Merge pull request #543 from 0xPolygonID/develop

Sync Main from Develop

.gitignore

@@ -16,6 +16,9 @@ infrastructure/local/.vault/plugins
 infrastructure/local/.vault/policies
 infrastructure/local/.vault/file
 
+tools/changelog/input.md
+tools/changelog/changelog.md
+
 .fleet
 .vscode/
 

Dockerfile

@@ -5,15 +5,18 @@ ENV GOBIN /service/bin
 COPY ./api ./api
 COPY ./api_ui ./api_ui
 COPY ./cmd ./cmd
+COPY ./tools/vault-migrator ./tools/vault-migrator
 COPY ./internal ./internal
 COPY ./pkg ./pkg
 COPY ./go.mod ./
 COPY ./go.sum ./
 RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./cmd/...
+RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./tools/...
 
 FROM alpine:latest
 RUN apk add --no-cache libstdc++ gcompat libgomp
 RUN apk add --update busybox>1.3.1-r0
+RUN apk add --update openssl>3.1.4-r1
 RUN ln -sfv ld-linux-x86-64.so.2 /lib/libresolv.so.2
 
 RUN apk add doas; \

Dockerfile-arm

@@ -5,23 +5,26 @@ ENV GOBIN /service/bin
 COPY ./api ./api
 COPY ./api_ui ./api_ui
 COPY ./cmd ./cmd
+COPY ./tools/vault-migrator ./tools/vault-migrator
 COPY ./internal ./internal
 COPY ./pkg ./pkg
 COPY ./go.mod ./
 COPY ./go.sum ./
 RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./cmd/...
+RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./tools/...
 
-FROM alpine:latest
-RUN apk add --no-cache libstdc++ gcompat libgomp
-RUN apk add --update busybox>1.3.1-r0
-RUN ln -sfv ld-linux-x86-64.so.2 /lib/libresolv.so.2
-
-RUN apk add doas; \
-    adduser -S issuer -D -G wheel; \
-    echo 'permit nopass :wheel as root' >> /etc/doas.d/doas.conf;
-RUN chmod g+rx,o+rx /
-
-COPY --from=base ./service/api ./api
-COPY --from=base ./service/api_ui ./api_ui
-COPY --from=base ./service/bin/* ./
-COPY --from=base ./service/pkg/credentials ./pkg/credentials
+#FROM alpine:latest
+#RUN apk add --no-cache libstdc++ gcompat libgomp
+#RUN apk add --update busybox>1.3.1-r0
+#RUN apk add --update openssl>3.1.4-r1
+#RUN ln -sfv ld-linux-x86-64.so.2 /lib/libresolv.so.2
+#
+#RUN apk add doas; \
+#    adduser -S issuer -D -G wheel; \
+#    echo 'permit nopass :wheel as root' >> /etc/doas.d/doas.conf;
+#RUN chmod g+rx,o+rx /
+#
+#COPY --from=base ./service/api ./api
+#COPY --from=base ./service/api_ui ./api_ui
+#COPY --from=base ./service/bin/* ./
+#COPY --from=base ./service/pkg/credentials ./pkg/credentials

Makefile

@@ -201,21 +201,15 @@ add-host-url-swagger:
 
 .PHONY: rm-issuer-imgs
 rm-issuer-imgs: stop
-	docker rmi -f issuer-api issuer-ui issuer-api-ui issuer-pending_publisher|| true
+	$(DOCKER_COMPOSE_CMD) rm -f
+	docker rmi -f issuer-api issuer-ui issuer-api-ui issuer-pending_publisher
 
 .PHONY: restart-ui
 restart-ui: rm-issuer-imgs up run run-ui
 
 .PHONY: restart-ui-arm
 restart-ui-arm: rm-issuer-imgs up run-arm run-ui-arm
 
-
-## usage: make new_password=xxx change-vault-password
-#.PHONY: change-vault-password
-#change-vault-password:
-#	docker exec issuer-vault-1 \
-#	vault write auth/userpass/users/issuernode password=$(new_password)
-
 .PHONY: print-did
 print-did:
 	docker exec issuer-vault-1 \
@@ -225,4 +219,17 @@ print-did:
 .PHONY: delete-did
 delete-did:
 	docker exec issuer-vault-1 \
-	vault kv delete kv/did
+	vault kv delete kv/did
+
+
+# usage: make vault_token=xxx vault-export-keys
+.PHONY: vault-export-keys
+vault-export-keys:
+	docker build -t issuer-vault-export-keys .
+	docker run --rm -it --network=issuer-network -v $(shell pwd):/keys issuer-vault-export-keys ./vault-migrator -operation=export -output-file=keys.json -vault-token=$(vault_token) -vault-addr=http://vault:8200
+
+# usage: make vault_token=xxx vault-import-keys
+.PHONY: vault-import-keys
+vault-import-keys:
+	docker build -t issuer-vault-import-keys .
+	docker run --rm -it --network=issuer-network -v $(shell pwd)/keys.json:/keys.json issuer-vault-import-keys ./vault-migrator -operation=import -input-file=keys.json -vault-token=$(vault_token) -vault-addr=http://vault:8200

README.md

@@ -30,10 +30,10 @@ These steps can be followed to get up and running with all features as quickly a
 1. Run `make up`. This launches 3 containers with Postgres, Redis and Vault. Ignore the warnings about variables, since those are set up in the next step.
 1. **If you are on an Apple Silicon chip (e.g. M1/M2), run `make run-arm`**. Otherwise, run `make run`. This starts up the issuer API, whose frontend can be accessed via the browser (default <http://localhost:3001>).
 1. [Add](#import-wallet-private-key-to-vault) your Ethereum private key to the Vault.
-1. [Add](#add-vault-to-configuration-file) the Vault to the config.
-1. [Create](#create-issuer-did) your issuer DID.
-1. _(Optional)_ To run the UI with its own API, first copy `.env-ui.sample` as `.env-ui`. Please see the [configuration](#development-ui) section for more details.
-1. _(Optional)_ Run `make run-ui` (or `make run-ui-arm` on Apple Silicon) to have the Web UI available on <http://localhost:8088> (in production mode). Its HTTP auth credentials are set in `.env-ui`. The UI API also has a frontend for API documentation (default <http://localhost:3002>).
+2. [Setup vault](#setup-vault).
+3. [Create](#create-issuer-did) your issuer DID.
+4. _(Optional)_ To run the UI with its own API, first copy `.env-ui.sample` as `.env-ui`. Please see the [configuration](#development-ui) section for more details.
+5. _(Optional)_ Run `make run-ui` (or `make run-ui-arm` on Apple Silicon) to have the Web UI available on <http://localhost:8088> (in production mode). Its HTTP auth credentials are set in `.env-ui`. The UI API also has a frontend for API documentation (default <http://localhost:3002>).
 
 #### Docker Guide Requirements
 
@@ -169,7 +169,7 @@ make private_key=<YOUR_WALLET_PRIVATE_KEY> add-private-key;
 #   Success! Data written to: iden3/import/pbkey
 ```
 
-#### ~~Add Vault To Configuration File~~ Setup Vault
+#### Setup Vault
 
 ##### Option 1: Using root vault token (not recommended :thumbsdown:)
 This will get the vault token from the Hashicorp vault docker instance and add it to our `./env-issuer` file.
@@ -189,9 +189,9 @@ make add-vault-token;
 #   mv .env-issuer.tmp .env-issuer
 ```
 
-##### Option 2: Using user and pass authentication method (recommended :thumbsup:) 
-In order to use the user and pass authentication method, we need to create a password in the vault. **This approach for 
-the authentication method is recommended for production environments, and it is the preferred method of 
+##### Option 2: Using user and pass authentication method (recommended :thumbsup:)
+In order to use the user and pass authentication method, we need to create a password in the vault. **This approach for
+the authentication method is recommended for production environments, and it is the preferred method of
 the issuer node contributors team.** Please try to avoid using the root token authentication method.
 
 ```bash
@@ -204,8 +204,8 @@ ISSUER_VAULT_USERPASS_AUTH_ENABLED=true
 ISSUER_VAULT_USERPASS_AUTH_PASSWORD=your_new_password
 #ISSUER_KEY_STORE_TOKEN=<Key Store Vault Token>
 ```
-with the code above, the vault will be initialized with the user and pass authentication method and the root token will 
-be disabled. You can change the password as many times as you want, but you will need to update the `.env-issuer` file 
+with the code above, the vault will be initialized with the user and pass authentication method and the root token will
+be disabled. You can change the password as many times as you want, but you will need to update the `.env-issuer` file
 after running the command above.
 
 #### Create Issuer DID
@@ -434,10 +434,10 @@ Make sure you have Postgres, Redis and Vault properly installed & configured. Do
 1. Run `./bin/platform` command to start the issuer.
 1. Run `./bin/pending_publisher`. This checks that publishing transactions to the blockchain works.
 1. [Add](#import-wallet-private-key-to-vault) your Ethereum private key to the Vault.
-1. [Add](#add-vault-to-configuration-file) the Vault to the config.
-1. [Create](#create-issuer-did) your issuer DID.
-1. _(Optional)_ To set up the UI with its own API, first copy `.env-ui.sample` as `.env-ui`. Please see the [configuration](#configuration) section for more details.
-1. _Documentation pending: standalone UI setup._
+2. [Setup vault](#setup-vault).
+3. [Create](#create-issuer-did) your issuer DID.
+4. _(Optional)_ To set up the UI with its own API, first copy `.env-ui.sample` as `.env-ui`. Please see the [configuration](#configuration) section for more details.
+5. _Documentation pending: standalone UI setup._
 
 ---
 

api_ui/api.yaml

@@ -1153,6 +1153,9 @@ components:
         userID:
           type: string
           example: did:polygonid:polygon:mumbai:2qFpPHotk6oyaX1fcrpQFT4BMnmg8YszUwxYtaoGoe
+        schemaTypeDescription:
+          type: string
+          example: "KYC Age Credential"
 
     Link:
       type: object

internal/api_ui/responses.go

@@ -82,18 +82,19 @@ func credentialResponse(w3c *verifiable.W3CCredential, credential *domain.Claim)
 	proofs := getProofs(credential)
 
 	return Credential{
-		CredentialSubject: w3c.CredentialSubject,
-		CreatedAt:         TimeUTC(*w3c.IssuanceDate),
-		Expired:           expired,
-		ExpiresAt:         expiresAt,
-		Id:                credential.ID,
-		ProofTypes:        proofs,
-		RevNonce:          uint64(credential.RevNonce),
-		Revoked:           credential.Revoked,
-		SchemaHash:        credential.SchemaHash,
-		SchemaType:        shortType(credential.SchemaType),
-		SchemaUrl:         credential.SchemaURL,
-		UserID:            credential.OtherIdentifier,
+		CredentialSubject:     w3c.CredentialSubject,
+		CreatedAt:             TimeUTC(*w3c.IssuanceDate),
+		Expired:               expired,
+		ExpiresAt:             expiresAt,
+		Id:                    credential.ID,
+		ProofTypes:            proofs,
+		RevNonce:              uint64(credential.RevNonce),
+		Revoked:               credential.Revoked,
+		SchemaHash:            credential.SchemaHash,
+		SchemaType:            shortType(credential.SchemaType),
+		SchemaUrl:             credential.SchemaURL,
+		UserID:                credential.OtherIdentifier,
+		SchemaTypeDescription: credential.SchemaTypeDescription,
 	}
 }
 

internal/core/domain/claim.go

@@ -44,9 +44,10 @@ type Claim struct {
 	CredentialStatus pgtype.JSONB    `json:"credential_status"`
 	HIndex           string          `json:"-"`
 
-	MtProof   bool       `json:"mt_poof"`
-	LinkID    *uuid.UUID `json:"-"`
-	CreatedAt time.Time  `json:"-"`
+	MtProof               bool       `json:"mt_poof"`
+	LinkID                *uuid.UUID `json:"-"`
+	CreatedAt             time.Time  `json:"-"`
+	SchemaTypeDescription *string    `json:"schema_type_description"`
 }
 
 // Credentials is the type of array of credential

internal/core/ports/claims_service.go

@@ -31,6 +31,7 @@ type CreateClaimRequest struct {
 	LinkID                *uuid.UUID
 	SingleIssuer          bool
 	CredentialStatusType  verifiable.CredentialStatusType
+	SchemaTypeDescription string
 }
 
 // AgentRequest struct

internal/core/services/claims.go

@@ -196,6 +196,7 @@ func (c *claim) CreateCredential(ctx context.Context, req *ports.CreateClaimRequ
 	claim.Identifier = &issuerDIDString
 	claim.Issuer = issuerDIDString
 	claim.ID = vcID
+	claim.SchemaTypeDescription = &req.Type
 
 	if req.SignatureProof {
 		authClaim, err := c.GetAuthClaim(ctx, req.DID)
@@ -295,7 +296,11 @@ func (c *claim) GetByID(ctx context.Context, issID *w3c.DID, id uuid.UUID) (*dom
 
 // GetCredentialQrCode creates a credential QR code for the given credential and returns the QR Link to be used
 func (c *claim) GetCredentialQrCode(ctx context.Context, issID *w3c.DID, id uuid.UUID, hostURL string) (string, string, error) {
-	getCredentialType := func(credentialType string) string {
+	getCredentialType := func(claim domain.Claim) string {
+		if claim.SchemaTypeDescription != nil {
+			return *claim.SchemaTypeDescription
+		}
+		credentialType := claim.SchemaType
 		const schemaParts = 2
 		parse := strings.Split(credentialType, "#")
 		if len(parse) != schemaParts {
@@ -313,7 +318,7 @@ func (c *claim) GetCredentialQrCode(ctx context.Context, issID *w3c.DID, id uuid
 		Body: protocol.CredentialsOfferMessageBody{
 			Credentials: []protocol.CredentialOffer{
 				{
-					Description: getCredentialType(claim.SchemaType),
+					Description: getCredentialType(*claim),
 					ID:          claim.ID.String(),
 				},
 			},
@@ -335,7 +340,7 @@ func (c *claim) GetCredentialQrCode(ctx context.Context, issID *w3c.DID, id uuid
 	if err != nil {
 		return "", "", err
 	}
-	return c.qrService.ToURL(hostURL, qrID), getCredentialType(claim.SchemaType), nil
+	return c.qrService.ToURL(hostURL, qrID), getCredentialType(*claim), nil
 }
 
 func (c *claim) Agent(ctx context.Context, req *ports.AgentRequest) (*domain.Agent, error) {

internal/db/schema/migrations/202311080942897_add_schema_type_description_to_claims.sql

@@ -0,0 +1,11 @@
+-- +goose Up
+-- +goose StatementBegin
+ALTER TABLE claims
+    ADD COLUMN schema_type_description text;
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+ALTER TABLE claims
+DROP COLUMN schema_type_description;
+-- +goose StatementEnd