chore: move auth service

Signed-off-by: D4ryl00 <d4ryl00@gmail.com>
berty · Jul 21, 2023 · 039f8e7 · 039f8e7
1 parent c5876b6
commit 039f8e7
Show file tree

Hide file tree

Showing 76 changed files with 1,086 additions and 9,973 deletions.
diff --git a/api/protocol/errcode/errcode.proto b/api/protocol/errcode/errcode.proto
@@ -128,19 +128,6 @@ enum ErrCode {
   ErrMessageKeyPersistencePut = 1500;
   ErrMessageKeyPersistenceGet = 1501;
 
-  // Services Auth
-
-  ErrServicesAuth = 4000;
-  ErrServicesAuthNotInitialized = 4001;
-  ErrServicesAuthWrongState = 4002;
-  ErrServicesAuthInvalidResponse = 4003;
-  ErrServicesAuthServer = 4004;
-  ErrServicesAuthCodeChallenge = 4005;
-  ErrServicesAuthServiceInvalidToken = 4006;
-  ErrServicesAuthServiceNotSupported = 4007;
-  ErrServicesAuthUnknownToken = 4008;
-  ErrServicesAuthInvalidURL = 4009;
-
   // Services Replication
 
   ErrServiceReplication = 4100;

diff --git a/api/protocol/protocoltypes.proto b/api/protocol/protocoltypes.proto
@@ -106,16 +106,8 @@ service ProtocolService {
 
   rpc DebugGroup (DebugGroup.Request) returns (DebugGroup.Reply);
 
-  rpc DebugAuthServiceSetToken(DebugAuthServiceSetToken.Request) returns (DebugAuthServiceSetToken.Reply);
-
   rpc SystemInfo (SystemInfo.Request) returns (SystemInfo.Reply);
 
-  // AuthServiceInitFlow Initialize an authentication flow
-  rpc AuthServiceInitFlow (AuthServiceInitFlow.Request) returns (AuthServiceInitFlow.Reply);
-
-  // AuthServiceCompleteFlow Completes an authentication flow
-  rpc AuthServiceCompleteFlow (AuthServiceCompleteFlow.Request) returns (AuthServiceCompleteFlow.Reply);
-
   // CredentialVerificationServiceInitFlow Initialize a credential verification flow
   rpc CredentialVerificationServiceInitFlow (CredentialVerificationServiceInitFlow.Request) returns (CredentialVerificationServiceInitFlow.Reply);
 
@@ -125,9 +117,6 @@ service ProtocolService {
   // VerifiedCredentialsList Retrieves the list of verified credentials
   rpc VerifiedCredentialsList (VerifiedCredentialsList.Request) returns (stream VerifiedCredentialsList.Reply);
 
-  // ServicesTokenList Retrieves the list of services tokens
-  rpc ServicesTokenList (ServicesTokenList.Request) returns (stream ServicesTokenList.Reply);
-
   // ReplicationServiceRegisterGroup Asks a replication service to distribute a group contents
   rpc ReplicationServiceRegisterGroup (ReplicationServiceRegisterGroup.Request) returns (ReplicationServiceRegisterGroup.Reply);
 
@@ -232,12 +221,6 @@ enum EventType {
   // EventTypeMultiMemberGroupAdminRoleGranted indicates the payload includes that an admin of the group granted another member as an admin
   EventTypeMultiMemberGroupAdminRoleGranted = 303;
 
-  // EventTypeAccountServiceTokenAdded indicates that a new service provider has been registered for this account
-  EventTypeAccountServiceTokenAdded = 401;
-
-  // EventTypeAccountServiceTokenRemoved indicates that a service provider is not available anymore
-  EventTypeAccountServiceTokenRemoved = 402;
-
   // EventTypeGroupReplicating indicates that the group has been registered for replication on a server
   EventTypeGroupReplicating = 403;
 
@@ -616,22 +599,6 @@ message AccountContactUnblocked {
   bytes contact_pk = 2 [(gogoproto.customname) = "ContactPK"];
 }
 
-// AccountServiceTokenAdded indicates a token has been added to the account
-message AccountServiceTokenAdded {
-  // device_pk is the device sending the event, signs the message
-  bytes device_pk = 1 [(gogoproto.customname) = "DevicePK"];
-
-  ServiceToken service_token = 2;
-}
-
-// AccountServiceTokenRemoved indicates a token has removed
-message AccountServiceTokenRemoved {
-  // device_pk is the device sending the event, signs the message
-  bytes device_pk = 1 [(gogoproto.customname) = "DevicePK"];
-
-  string token_id = 2 [(gogoproto.customname) = "TokenID"];
-}
-
 message GroupReplicating {
   // device_pk is the device sending the event, signs the message
   bytes device_pk = 1 [(gogoproto.customname) = "DevicePK"];
@@ -1100,22 +1067,6 @@ message DebugGroup {
   }
 }
 
-message AuthExchangeResponse {
-  string access_token = 1;
-  string scope = 2;
-  string error = 3;
-  string error_description = 4;
-  map<string, string> services = 5;
-}
-
-message DebugAuthServiceSetToken {
-  message Request {
-    AuthExchangeResponse token = 1;
-    string authentication_url = 2 [(gogoproto.customname) = "AuthenticationURL"];
-  }
-  message Reply {}
-}
-
 enum DebugInspectGroupLogType {
   DebugInspectGroupLogTypeUndefined = 0;
   DebugInspectGroupLogTypeMessage = 1;
@@ -1156,26 +1107,6 @@ message ServiceToken {
   int64 expiration = 4;
 }
 
-message AuthServiceCompleteFlow {
-  message Request{
-    string callback_url = 1 [(gogoproto.customname) = "CallbackURL"];
-  }
-  message Reply{
-    string token_id = 1 [(gogoproto.customname) = "TokenID"];
-  }
-}
-
-message AuthServiceInitFlow {
-  message Request {
-    string auth_url = 1 [(gogoproto.customname) = "AuthURL"];
-    repeated string services = 3;
-  }
-  message Reply {
-    string url = 1 [(gogoproto.customname) = "URL"];
-    bool secure_url = 2 [(gogoproto.customname) = "SecureURL"];
-  }
-}
-
 message CredentialVerificationServiceInitFlow {
   message Request {
     string service_url = 1 [(gogoproto.customname) = "ServiceURL"];
@@ -1208,25 +1139,12 @@ message VerifiedCredentialsList {
   }
 }
 
-message ServicesTokenList {
-  message Request{}
-  message Reply{
-    string token_id = 1 [(gogoproto.customname) = "TokenID"];
-    ServiceToken service = 2;
-  }
-}
-
-message ServicesTokenCode {
-  repeated string services = 1;
-  string code_challenge = 2;
-  string token_id = 3 [(gogoproto.customname) = "TokenID"];
-}
-
-
 message ReplicationServiceRegisterGroup {
   message Request{
-    string token_id = 1 [(gogoproto.customname) = "TokenID"];
-    bytes group_pk = 2 [(gogoproto.customname) = "GroupPK"];
+    bytes group_pk = 1 [(gogoproto.customname) = "GroupPK"];
+    string token = 2;
+    string authentication_url = 3 [(gogoproto.customname) = "AuthenticationURL"];
+    string replication_server = 4;
   }
   message Reply{}
 }

diff --git a/api_replication.go b/api_replication.go
@@ -11,7 +11,6 @@ import (
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 
-	"berty.tech/weshnet/pkg/authtypes"
 	"berty.tech/weshnet/pkg/errcode"
 	"berty.tech/weshnet/pkg/grpcutil"
 	"berty.tech/weshnet/pkg/logutil"
@@ -48,6 +47,18 @@ func (s *service) ReplicationServiceRegisterGroup(ctx context.Context, request *
 	ctx, _, endSection := tyber.Section(ctx, s.logger, "Registering replication service for group")
 	defer func() { endSection(err, "") }()
 
+	if request.GroupPK == nil {
+		return nil, errcode.ErrInvalidInput.Wrap(fmt.Errorf("invalid GroupPK"))
+	}
+
+	if request.Token == "" {
+		return nil, errcode.ErrInvalidInput.Wrap(fmt.Errorf("invalid token"))
+	}
+
+	if request.ReplicationServer == "" {
+		return nil, errcode.ErrInvalidInput.Wrap(fmt.Errorf("invalid replication server"))
+	}
+
 	gc, err := s.GetContextGroupForID(request.GroupPK)
 	if err != nil {
 		return nil, errcode.ErrInvalidInput.Wrap(err)
@@ -63,31 +74,8 @@ func (s *service) ReplicationServiceRegisterGroup(ctx context.Context, request *
 		return nil, errcode.ErrGroupMissing
 	}
 
-	token, err := accountGroup.metadataStore.getServiceToken(request.TokenID)
-	if err != nil {
-		return nil, errcode.ErrInvalidInput.Wrap(err)
-	}
-
-	if token == nil {
-		return nil, errcode.ErrInvalidInput.Wrap(fmt.Errorf("invalid token"))
-	}
-
-	endpoint := ""
-	for _, t := range token.SupportedServices {
-		if t.ServiceType != authtypes.ServiceReplicationID {
-			continue
-		}
-
-		endpoint = t.ServiceEndpoint
-		break
-	}
-
-	if endpoint == "" {
-		return nil, errcode.ErrServiceReplicationMissingEndpoint
-	}
-
 	gopts := []grpc.DialOption{
-		grpc.WithPerRPCCredentials(grpcutil.NewUnsecureSimpleAuthAccess("bearer", token.Token)),
+		grpc.WithPerRPCCredentials(grpcutil.NewUnsecureSimpleAuthAccess("bearer", request.Token)),
 	}
 
 	if s.grpcInsecure {
@@ -99,7 +87,7 @@ func (s *service) ReplicationServiceRegisterGroup(ctx context.Context, request *
 		gopts = append(gopts, grpc.WithTransportCredentials(tlsconfig))
 	}
 
-	cc, err := grpc.DialContext(context.Background(), endpoint, gopts...)
+	cc, err := grpc.DialContext(context.Background(), request.ReplicationServer, gopts...)
 	if err != nil {
 		return nil, errcode.ErrStreamWrite.Wrap(err)
 	}
@@ -114,7 +102,7 @@ func (s *service) ReplicationServiceRegisterGroup(ctx context.Context, request *
 
 	s.logger.Info("group will be replicated", logutil.PrivateString("public-key", base64.RawURLEncoding.EncodeToString(request.GroupPK)))
 
-	if _, err := gc.metadataStore.SendGroupReplicating(ctx, token, endpoint); err != nil {
+	if _, err := gc.metadataStore.SendGroupReplicating(ctx, request.AuthenticationURL, request.ReplicationServer); err != nil {
 		s.logger.Error("error while notifying group about replication", zap.Error(err))
 	}