use crate::{
content::github_verification::GitHubVerificationContent as Ctnt,
proof::github_verification::GitHubVerificationProof as Prf,
statement::github_verification::GitHubVerificationStatement as Stmt,
types::{
error::FlowError,
defs::{Flow, StatementResponse, Issuer, Proof, Statement, Subject, Instructions},
},
};
use async_trait::async_trait;
use regex::Regex;
use reqwest::{
Client,
header::{HeaderMap, USER_AGENT}
};
use schemars::schema_for;
use serde::{Deserialize, Serialize};
use serde_json::map::Map;
use tsify::Tsify;
use url::Url;
use wasm_bindgen::prelude::*;
#[derive(Clone, Debug, Deserialize, Serialize, Tsify)]
#[tsify(into_wasm_abi, from_wasm_abi)]
pub struct GitHubVerificationFlow {
pub user_agent: String,
pub delimiter: String,
}
#[derive(Deserialize, Debug, Serialize)]
pub struct GitHubResponse {
pub files: Map<String, serde_json::value::Value>,
pub owner: Owner,
pub history: Vec<History>,
}
#[derive(Deserialize, Debug, Serialize)]
pub struct Owner {
pub login: String,
}
#[derive(Deserialize, Debug, Serialize)]
pub struct History {
pub version: String,
}
#[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
#[cfg_attr(not(target_arch = "wasm32"), async_trait)]
impl Flow<Ctnt, Stmt, Prf> for GitHubVerificationFlow {
fn instructions(&self) -> Result<Instructions, FlowError> {
Ok(Instructions {
statement: "Enter your GitHub account handle to verify and include in a signed message using your wallet.".to_string(),
statement_schema: schema_for!(Stmt),
signature: "Sign the message presented to you containing your GitHub handle and addtional information.".to_string(),
witness: "Create a Gist with this message to create a link between your identifier and your GitHub handle.".to_string(),
witness_schema: schema_for!(Prf)
})
}
async fn statement<I: Issuer + Send + Clone>(
&self,
statement: Stmt,
_issuer: I,
) -> Result<StatementResponse, FlowError> {
Ok(StatementResponse {
statement: statement.generate_statement()?,
delimiter: Some(self.delimiter.to_owned())
})
}
async fn validate_proof<I: Issuer + Send>(&self, proof: Prf, _issuer: I) -> Result<Ctnt, FlowError> {
let client = Client::new();
let request_url = format!("https://api.github.com/gists/{}", proof.gist_id);
let re = Regex::new(r"^[a-zA-Z0-9]{32}$")
.map_err(|_| FlowError::BadLookup("could not generate gist id regex".to_string()))?;
if !re.is_match(&proof.gist_id) {
return Err(FlowError::BadLookup("gist id invalid".to_string()));
}
let mut headers = HeaderMap::new();
headers.insert(
USER_AGENT,
self.user_agent.to_string().parse().map_err(|_| {
FlowError::BadLookup("could not generate header for lookup".to_string())
})?,
);
let res: GitHubResponse = client
.get(Url::parse(&request_url).map_err(|e| FlowError::BadLookup(e.to_string()))?)
.headers(headers)
.send()
.await
.map_err(|e| FlowError::BadLookup(e.to_string()))?
.json()
.await
.map_err(|e| FlowError::BadLookup(e.to_string()))?;
if proof.statement.handle.to_lowercase() != res.owner.login.to_lowercase() {
return Err(FlowError::BadLookup(format!(
"handle mismatch, expected: {}, got: {}",
proof.statement.handle.to_lowercase(),
res.owner.login.to_lowercase()
)));
};
let s = serde_json::to_string(&res.files)
.map_err(|e| FlowError::BadLookup(e.to_string()))?;
for (_k, v) in res.files {
let object = match v.as_object() {
None => continue,
Some(x) => x,
};
let str_val = match object.get("content") {
None => continue,
Some(x) => x,
};
let p = match str_val.as_str() {
None => continue,
Some(x) => x,
};
let mut a = p.split(&self.delimiter);
let txt = a.next();
let txt_sig = a.next();
match (txt, txt_sig) {
(Some(stmt), Some(sig)) => {
if stmt != proof.statement.generate_statement()? {
continue;
}
proof.statement.subject.valid_signature(stmt, sig).await?;
return Ok(proof.to_content(stmt, sig)?)
}
_ => continue
}
}
Err(FlowError::BadLookup(
format!("Failed to find files in: {}", s),
))
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::{
test_util::util::{
test_ed25519_did, test_did_keypair,
test_eth_did, test_solana_did, test_witness_signature, MockFlow,
MockIssuer, TestKey, TestWitness, test_witness_statement,
},
types::{
enums::subject::Subjects,
defs::{Issuer, Proof, Statement, Subject},
},
};
fn mock_proof(key: fn() -> Subjects) -> Prf {
Prf {
statement: Stmt {
subject: key(),
handle: "foo".to_owned(),
},
gist_id: "not_tested".to_owned(),
}
}
#[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
#[cfg_attr(not(target_arch = "wasm32"), async_trait)]
impl Flow<Ctnt, Stmt, Prf> for MockFlow {
fn instructions(&self) -> Result<Instructions, FlowError> {
Ok(Instructions {
statement: "Unimplemented".to_string(),
statement_schema: schema_for!(Stmt),
signature: "Unimplemented".to_string(),
witness: "Unimplemented".to_string(),
witness_schema: schema_for!(Prf)
})
}
async fn statement<I: Issuer + Send + Clone>(
&self,
statement: Stmt,
_issuer: I,
) -> Result<StatementResponse, FlowError> {
Ok(StatementResponse {
statement: statement.generate_statement()?,
delimiter: Some("\n\n".to_string())
})
}
async fn validate_proof<I: Issuer + Send>(
&self,
proof: Prf,
_issuer: I,
) -> Result<Ctnt, FlowError> {
if self.statement != proof.statement.generate_statement()? {
return Err(FlowError::BadLookup("Mismatched statements".to_string()))
}
proof.statement.subject.valid_signature(&self.statement, &self.signature).await?;
Ok(proof
.to_content(&self.statement, &self.signature)
.map_err(FlowError::Proof)?)
}
}
#[tokio::test]
async fn mock_github() {
let did = mock_proof(test_eth_did);
let signature = test_witness_signature(TestWitness::GitHub, TestKey::Eth).unwrap();
let statement = test_witness_statement(TestWitness::GitHub, TestKey::Eth).unwrap();
let flow = MockFlow {
statement,
signature,
};
let i = MockIssuer {};
flow.unsigned_credential(did.clone(), test_eth_did(), i.clone())
.await
.unwrap();
let did = mock_proof(test_ed25519_did);
let signature = test_witness_signature(TestWitness::GitHub, TestKey::Ed25519).unwrap();
let statement = test_witness_statement(TestWitness::GitHub, TestKey::Ed25519).unwrap();
let flow = MockFlow {
statement,
signature,
};
flow.unsigned_credential(did.clone(), test_ed25519_did(), i.clone())
.await
.unwrap();
let did = mock_proof(test_solana_did);
let signature = test_witness_signature(TestWitness::GitHub, TestKey::Solana).unwrap();
let statement = test_witness_statement(TestWitness::GitHub, TestKey::Solana).unwrap();
let flow = MockFlow {
statement,
signature,
};
flow.unsigned_credential(did.clone(), test_solana_did(), i.clone())
.await
.unwrap();
}
#[tokio::test]
async fn mock_github_on_the_fly() {
let i = MockIssuer {};
let (subj1, iss1) = test_did_keypair().await.unwrap();
let ver_proof1 = Prf {
statement: Stmt {
subject: subj1.clone(),
handle: "foo".to_owned(),
},
gist_id: "unused".to_owned(),
};
let statement = ver_proof1.generate_statement().unwrap();
let signature = iss1.sign(&statement).await.unwrap();
let flow = MockFlow {
statement,
signature,
};
flow.unsigned_credential(ver_proof1.clone(), subj1.clone(), i.clone())
.await
.unwrap();
let (subj2, iss2) = test_did_keypair().await.unwrap();
let ver_proof2 = Prf {
statement: Stmt {
subject: subj2.clone(),
handle: "foo".to_owned(),
},
gist_id: "unused".to_owned(),
};
let statement = ver_proof2.generate_statement().unwrap();
let signature = iss2.sign(&statement).await.unwrap();
let flow = MockFlow {
statement,
signature,
};
flow.unsigned_credential(ver_proof2.clone(), subj2.clone(), i.clone())
.await
.unwrap();
let statement = ver_proof2.generate_statement().unwrap();
let signature = iss1.sign(&statement).await.unwrap();
let flow = MockFlow {
statement,
signature,
};
if flow
.unsigned_credential(ver_proof2.clone(), subj2.clone(), i.clone())
.await
.is_ok()
{
panic!("Approved bad signature");
};
}
}