get engine public jwk

narval-xyz · Apr 2, 2024 · a25bddd · a25bddd
1 parent f1e8bb9
commit a25bddd
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 4 deletions.
diff --git a/apps/devtool/src/app/policy-engine/_components/PolicyEngineConfig.tsx b/apps/devtool/src/app/policy-engine/_components/PolicyEngineConfig.tsx
@@ -4,7 +4,7 @@ import { faCheckCircle, faSpinner } from '@fortawesome/pro-regular-svg-icons'
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'
 import { Curves, Jwk, KeyTypes, SigningAlg } from '@narval/signature'
 import axios from 'axios'
-import { useState } from 'react'
+import { useEffect, useState } from 'react'
 import { useAccount } from 'wagmi'
 import NarButton from '../../_design-system/NarButton'
 import NarInput from '../../_design-system/NarInput'
@@ -30,6 +30,20 @@ const PolicyEngineConfig = () => {
   const [isProcessing, setIsProcessing] = useState<boolean>(false)
   const [isOnboarded, setIsOnboarded] = useState<boolean>(false)
 
+  useEffect(() => {
+    const getEngineJwk = async () => {
+      const { data } = await axios.get(`${engineUrl}/jwk`, {
+        headers: {
+          'x-client-id': engineClientId,
+          'x-client-secret': engineClientSecret
+        }
+      })
+
+      console.log(data)
+    }
+    getEngineJwk()
+  }, [])
+
   const onboard = async () => {
     if (!account.address) return
 

diff --git a/apps/policy-engine/src/engine/app.controller.ts b/apps/policy-engine/src/engine/app.controller.ts
@@ -1,13 +1,18 @@
 import { FIXTURE } from '@narval/policy-engine-shared'
-import { Controller, Get, Logger, Post } from '@nestjs/common'
+import { Controller, Get, HttpCode, HttpStatus, Logger, Post, UseGuards } from '@nestjs/common'
+import { ClientSecretGuard } from '../shared/guard/client-secret.guard'
 import { generateInboundEvaluationRequest } from '../shared/testing/evaluation.testing'
 import { EvaluationService } from './core/service/evaluation.service'
+import { TenantService } from './core/service/tenant.service'
 
 @Controller()
 export class AppController {
   private logger = new Logger(AppController.name)
 
-  constructor(private readonly evaluationService: EvaluationService) {}
+  constructor(
+    private readonly evaluationService: EvaluationService,
+    private readonly tenantService: TenantService
+  ) {}
 
   @Get()
   healthcheck() {
@@ -22,6 +27,19 @@ export class AppController {
     return 'pong'
   }
 
+  @Get('/jwk')
+  @HttpCode(HttpStatus.OK)
+  @UseGuards(ClientSecretGuard)
+  async getJwk() {
+    try {
+      const jwk = await this.tenantService.findEngineJwk()
+
+      return jwk
+    } catch (error) {
+      return { ok: false }
+    }
+  }
+
   @Post('/evaluation-demo')
   async evaluateDemo() {
     const evaluation = await generateInboundEvaluationRequest()

diff --git a/apps/policy-engine/src/engine/core/service/tenant.service.ts b/apps/policy-engine/src/engine/core/service/tenant.service.ts
@@ -1,4 +1,5 @@
 import { EntityStore, PolicyStore } from '@narval/policy-engine-shared'
+import { Jwk, privateKeyToHex, secp256k1PrivateKeyToPublicJwk } from '@narval/signature'
 import { HttpStatus, Injectable, Logger } from '@nestjs/common'
 import { ApplicationException } from '../../../shared/exception/application.exception'
 import { Tenant } from '../../../shared/type/domain.type'
@@ -123,6 +124,17 @@ export class TenantService {
     return this.tenantRepository.findPolicyStore(clientId)
   }
 
+  async findEngineJwk(): Promise<Jwk | null> {
+    const signerConfig = await this.tenantRepository.findSignerConfigKey()
+
+    if (signerConfig?.key) {
+      const hexPrivateKey = privateKeyToHex(signerConfig.key)
+      return secp256k1PrivateKeyToPublicJwk(hexPrivateKey)
+    }
+
+    return null
+  }
+
   async findAll(): Promise<Tenant[]> {
     return this.tenantRepository.findAll()
   }

diff --git a/apps/policy-engine/src/engine/persistence/repository/tenant.repository.ts b/apps/policy-engine/src/engine/persistence/repository/tenant.repository.ts
@@ -3,7 +3,7 @@ import { Injectable } from '@nestjs/common'
 import { compact } from 'lodash/fp'
 import { EncryptKeyValueService } from '../../../shared/module/key-value/core/service/encrypt-key-value.service'
 import { tenantIndexSchema, tenantSchema } from '../../../shared/schema/tenant.schema'
-import { Tenant } from '../../../shared/type/domain.type'
+import { EngineSignerConfig, Tenant } from '../../../shared/type/domain.type'
 
 @Injectable()
 export class TenantRepository {
@@ -64,6 +64,16 @@ export class TenantRepository {
     return null
   }
 
+  async findSignerConfigKey(): Promise<EngineSignerConfig | null> {
+    const value = await this.encryptKeyValueService.get(this.getSignerConfigKey())
+
+    if (value) {
+      return JSON.parse(value)
+    }
+
+    return null
+  }
+
   // TODO: (@wcalderipe, 07/03/24) we need to rethink this strategy. If we use a
   // SQL database, this could generate a massive amount of queries; thus,
   // degrading the performance.
@@ -105,6 +115,10 @@ export class TenantRepository {
     return `tenant:${clientId}:policy-store`
   }
 
+  getSignerConfigKey(): string {
+    return `engine:${process.env.ENGINE_UID}:signer-config`
+  }
+
   private async index(tenant: Tenant): Promise<boolean> {
     const currentIndex = await this.getTenantIndex()