GetCredentialsBy {issuer, subject, schema} API calls ignoring query parameters

[frankhinek]

Expected Behavior

If a matching credential has been created, based on the following comment:

ssi-service/pkg/server/router/credential.go

Line 116 in 03d5868

// GetCredentials checks for the presence of a query parameter and calls the associated filtered get method

an API call to one of the following:

• /v1/credentials?issuer=did:key:abc123
• /v1/credentials?schema=https://test-schema.com
• /v1/credentials?subject=did:key:def456

should return a JSON array with the matching credential data.

Current Behavior

If a matching credential has been created, an API call to one of the following:

• /v1/credentials?issuer=did:key:abc123
• /v1/credentials?schema=https://test-schema.com
• /v1/credentials?subject=did:key:def456

returns an error:

{
    "error": "must use one of the following query parameters: issuer, subject, schema"
}

Steps to Reproduce

1. Create a credential:

   curl -X PUT -d '
    {
        "Issuer": "did:abc:123",
        "Subject": "did:def:456",
        "Schema": "https://test-schema.com/name",
        "Data": {
            "firstName": "Jack",
            "lastName": "Dorsey"
        },
        "Expiry": "2022-12-31T05:00:00+00:00"
    }' http://localhost:8080/v1/credentials

2. Attempt to query by issuer, subject, or schema:

   curl -X GET "http://localhost:8080/v1/credentials?issuer=did:abc:123"
   curl -X GET "http://localhost:8080/v1/credentials?subject=did:def:456"
   curl -X GET "http://localhost:8080/v1/credentials?schema=https://test-schema.com/name"

3. Observe that the following error is returned:

   {"error":"must use one of the following query parameters: issuer, subject, schema"}

Possible Solution

Assuming that the design intent was for the API user to use a URL query string parameter/value to retrieve credentials, one possible fix is to create a new utility function in /pkg/server/framework/util.go:

// GetQueryValue is a utility to get a parameter value from the query string, nil if not found
func GetQueryValue(r *http.Request, param string) *string {
	value := r.URL.Query().Get(param)
	if value == "" {
		return nil
	}
	return &value
}

and modify the GetCredentials function:

ssi-service/pkg/server/router/credential.go

Lines 116 to 120 in 03d5868

	// GetCredentials checks for the presence of a query parameter and calls the associated filtered get method
	func (cr CredentialRouter) GetCredentials(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
	issuer := framework.GetParam(ctx, IssuerParam)
	schema := framework.GetParam(ctx, SchemaParam)
	subject := framework.GetParam(ctx, SubjectParam)

to use GetQueryValue:

	issuer := framework.GetQueryValue(r, IssuerParam)
	schema := framework.GetQueryValue(r, SchemaParam)
	subject := framework.GetQueryValue(r, SubjectParam)

An alternative could be to use route parameters. For example:

http://localhost:8080/v1/credentials/issuer/did:abc:123

I tested this as well, but found that if the intent is to support Schema IDs like https://test-schema.com/name (which appears in the current tests), there are issues with the routes being interpreted properly by httptreemux.

Environment

macOS 12.4
go version go1.18.3 darwin/arm64
Mage Build Tool 1.13.0

[decentralgabe]

Thank you for the thorough report @frankhinek I'll make sure to get this fixed.

[decentralgabe]

Fixed in #54