Identity Proof Basic Implementation (#626)

Author: zupzup

CHANGELOG.md

@@ -1,6 +1,7 @@
 # 0.4.6
 
 * Add basic logic for implementing (social) identity proofs
+* Add persistence, basic service layer and WASM API for identity proofs
 
 # 0.4.5
 

crates/bcr-ebill-api/src/data/mod.rs

@@ -2,6 +2,7 @@ pub use bcr_ebill_core::bill;
 pub use bcr_ebill_core::company;
 pub use bcr_ebill_core::contact;
 pub use bcr_ebill_core::identity;
+pub use bcr_ebill_core::identity_proof;
 pub use bcr_ebill_core::mint;
 pub use bcr_ebill_core::nostr_contact;
 pub use bcr_ebill_core::notification;

crates/bcr-ebill-api/src/external/identity_proof.rs

@@ -1,10 +1,9 @@
-use std::fmt;
-use std::str::FromStr;
-
 use async_trait::async_trait;
-use bcr_ebill_core::{NodeId, ServiceTraitBounds};
+use bcr_ebill_core::{
+    ServiceTraitBounds,
+    identity_proof::{IdentityProofStamp, IdentityProofStatus},
+};
 use log::error;
-use secp256k1::{SecretKey, schnorr::Signature};
 use thiserror::Error;
 use url::Url;
 
@@ -29,33 +28,20 @@ pub enum Error {
     #[error("External Identity Proof Crypto error: {0}")]
     Crypto(#[from] util::crypto::Error),
     /// all errors originating from interacting with base58
-    #[error("External Identity Proof Base58 error: {0}")]
-    Base58(#[from] util::Error),
+    #[error("External Identity Proof Validation error: {0}")]
+    Validation(#[from] util::ValidationError),
 }
 
 #[cfg_attr(test, automock)]
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 pub trait IdentityProofApi: ServiceTraitBounds {
-    /// Sign the base58 sha256 hash of the given node_id using the given keys and returns the resulting signature
-    /// This is the string users are supposed to post on their social media
-    fn create_identity_proof(
-        &self,
-        node_id: &NodeId,
-        private_key: &SecretKey,
-    ) -> Result<IdentityProof>;
-    /// Verifies that the given node_id corresponds to the given identity proof
-    fn verify_identity_proof(
-        &self,
-        node_id: &NodeId,
-        identity_proof: &IdentityProof,
-    ) -> Result<bool>;
     /// Checks if the given identity proof somewhere in the (successful) response of calling the given URL
     async fn check_url(
         &self,
-        identity_proof: &IdentityProof,
+        identity_proof_stamp: &IdentityProofStamp,
         url: &Url,
-    ) -> CheckIdentityProofResult;
+    ) -> IdentityProofStatus;
 }
 
 #[derive(Debug, Clone, Default)]
@@ -79,32 +65,11 @@ impl ServiceTraitBounds for MockIdentityProofApi {}
 #[cfg_attr(target_arch = "wasm32", async_trait(?Send))]
 #[cfg_attr(not(target_arch = "wasm32"), async_trait)]
 impl IdentityProofApi for IdentityProofClient {
-    fn create_identity_proof(
-        &self,
-        node_id: &NodeId,
-        private_key: &SecretKey,
-    ) -> Result<IdentityProof> {
-        let hash = util::sha256_hash(node_id.to_string().as_bytes());
-        let signature = util::crypto::signature(&hash, private_key).map_err(Error::Crypto)?;
-        Ok(IdentityProof::from_str(&signature)?)
-    }
-
-    fn verify_identity_proof(
-        &self,
-        node_id: &NodeId,
-        identity_proof: &IdentityProof,
-    ) -> Result<bool> {
-        let hash = util::sha256_hash(node_id.to_string().as_bytes());
-        let verified = util::crypto::verify(&hash, &identity_proof.to_string(), &node_id.pub_key())
-            .map_err(Error::Crypto)?;
-        Ok(verified)
-    }
-
     async fn check_url(
         &self,
-        identity_proof: &IdentityProof,
+        identity_proof: &IdentityProofStamp,
         url: &Url,
-    ) -> CheckIdentityProofResult {
+    ) -> IdentityProofStatus {
         // Make an unauthenticated request to the given URL and retrieve its body
         match self.cl.get(url.to_owned()).send().await {
             Ok(res) => {
@@ -114,111 +79,48 @@ impl IdentityProofApi for IdentityProofClient {
                             Ok(body) => {
                                 // Check if the identity proof is contained in the response
                                 if identity_proof.is_contained_in(&body) {
-                                    CheckIdentityProofResult::Success
+                                    IdentityProofStatus::Success
                                 } else {
-                                    CheckIdentityProofResult::NotFound
+                                    IdentityProofStatus::NotFound
                                 }
                             }
                             Err(body_err) => {
                                 error!("Error checking url: {url} for identity proof: {body_err}");
-                                CheckIdentityProofResult::FailureClient
+                                IdentityProofStatus::FailureClient
                             }
                         }
                     }
                     Err(e) => {
                         error!("Error checking url: {url} for identity proof: {e}");
                         if let Some(status) = e.status() {
                             if status.is_client_error() {
-                                CheckIdentityProofResult::FailureClient
+                                IdentityProofStatus::FailureClient
                             } else if status.is_server_error() {
-                                CheckIdentityProofResult::FailureServer
+                                IdentityProofStatus::FailureServer
                             } else {
-                                CheckIdentityProofResult::FailureConnect
+                                IdentityProofStatus::FailureConnect
                             }
                         } else {
-                            CheckIdentityProofResult::FailureConnect
+                            IdentityProofStatus::FailureConnect
                         }
                     }
                 }
             }
             Err(req_err) => {
                 error!("Error checking url: {url} for identity proof: {req_err}");
-                CheckIdentityProofResult::FailureConnect
+                IdentityProofStatus::FailureConnect
             }
         }
     }
 }
 
-#[derive(Debug, Clone)]
-pub struct IdentityProof {
-    inner: Signature,
-}
-
-impl IdentityProof {
-    /// Checks if the identity proof signature string is within the given body of text
-    pub fn is_contained_in(&self, body: &str) -> bool {
-        let self_str = self.to_string();
-        body.contains(&self_str)
-    }
-}
-
-impl fmt::Display for IdentityProof {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{}", util::base58_encode(&self.inner.serialize()))
-    }
-}
-
-impl From<Signature> for IdentityProof {
-    fn from(value: Signature) -> Self {
-        Self { inner: value }
-    }
-}
-
-impl FromStr for IdentityProof {
-    type Err = Error;
-    fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
-        Ok(Self {
-            inner: Signature::from_slice(&util::base58_decode(s)?)?,
-        })
-    }
-}
-
-#[derive(Debug, Clone)]
-pub enum CheckIdentityProofResult {
-    /// The request succeeded and we found the signature we were looking for in the response
-    Success,
-    /// The request succeeded, but we didn't find the signature we were looking for in the response
-    NotFound,
-    /// The request failed with a connection error
-    FailureConnect,
-    /// The request failed with a client error (4xx)
-    FailureClient,
-    /// The request failed with a server error (5xx)
-    FailureServer,
-}
-
 #[cfg(test)]
 pub mod tests {
-    use crate::tests::tests::{node_id_test, private_key_test};
-
-    use super::*;
-
-    #[test]
-    fn test_create_and_verify() {
-        let node_id = node_id_test();
-        let private_key = private_key_test();
+    use std::str::FromStr;
 
-        let identity_proof_client = IdentityProofClient::new();
+    use crate::tests::tests::node_id_test;
 
-        let identity_proof = identity_proof_client
-            .create_identity_proof(&node_id, &private_key)
-            .expect("can create identity proof");
-        assert!(
-            identity_proof_client
-                .verify_identity_proof(&node_id, &identity_proof)
-                .expect("can verify identity proof")
-        );
-    }
+    use super::*;
 
     #[tokio::test]
     #[ignore]
@@ -230,32 +132,25 @@ pub mod tests {
         let identity_proof_client = IdentityProofClient::new();
 
         // is a valid identity proof
-        let identity_proof = IdentityProof::from_str("2DmtcWtNk2hvXaBCUAng63Gn1VDBZEojMwoZWr2VqDL5LZNgszj26YT4Pj4MUSf5o4HSmdiAEENyuNQ5UEK7zG1p").expect("is valid");
-        assert!(
-            identity_proof_client
-                .verify_identity_proof(&node_id, &identity_proof)
-                .expect("can verify identity proof")
-        );
+        let identity_proof = IdentityProofStamp::from_str("2DmtcWtNk2hvXaBCUAng63Gn1VDBZEojMwoZWr2VqDL5LZNgszj26YT4Pj4MUSf5o4HSmdiAEENyuNQ5UEK7zG1p").expect("is valid");
+        assert!(identity_proof.verify_against_node_id(&node_id));
 
         let valid_url = Url::parse("https://primal.net/e/nevent1qqs24kk3m0rc8e7a6f8k8daddqes0a2n74jszdszppu84e6y5q8ss3cy2rxs4").unwrap();
         let check_url_res = identity_proof_client
             .check_url(&identity_proof, &valid_url)
             .await;
-        assert!(matches!(check_url_res, CheckIdentityProofResult::Success));
+        assert!(matches!(check_url_res, IdentityProofStatus::Success));
 
         let not_found_url = Url::parse("https://primal.net/e/nevent1qqsv64erdk323pkpuzqspyk3e842egaeuu8v6js970tvnyjlkjakzqc0whefs").unwrap();
         let check_url_res = identity_proof_client
             .check_url(&identity_proof, &not_found_url)
             .await;
-        assert!(matches!(check_url_res, CheckIdentityProofResult::NotFound));
+        assert!(matches!(check_url_res, IdentityProofStatus::NotFound));
 
         let invalid_url = Url::parse("https://www.bit.cr/does-not-exist-ever").unwrap();
         let check_url_res = identity_proof_client
             .check_url(&identity_proof, &invalid_url)
             .await;
-        assert!(matches!(
-            check_url_res,
-            CheckIdentityProofResult::FailureClient
-        ));
+        assert!(matches!(check_url_res, IdentityProofStatus::FailureClient));
     }
 }

crates/bcr-ebill-api/src/persistence/mod.rs

@@ -10,12 +10,14 @@ use bcr_ebill_persistence::{
     bill::{BillChainStoreApi, BillStoreApi},
     company::{CompanyChainStoreApi, CompanyStoreApi},
     db::{
-        email_notification::SurrealEmailNotificationStore, mint::SurrealMintStore,
+        email_notification::SurrealEmailNotificationStore,
+        identity_proof::SurrealIdentityProofStore, mint::SurrealMintStore,
         nostr_contact_store::SurrealNostrContactStore,
         nostr_send_queue::SurrealNostrEventQueueStore, surreal::SurrealWrapper,
     },
     file_upload::FileUploadStoreApi,
     identity::{IdentityChainStoreApi, IdentityStoreApi},
+    identity_proof::IdentityProofStoreApi,
     mint::MintStoreApi,
     nostr::{NostrContactStoreApi, NostrQueuedMessageStoreApi},
     notification::EmailNotificationStoreApi,
@@ -53,6 +55,7 @@ pub struct DbContext {
     pub nostr_contact_store: Arc<dyn NostrContactStoreApi>,
     pub mint_store: Arc<dyn MintStoreApi>,
     pub nostr_chain_event_store: Arc<dyn NostrChainEventStoreApi>,
+    pub identity_proof_store: Arc<dyn IdentityProofStoreApi>,
 }
 
 /// Creates a new instance of the DbContext with the given SurrealDB configuration.
@@ -99,6 +102,7 @@ pub async fn get_db_context(
 
     let identity_store = Arc::new(SurrealIdentityStore::new(surreal_wrapper.clone()));
     let identity_chain_store = Arc::new(SurrealIdentityChainStore::new(surreal_wrapper.clone()));
+    let identity_proof_store = Arc::new(SurrealIdentityProofStore::new(surreal_wrapper.clone()));
     let company_chain_store = Arc::new(SurrealCompanyChainStore::new(surreal_wrapper.clone()));
 
     let nostr_event_offset_store =
@@ -135,5 +139,6 @@ pub async fn get_db_context(
         nostr_contact_store,
         mint_store,
         nostr_chain_event_store,
+        identity_proof_store,
     })
 }