.") <*> optional (strOption (long "tc-version" <> metavar "STRING" <> help "Version of terms and conditions in effect.")) <*> optional (strOption (long "tc-url" <> metavar "URL" <> help "Link to the terms and conditions.")) @@ -170,7 +170,7 @@ main = do Right cfg -> return cfg Right ipInfo <- AE.eitherDecode' <$> LBS.readFile pcIpInfo Right ipInfoV1 <- AE.eitherDecode' <$> LBS.readFile pcIpInfoV1 - Right ipInfoWithCompanyV1 <- AE.eitherDecode' <$> LBS.readFile pcIpInfoWithCompanyV1 + Right ipInfoV2 <- AE.eitherDecode' <$> LBS.readFile pcIpInfoV2 runStderrLoggingT . filterL $ do $logDebug ("Using iOS V0 update config: " <> fromString (show forcedUpdateConfigIOSV0)) $logDebug ("Using Android V0 update config: " <> fromString (show forcedUpdateConfigAndroidV0)) diff --git a/src/Proxy.hs b/src/Proxy.hs index e087b83..1b49309 100644 --- a/src/Proxy.hs +++ b/src/Proxy.hs @@ -204,7 +204,7 @@ data Proxy = Proxy globalInfo :: Value, ipInfo :: Value, ipInfoV1 :: Value, - ipInfoWithCompanyV1 :: Value, + ipInfoV2 :: Value, logLevel :: Logging.LogLevel, -- | The version of terms and conditions currently in effect. -- If not set the endpoint termsAndConditionsVersion is disabled. @@ -260,6 +260,7 @@ mkYesod /v0/health HealthR GET /v0/ip_info IpsR GET /v1/ip_info IpsV1R GET +/v2/ip_info IpsV2R GET /v1/accTransactions/#Text AccountTransactionsV1R GET /v0/bakerPool/#Word64 BakerPoolR GET /v0/chainParameters ChainParametersR GET @@ -2313,12 +2314,10 @@ getIpsR :: Handler TypedContent getIpsR = toTypedContent . ipInfo <$> getYesod getIpsV1R :: Handler TypedContent -getIpsV1R = do - includeCompanyParam <- lookupGetParam "company" - let ipInfo = case includeCompanyParam of - (Just "true") -> ipInfoWithCompanyV1 - _ -> ipInfoV1 - toTypedContent . ipInfo <$> getYesod +getIpsV1R = toTypedContent . ipInfoV1 <$> getYesod + +getIpsV2R :: Handler TypedContent +getIpsV2R = toTypedContent . ipInfoV2 <$> getYesod getTermsAndConditionsVersion :: Handler TypedContent getTermsAndConditionsVersion = do From 698c5249e3ec5213684c9cc2ce5e3f842c4bdc8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Holm=20Gj=C3=B8rup?= Date: Fri, 16 Aug 2024 12:38:26 +0200 Subject: [PATCH 4/5] Update readme --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e92620d..83ba1a1 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,9 @@ The wallet proxy provides the following endpoints: * `PUT /v0/testnetGTUDrop/{account address}`: request a CCD drop to the specified account * `GET /v0/health`: get a response specifying if the wallet proxy is up to date * `GET /v0/global`: get the cryptographic parameters obtained from the node it is connected to -* `GET /v0/ip_info`: get the identity providers information, including links for - submitting initial identity issuance requests. +* `GET /v0/ip_info`: get the identity providers information with links for submitting initial identity issuance requests. +* `GET /v1/ip_info`: get the identity providers information with links for submitting identity issuance and recovery requests. +* `GET /v2/ip_info`: get the identity providers information (including company ID providers) with for submitting identity issuance and recovery requests. * `GET /v0/bakerPool/{bakerId}`: get the status of a baker pool given the baker ID. * `GET /v0/chainParameters`: get the chain parameters. * `GET /v0/nextPayday`: get the next payday. From 1fee7b0b12dda3a94164ea1ec10a14c5cf39b6a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emil=20Holm=20Gj=C3=B8rup?= Date: Fri, 16 Aug 2024 14:30:45 +0200 Subject: [PATCH 5/5] Add /v2/ip_info data description to readme --- ChangeLog.md | 2 +- README.md | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 370d2c1..b9ee401 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -4,7 +4,7 @@ ## 0.31.0 -- Introduce `/v2/ip_info` endpoint which include Company ID providers, the information is provided to the service using `--ip-data-v2 `. +- Introduce `/v2/ip_info` endpoint which includes Company ID providers. The information is provided to the service using `--ip-data-v2 `. ## 0.30.1 diff --git a/README.md b/README.md index 83ba1a1..e0af780 100644 --- a/README.md +++ b/README.md @@ -1128,6 +1128,7 @@ wallet-proxy --grpc-ip 127.0.0.1\ --db "host=localhost port=5432 dbname=transaction-outcome user=postgres password=postgres"\ --ip-data identity-providers-with-metadata.json\ --ip-data-v1 identity-providers-with-metadata-v1.json\ + --ip-data-v2 identity-providers-with-metadata-v2.json\ --drop-account gtu-drop-account-0.json\ --forced-update-config-v0 forced-update-config-v0.json\ --forced-update-config-v1 forced-update-config-v1.json\ @@ -1142,6 +1143,7 @@ where - `--db "host=localhost port=5432 dbname=transaction-outcome user=postgres password=postgres"` is the transaction outcome database connection string - `--ip-data identity-providers-with-metadata.json` JSON file with identity providers, anonymity revokers and metadata needed for the version 0 identity flow - `--ip-data-v1 identity-providers-with-metadata.json` JSON file with identity providers and anonymity revokers and metadata needed for the version 1 identity flow +- `--ip-data-v2 identity-providers-with-metadata.json` JSON file with identity providers (including company ID providers) and anonymity revokers and metadata needed for the version 1 identity flow - `--drop-account gtu-drop-account-0.json` keys of the gtu drop account - `--forced-update-config-v0 forced-update-config-v0.json` file with app update configuration for the old mobile wallet - `--forced-update-config-v1 forced-update-config-v1.json` file with app update configuration for the new mobile wallet @@ -1260,6 +1262,62 @@ Where NB: It is OK to have the same identity provider listed multiple times in this file, i.e., the same identity provider could have two verification backends, in which case they would be listed twice in the list, the difference between the two instances being the `issuanceStart` and `icon` fields. +### For the version 2 identity issuance flow +This must be a valid JSON file which contains an array of JSON objects of the following form +```json +{ + "metadata": { + "display": "Alternative display name", + "issuanceStart": "https://identity.provider/issuance-start", + "recoveryStart": "https://identity.provider/recovery-start", + "icon": "base 64 encoded png image", + "support": "" + }, + "ipInfo": { + "ipIdentity": 0, + "ipDescription": { + "name": "Short name as it appears on the chain.", + "url": "http/identity.provider", + "description": "Free form description" + }, + "ipVerifyKey": "...", + "ipCdiVerifyKey": "74e905294a9377408d87ab4ddc4202731c4f971561eeaf423e82ae9509b8d057" + }, + "arsInfos": { + "1": { + "arIdentity": 1, + "arDescription": { + "name": "AR-1", + "url": "", + "description": "" + }, + "arPublicKey": "93fdc40bb8af4cb75caf8a53928d247be6285784b29578a06df312c28854c1bfac2fd0183967338b578772398d41201886a215138ec53d870e2878bbe731381927e08eaafe97003f6f4831f18e47c9ee8913c5f806064b57341785f0376af" + }, + "2": { + "arIdentity": 2, + "arDescription": { + "name": "AR-2", + "url": "", + "description": "" + }, + "arPublicKey": "93fdc40bb8af4cb75caf8a53928d247be6285784b29578a06df312c28854c1bfac2fd0183967338b578772398d41201ac7295a21c3c687112f454c1d222d74e0d9cc9249b3c1eef58eb66a8a039c0decf3ea413a656f6f2dbebb497b7a527" + } + } +} +``` + +Where +- the `ipInfo` field is the contents of the `identity-provider-*.pub.json` files generated by the genesis tool, minus the outer versioning. +- the `arsInfos` field has the same format (minus the versioning) as the `anonymity_revokers.json` file generated by the genesis tool. +- the `metadata` field needs to be constructed manually based on the desired setup and in communication with partners. + - the `issuanceStart` link is where the wallet submits the initial identity creation request. + - the `issuanceRecovery` link is where the wallet submits the identity recovery request. + - the `icon` needs to be a base64 encoded png image that should be obtained from the relevant identity provider. + - the `support` field must contain a valid support email of the identity provider. + - the `display` field is optional and is the name to display for this identity provider, this is useful for when the same ID provider is listed twice, to allow them to be distinguished. + +NB: It is OK to have the same identity provider listed multiple times in this file, i.e., the same identity provider could have two verification backends, in which case they would be listed twice in the list, the difference between the two instances being the `issuanceStart` and `icon` fields. + ## Database setup The wallet-proxy needs access to the transaction logging database in the form of a PostgreSQL database.