Merge pull request #570 from 0xPolygonID/develop

Release 2.3.4

.github/workflows/dockerhub-dev.yml

@@ -43,28 +43,14 @@ jobs:
           push: true
           tags: 0xpolygon/issuernode-ui:${{ env.IMAGE_TAG }}
 
-      - name: Build and push amd64 image
+      - name: Build and push amd64 and arm64 image
         uses: docker/build-push-action@v4
         env:
           IMAGE_TAG: ${{ steps.version.outputs.VERSION }}
         with:
           context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }}
 
-      - name: Rename Docker Arm File
-        run: |
-          mv Dockerfile Dockerfile-amd
-          mv Dockerfile-arm Dockerfile
-
-      - name: Build and push arm64 image
-        uses: docker/build-push-action@v4
-        env:
-          IMAGE_TAG: ${{ steps.version.outputs.VERSION }}
-        with:
-          context: .
-          platforms: linux/arm64
-          push: true
-          tags: 0xpolygon/issuernode-arm:${{ env.IMAGE_TAG }}
 

.github/workflows/dockerhub-main.yml

@@ -37,27 +37,12 @@ jobs:
           push: true
           tags: 0xpolygon/issuernode-ui:${{ env.IMAGE_TAG }}
 
-      - name: Build and push amd64 image
+      - name: Build and push amd64 and arm64 image
         uses: docker/build-push-action@v4
         env:
           IMAGE_TAG: latest
         with:
           context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }}
-
-      - name: Rename Docker Arm File
-        run: |
-          mv Dockerfile Dockerfile-amd
-          mv Dockerfile-arm Dockerfile
-
-      - name: Build and push arm64 image
-        uses: docker/build-push-action@v4
-        env:
-          IMAGE_TAG: latest
-        with:
-          context: .
-          platforms: linux/arm64
-          push: true
-          tags: 0xpolygon/issuernode-arm:${{ env.IMAGE_TAG }}
+          tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }}

Makefile

@@ -115,13 +115,6 @@ stop:
 up-test:
 	$(DOCKER_COMPOSE_INFRA_CMD) up -d test_postgres vault test_local_files_apache
 
-.PHONY: clean-vault
-clean-vault:
-	rm -R infrastructure/local/.vault/data/init.out
-	rm -R infrastructure/local/.vault/file/core/
-	rm -R infrastructure/local/.vault/file/logical/
-	rm -R infrastructure/local/.vault/file/sys/
-
 $(BIN)/platformid-migrate:
 	$(BUILD_CMD) ./cmd/migrate
 
@@ -231,3 +224,10 @@ vault-export-keys:
 vault-import-keys:
 	docker build -t issuer-vault-import-keys .
 	docker run --rm -it --network=issuer-network -v $(shell pwd)/keys.json:/keys.json issuer-vault-import-keys ./vault-migrator -operation=import -input-file=keys.json -vault-token=$(vault_token) -vault-addr=http://vault:8200
+
+
+# usage: make new_password=xxx change-vault-password
+.PHONY: change-vault-password
+change-vault-password:
+	docker exec issuer-vault-1 \
+	vault write auth/userpass/users/issuernode password=$(new_password)

api_ui/api.yaml

@@ -1242,9 +1242,7 @@ components:
           x-omitempty: false
           nullable: true
         credentialExpiration:
-          type: string
-          format: date
-          example: "2022-12-20"
+          $ref: '#/components/schemas/TimeUTC'
           x-omitempty: false
           nullable: true
         createdAt:

infrastructure/local/.vault/config/policies.hcl

@@ -2,6 +2,10 @@ path "iden3/*" {
   capabilities = ["create", "read", "update", "delete", "list"]
 }
 
+path "secret/*" {
+  capabilities = ["create", "read", "update", "delete", "list"]
+}
+
 path "kv/*" {
   capabilities = ["create", "read", "update", "delete", "list"]
 }

infrastructure/local/.vault/scripts/init.sh

@@ -14,6 +14,7 @@ sleep 5
 FILE=/vault/data/init.out
 if [ ! -e "$FILE" ]; then
     echo -e "===== Initialize the Vault ====="
+    mkdir /vault/data/
     vault operator init > /vault/data/init.out
 fi
 
@@ -65,10 +66,17 @@ vault policy write issuernode /vault/config/policies.hcl
 
 echo "===== CREATE USERS ====="
 vault auth enable userpass
-vault write auth/userpass/users/issuernode \
-    password=issuernodepwd \
-    policies="admins,issuernode"
 
-echo $vault_token
+result=$(vault read auth/userpass/users/issuernode 2>&1)
+echo $result
 
+if [[ "$result" == "No value found at auth/userpass/users/issuernode" ]]; then
+    echo "issuernode user nor found, creating..."
+    vault write auth/userpass/users/issuernode \
+        password=issuernodepwd \
+        policies="admins,issuernode"
+else
+    echo "issuernode user found, skipping creation..."
+fi
+echo $vault_token
 tail -f /dev/null

infrastructure/local/docker-compose-infra.yml

@@ -56,8 +56,6 @@ services:
     volumes:
       - ./.vault/config:/vault/config
       - ./.vault/policies:/vault/policies
-      - ./.vault/data:/vault/data
-      - ./.vault/file:/vault/file:rw
       - ./.vault/scripts:/vault/scripts
       - ./.vault/plugins:/vault/plugins
     ports:

internal/api/main_test.go

@@ -63,8 +63,9 @@ func TestMain(m *testing.M) {
 	cachex = cache.NewMemoryCache()
 
 	vaultCli, err = providers.VaultClient(ctx, providers.Config{
-		Address: cfgForTesting.KeyStore.Address,
-		Token:   cfgForTesting.KeyStore.Token,
+		Address:             cfgForTesting.KeyStore.Address,
+		UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled,
+		Pass:                cfgForTesting.KeyStore.UserPassPassword,
 	})
 	if err != nil {
 		log.Error(ctx, "failed to acquire vault client", "err", err)

internal/api_ui/main_test.go

@@ -61,10 +61,10 @@ func TestMain(m *testing.M) {
 	storage = s
 
 	cachex = cache.NewMemoryCache()
-
 	vaultCli, err = providers.VaultClient(context.Background(), providers.Config{
-		Address: cfgForTesting.KeyStore.Address,
-		Token:   cfgForTesting.KeyStore.Token,
+		Address:             cfgForTesting.KeyStore.Address,
+		UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled,
+		Pass:                cfgForTesting.KeyStore.UserPassPassword,
 	})
 	if err != nil {
 		log.Error(ctx, "failed to acquire vault client", "err", err)

internal/api_ui/responses.go

@@ -6,10 +6,10 @@ import (
 	"time"
 
 	"github.com/iden3/go-schema-processor/v2/verifiable"
-	openapitypes "github.com/oapi-codegen/runtime/types"
 
 	"github.com/polygonid/sh-id-platform/internal/common"
 	"github.com/polygonid/sh-id-platform/internal/core/domain"
+	"github.com/polygonid/sh-id-platform/internal/timeapi"
 	"github.com/polygonid/sh-id-platform/pkg/schema"
 )
 
@@ -220,9 +220,10 @@ func deleteConnection500Response(deleteCredentials bool, revokeCredentials bool)
 
 func getLinkResponse(link domain.Link) Link {
 	hash, _ := link.Schema.Hash.MarshalText()
-	var date *openapitypes.Date
+	var credentialExpiration *timeapi.Time
 	if link.CredentialExpiration != nil {
-		date = &openapitypes.Date{Time: *link.CredentialExpiration}
+		t := timeapi.Time(*link.CredentialExpiration)
+		credentialExpiration = common.ToPointer(t.UTCZeroHHMMSS())
 	}
 
 	var validUntil *TimeUTC
@@ -243,7 +244,7 @@ func getLinkResponse(link domain.Link) Link {
 		ProofTypes:           getLinkProofs(link),
 		CreatedAt:            TimeUTC(link.CreatedAt),
 		Expiration:           validUntil,
-		CredentialExpiration: date,
+		CredentialExpiration: credentialExpiration,
 	}
 }
 

internal/api_ui/server_test.go

@@ -3146,11 +3146,11 @@ func TestServer_GetLink(t *testing.T) {
 	tomorrow := time.Now().Add(24 * time.Hour)
 	yesterday := time.Now().Add(-24 * time.Hour)
 
-	link, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
+	link, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, common.ToPointer(tomorrow), true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
 	require.NoError(t, err)
 	hash, _ := link.Schema.Hash.MarshalText()
 
-	linkExpired, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
+	linkExpired, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, common.ToPointer(tomorrow), true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
 	require.NoError(t, err)
 
 	handler := getHandler(ctx, server)
@@ -3192,18 +3192,19 @@ func TestServer_GetLink(t *testing.T) {
 			expected: expected{
 				httpCode: http.StatusOK,
 				response: GetLink200JSONResponse{
-					Active:            link.Active,
-					CredentialSubject: CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"},
-					Expiration:        common.ToPointer(TimeUTC(*link.ValidUntil)),
-					Id:                link.ID,
-					IssuedClaims:      link.IssuedClaims,
-					MaxIssuance:       link.MaxIssuance,
-					SchemaType:        link.Schema.Type,
-					SchemaUrl:         link.Schema.URL,
-					Status:            LinkStatusActive,
-					ProofTypes:        []string{"SparseMerkleTreeProof", "BJJSignature2021"},
-					CreatedAt:         TimeUTC(link.CreatedAt),
-					SchemaHash:        string(hash),
+					Active:               link.Active,
+					CredentialSubject:    CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"},
+					Expiration:           common.ToPointer(TimeUTC(*link.ValidUntil)),
+					Id:                   link.ID,
+					IssuedClaims:         link.IssuedClaims,
+					MaxIssuance:          link.MaxIssuance,
+					SchemaType:           link.Schema.Type,
+					SchemaUrl:            link.Schema.URL,
+					Status:               LinkStatusActive,
+					ProofTypes:           []string{"SparseMerkleTreeProof", "BJJSignature2021"},
+					CreatedAt:            TimeUTC(link.CreatedAt),
+					SchemaHash:           string(hash),
+					CredentialExpiration: common.ToPointer(TimeUTC(tomorrow)),
 				},
 			},
 		},
@@ -3214,16 +3215,17 @@ func TestServer_GetLink(t *testing.T) {
 			expected: expected{
 				httpCode: http.StatusOK,
 				response: GetLink200JSONResponse{
-					Active:            linkExpired.Active,
-					CredentialSubject: CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"},
-					Expiration:        common.ToPointer(TimeUTC(*linkExpired.ValidUntil)),
-					Id:                linkExpired.ID,
-					IssuedClaims:      linkExpired.IssuedClaims,
-					MaxIssuance:       linkExpired.MaxIssuance,
-					SchemaType:        linkExpired.Schema.Type,
-					SchemaUrl:         linkExpired.Schema.URL,
-					Status:            LinkStatusExceeded,
-					ProofTypes:        []string{"SparseMerkleTreeProof", "BJJSignature2021"},
+					Active:               linkExpired.Active,
+					CredentialSubject:    CredentialSubject{"birthday": 19791109, "documentType": 12, "type": schemaType, "id": "did:polygonid:polygon:mumbai:2qDDDKmo436EZGCBAvkqZjADYoNRJszkG7UymZeCHQ"},
+					Expiration:           common.ToPointer(TimeUTC(*linkExpired.ValidUntil)),
+					Id:                   linkExpired.ID,
+					IssuedClaims:         linkExpired.IssuedClaims,
+					MaxIssuance:          linkExpired.MaxIssuance,
+					SchemaType:           linkExpired.Schema.Type,
+					SchemaUrl:            linkExpired.Schema.URL,
+					Status:               LinkStatusExceeded,
+					ProofTypes:           []string{"SparseMerkleTreeProof", "BJJSignature2021"},
+					CredentialExpiration: nil,
 				},
 			},
 		},
@@ -3261,6 +3263,11 @@ func TestServer_GetLink(t *testing.T) {
 				assert.Equal(t, expected.Active, response.Active)
 				assert.InDelta(t, time.Time(*expected.Expiration).UnixMilli(), time.Time(*response.Expiration).UnixMilli(), 1000)
 				assert.Equal(t, len(expected.ProofTypes), len(response.ProofTypes))
+				if expected.CredentialExpiration != nil {
+					tt := time.Time(*expected.CredentialExpiration)
+					tt00 := common.ToPointer(TimeUTC(time.Date(tt.Year(), tt.Month(), tt.Day(), 0, 0, 0, 0, time.UTC)))
+					assert.Equal(t, tt00.String(), response.CredentialExpiration.String())
+				}
 			case http.StatusNotFound:
 				var response GetLink404JSONResponse
 				require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &response))
@@ -3315,19 +3322,19 @@ func TestServer_GetAllLinks(t *testing.T) {
 	tomorrow := time.Now().Add(24 * time.Hour)
 	yesterday := time.Now().Add(-24 * time.Hour)
 
-	link1, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
+	link1, err := linkService.Save(ctx, *did, common.ToPointer(10), &tomorrow, importedSchema.ID, &tomorrow, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
 	require.NoError(t, err)
 	linkActive := getLinkResponse(*link1)
 
 	time.Sleep(10 * time.Millisecond)
 
-	link2, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
+	link2, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, &tomorrow, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
 	require.NoError(t, err)
 	linkExpired := getLinkResponse(*link2)
 	require.NoError(t, err)
 	time.Sleep(10 * time.Millisecond)
 
-	link3, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, nil, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
+	link3, err := linkService.Save(ctx, *did, common.ToPointer(10), &yesterday, importedSchema.ID, &tomorrow, true, true, domain.CredentialSubject{"birthday": 19791109, "documentType": 12})
 	link3.Active = false
 	require.NoError(t, err)
 	require.NoError(t, linkService.Activate(ctx, *did, link3.ID, false))
@@ -3475,6 +3482,8 @@ func TestServer_GetAllLinks(t *testing.T) {
 						require.NoError(t, err)
 						assert.Equal(t, tcCred, respCred)
 						assert.InDelta(t, time.Time(*tc.expected.response[i].Expiration).UnixMilli(), time.Time(*resp.Expiration).UnixMilli(), 1000)
+						expectCredExpiration := common.ToPointer(TimeUTC(time.Date(tomorrow.Year(), tomorrow.Month(), tomorrow.Day(), 0, 0, 0, 0, time.UTC)))
+						assert.Equal(t, expectCredExpiration.String(), resp.CredentialExpiration.String())
 					}
 				}
 			case http.StatusBadRequest:

internal/config/config.go

@@ -106,6 +106,8 @@ type KeyStore struct {
 	Address              string `tip:"Keystore address"`
 	Token                string `tip:"Token"`
 	PluginIden3MountPath string `tip:"PluginIden3MountPath"`
+	UserPassEnabled      bool   `tip:"UserPassEnabled"`
+	UserPassPassword     string `tip:"UserPassPassword"`
 }
 
 // Log holds runtime configurations
@@ -353,23 +355,12 @@ func Load(fileName string) (*Configuration, error) {
 func VaultTest() KeyStore {
 	return KeyStore{
 		Address:              "http://localhost:8200",
-		Token:                lookupVaultTestToken(),
 		PluginIden3MountPath: "iden3",
+		UserPassEnabled:      true,
+		UserPassPassword:     "issuernodepwd",
 	}
 }
 
-func lookupVaultTestToken() string {
-	var err error
-	token, ok := os.LookupEnv("VAULT_TEST_TOKEN")
-	if !ok {
-		token, err = lookupVaultTokenFromFile("infrastructure/local/.vault/data/init.out")
-		if err != nil {
-			return ""
-		}
-	}
-	return token
-}
-
 // lookupVaultTokenFromFile parses the vault config file looking for the hvs token and returns it
 // pathVaultConfig MUST be a relative path starting from the root project folder
 // like "infrastructure/local/.vault/data/init.out"