Merge pull request #516 from 0xPolygonID/develop

Release 2.3.0
0xPolygonID · Nov 9, 2023 · 764e762 · 764e762
2 parents f0313bb + 504efe8
commit 764e762
Show file tree

Hide file tree

Showing 216 changed files with 7,661 additions and 3,711 deletions.
diff --git a/.env-api.sample b/.env-api.sample
@@ -9,4 +9,5 @@ ISSUER_API_UI_SCHEMA_CACHE=false
 ISSUER_API_IDENTITY_METHOD=polygonid
 ISSUER_API_IDENTITY_BLOCKCHAIN=polygon
 ISSUER_API_IDENTITY_NETWORK=mumbai
+ISSUER_API_UI_KEY_TYPE=BJJ
 ISSUER_API_ENVIRONMENT=local
diff --git a/.env-issuer.sample b/.env-issuer.sample
@@ -12,8 +12,8 @@ ISSUER_API_AUTH_USER=user-issuer
 ISSUER_API_AUTH_PASSWORD=password-issuer
 ISSUER_KEY_STORE_ADDRESS=http://vault:8200
 ISSUER_KEY_STORE_PLUGIN_IDEN3_MOUNT_PATH=iden3
-ISSUER_REVERSE_HASH_SERVICE_URL=http://localhost:3001
-ISSUER_REVERSE_HASH_SERVICE_ENABLED=false
+
+
 ISSUER_ETHEREUM_URL=<Ethereum URL of the Issuer>
 ISSUER_ETHEREUM_CONTRACT_ADDRESS=0x134B1BE34911E39A8397ec6289782989729807a4
 ISSUER_ETHEREUM_DEFAULT_GAS_LIMIT=600000
@@ -26,9 +26,22 @@ ISSUER_ETHEREUM_RPC_RESPONSE_TIMEOUT=5s
 ISSUER_ETHEREUM_WAIT_RECEIPT_CYCLE_TIME=30s
 ISSUER_ETHEREUM_WAIT_BLOCK_CYCLE_TIME=30s
 ISSUER_ETHEREUM_RESOLVER_PREFIX=polygon:mumbai
+ISSUER_ETHEREUM_INTERNAL_TRANSFER_AMOUNT_WEI=1000000000000000000
+ISSUER_ETHEREUM_TRANSFER_ACCOUNT_KEY_PATH=pbkey
+
 ISSUER_PROVER_SERVER_URL=http://localhost:8002
 ISSUER_PROVER_TIMEOUT=600s
 ISSUER_CIRCUIT_PATH=./pkg/credentials/circuits
 ISSUER_REDIS_URL=redis://@redis:6379/1
 ISSUER_KEY_STORE_TOKEN=<Key Store Vault Token>
 ISSUER_SCHEMA_CACHE=false
+
+ISSUER_VAULT_USERPASS_AUTH_ENABLED=false
+ISSUER_VAULT_USERPASS_AUTH_PASSWORD=password
+
+
+ISSUER_CREDENTIAL_STATUS_ONCHAIN_TREE_STORE_SUPPORTED_CONTRACT=<supported-onchain-revocation-contract>
+ISSUER_CREDENTIAL_STATUS_RHS_URL=http://localhost:3001
+ISSUER_CREDENTIAL_STATUS_PUBLISHING_KEY_PATH=pbkey
+ISSUER_CREDENTIAL_STATUS_RHS_MODE=<None | OffChain | OnChain>
+ISSUER_CREDENTIAL_STATUS_RHS_CHAIN_ID=<80001 | 137>
diff --git a/.env-ui.sample b/.env-ui.sample
@@ -3,5 +3,5 @@ ISSUER_UI_AUTH_PASSWORD=password-ui
 ISSUER_UI_BLOCK_EXPLORER_URL=https://mumbai.polygonscan.com
 ISSUER_UI_BUILD_TAG=
 ISSUER_UI_WARNING_MESSAGE=
-ISSUER_UI_IPFS_GATEWAY_URL=
-ISSUER_UI_SCHEMA_EXPLORER_AND_BUILDER_URL=
+ISSUER_UI_IPFS_GATEWAY_URL=https://ipfs.io
+ISSUER_UI_SCHEMA_EXPLORER_AND_BUILDER_URL=https://schema-builder.polygonid.me
diff --git a/.github/workflows/dockerhub.yml → .github/workflows/dockerhub-dev.yml b/.github/workflows/dockerhub.yml → .github/workflows/dockerhub-dev.yml
@@ -1,20 +1,15 @@
 name: Build a Push Docker Image to Docker Hub
 
-#on:
-#  workflow_run:
-#    workflows: ["Checks"]
-#    branches:  ["main"]
-#    types:
-#      - completed
-
 on:
-  push:
-    branches:
-      - develop
+  workflow_run:
+    workflows: ["Checks"]
+    branches:  ["develop"]
+    types:
+      - completed
 
 jobs:
   docker:
-    name: Build and deploy latest image Docker Hub
+    name: Build and deploy image Docker Hub
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

diff --git a/.github/workflows/dockerhub-main.yml b/.github/workflows/dockerhub-main.yml
@@ -0,0 +1,63 @@
+name: Build a Push Latest Docker Image to Docker Hub
+
+on:
+  workflow_run:
+    workflows: ["Checks"]
+    branches:  ["main"]
+    types:
+      - completed
+
+jobs:
+  docker:
+    name: Build and deploy latest image Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and push ui
+        uses: docker/build-push-action@v4
+        env:
+          IMAGE_TAG: latest
+        with:
+          context: ./ui
+          platforms: linux/arm64, linux/amd64
+          push: true
+          tags: 0xpolygon/issuernode-ui:${{ env.IMAGE_TAG }}
+
+      - name: Build and push amd64 image
+        uses: docker/build-push-action@v4
+        env:
+          IMAGE_TAG: latest
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          tags: 0xpolygon/issuernode:${{ env.IMAGE_TAG }}
+
+      - name: Rename Docker Arm File
+        run: |
+          mv Dockerfile Dockerfile-amd
+          mv Dockerfile-arm Dockerfile
+
+      - name: Build and push arm64 image
+        uses: docker/build-push-action@v4
+        env:
+          IMAGE_TAG: latest
+        with:
+          context: .
+          platforms: linux/arm64
+          push: true
+          tags: 0xpolygon/issuernode-arm:${{ env.IMAGE_TAG }}
diff --git a/.golangci.yml b/.golangci.yml
@@ -62,7 +62,7 @@ linters-settings:
   gofumpt:
     lang-version: "1.18"
   gocognit:
-    min-complexity: 38
+    min-complexity: 40
   gocyclo:
     min-complexity: 35
   revive:
@@ -71,7 +71,7 @@ linters-settings:
       - name: argument-limit
         severity: warning
         disabled: false
-        arguments: [ 13 ]
+        arguments: [ 14 ]
       - name: exported
         severity: warning
         disabled: false

diff --git a/Dockerfile b/Dockerfile
@@ -13,6 +13,7 @@ RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./cmd/...
 
 FROM alpine:latest
 RUN apk add --no-cache libstdc++ gcompat libgomp
+RUN apk add --update busybox>1.3.1-r0
 RUN ln -sfv ld-linux-x86-64.so.2 /lib/libresolv.so.2
 
 RUN apk add doas; \
@@ -23,6 +24,4 @@ RUN chmod g+rx,o+rx /
 COPY --from=base ./service/api ./api
 COPY --from=base ./service/api_ui ./api_ui
 COPY --from=base ./service/bin/* ./
-COPY --from=base ./service/pkg/credentials ./pkg/credentials
-COPY --from=base "/go/pkg/mod/github.com/iden3/[email protected]/wasmer/packaged/" \
- "/go/pkg/mod/github.com/iden3/[email protected]/wasmer/packaged/"
+COPY --from=base ./service/pkg/credentials ./pkg/credentials
diff --git a/Dockerfile-arm b/Dockerfile-arm
@@ -1,5 +1,4 @@
-FROM ubuntu:22.04 as base
-
+FROM golang:1.20.5 as base
 ARG VERSION
 WORKDIR /service
 ENV GOBIN /service/bin
@@ -10,36 +9,19 @@ COPY ./internal ./internal
 COPY ./pkg ./pkg
 COPY ./go.mod ./
 COPY ./go.sum ./
-
-RUN apt-get update
-RUN apt-get install -y wget build-essential ca-certificates
-RUN wget https://go.dev/dl/go1.20.5.linux-arm64.tar.gz
-
-ENV GOROOT /usr/local/go
-ENV GOPATH /go
-ENV PATH /usr/local/go/bin:/go/bin:$PATH
-ENV GOBIN /service/bin
-
-RUN tar -xvf go1.20.5.linux-arm64.tar.gz
-RUN mv go /usr/local
-
-RUN go mod download
 RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./cmd/...
 
-
 FROM alpine:latest
 RUN apk add --no-cache libstdc++ gcompat libgomp
+RUN apk add --update busybox>1.3.1-r0
 RUN ln -sfv ld-linux-x86-64.so.2 /lib/libresolv.so.2
 
 RUN apk add doas; \
     adduser -S issuer -D -G wheel; \
     echo 'permit nopass :wheel as root' >> /etc/doas.d/doas.conf;
 RUN chmod g+rx,o+rx /
 
-
 COPY --from=base ./service/api ./api
 COPY --from=base ./service/api_ui ./api_ui
 COPY --from=base ./service/bin/* ./
-COPY --from=base ./service/pkg/credentials ./pkg/credentials
-COPY --from=base "/go/pkg/mod/github.com/iden3/[email protected]/wasmer/packaged/" \
- "/go/pkg/mod/github.com/iden3/[email protected]/wasmer/packaged/"
+COPY --from=base ./service/pkg/credentials ./pkg/credentials
diff --git a/Makefile b/Makefile
@@ -167,12 +167,13 @@ run-initializer:
 
 .PHONY: generate-issuer-did
 generate-issuer-did: run-initializer
+	docker logs issuer-initializer-1
 	$(eval DID = $(shell docker logs -f --tail 1 issuer-initializer-1 | grep "did"))
 	@echo $(DID)
 	sed '/ISSUER_API_UI_ISSUER_DID/d' .env-api > .env-api.tmp
 	@echo ISSUER_API_UI_ISSUER_DID=$(DID) >> .env-api.tmp
 	mv .env-api.tmp .env-api
-	docker logs issuer-initializer-1
+	docker stop issuer-initializer-1
 	docker rm issuer-initializer-1
 
 .PHONY: run-initializer-arm
@@ -182,13 +183,15 @@ run-initializer-arm:
 
 .PHONY: generate-issuer-did-arm
 generate-issuer-did-arm: run-initializer-arm
+	docker logs issuer-initializer-1
 	$(eval DID = $(shell docker logs -f --tail 1 issuer-initializer-1 | grep "did"))
 	@echo $(DID)
 	sed '/ISSUER_API_UI_ISSUER_DID/d' .env-api > .env-api.tmp
 	@echo ISSUER_API_UI_ISSUER_DID=$(DID) >> .env-api.tmp
 	mv .env-api.tmp .env-api
-	docker logs issuer-initializer-1
+	docker stop issuer-initializer-1
 	docker rm issuer-initializer-1
+	#make print-did
 
 .PHONY: add-host-url-swagger
 add-host-url-swagger:
@@ -205,3 +208,21 @@ restart-ui: rm-issuer-imgs up run run-ui
 
 .PHONY: restart-ui-arm
 restart-ui-arm: rm-issuer-imgs up run-arm run-ui-arm
+
+
+## usage: make new_password=xxx change-vault-password
+#.PHONY: change-vault-password
+#change-vault-password:
+#	docker exec issuer-vault-1 \
+#	vault write auth/userpass/users/issuernode password=$(new_password)
+
+.PHONY: print-did
+print-did:
+	docker exec issuer-vault-1 \
+	vault kv get -mount=kv did
+
+# use this to delete the did from vault. It will not be deleted from the database
+.PHONY: delete-did
+delete-did:
+	docker exec issuer-vault-1 \
+	vault kv delete kv/did
diff --git a/README.md b/README.md
@@ -169,8 +169,9 @@ make private_key=<YOUR_WALLET_PRIVATE_KEY> add-private-key;
 #   Success! Data written to: iden3/import/pbkey
 ```
 
-#### Add Vault To Configuration File
+#### ~~Add Vault To Configuration File~~ Setup Vault
 
+##### Option 1: Using root vault token (not recommended :thumbsdown:)
 This will get the vault token from the Hashicorp vault docker instance and add it to our `./env-issuer` file.
 
 ```bash
@@ -188,13 +189,31 @@ make add-vault-token;
 #   mv .env-issuer.tmp .env-issuer
 ```
 
+##### Option 2: Using user and pass authentication method (recommended :thumbsup:) 
+In order to use the user and pass authentication method, we need to create a password in the vault. **This approach for 
+the authentication method is recommended for production environments, and it is the preferred method of 
+the issuer node contributors team.** Please try to avoid using the root token authentication method.
+
+```bash
+make new_password=your_new_password change-vault-password
+```
+then modify the .env-issuer file with the new password, enable the user and pass authentication method and comment the root token line:
+
+```bash
+ISSUER_VAULT_USERPASS_AUTH_ENABLED=true
+ISSUER_VAULT_USERPASS_AUTH_PASSWORD=your_new_password
+#ISSUER_KEY_STORE_TOKEN=<Key Store Vault Token>
+```
+with the code above, the vault will be initialized with the user and pass authentication method and the root token will 
+be disabled. You can change the password as many times as you want, but you will need to update the `.env-issuer` file 
+after running the command above.
+
 #### Create Issuer DID
 
 > **NOTE:** This can also be done via the [UI API](#using-the-ui-api).
 
 This will create a new issuer DID by creating a new Docker instance of the issuer, generating the DID of the issuer, storing it in the database, then deleting the instance.
-
-It then copies the new DID to `.env-api`.
+This command will not generate a new DID if one already exists stored in Vault. If you want to generate a new DID, you must first delete the DID from Vault. For that, run the following command: `make delete-did`
 
 **For _NON-Apple-M1/M2/Arm_ (ex: Intel/AMD):**
 
@@ -204,14 +223,20 @@ It then copies the new DID to `.env-api`.
 # NON-Apple-M1/M2/Arm Command:
 make generate-issuer-did;
 # (Equivalent)
-#   COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_FILE="Dockerfile" docker compose -p issuer -f ./infrastructure/local/docker-compose.yml up -d initializer
+#  COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_FILE="Dockerfile" docker compose -p issuer -f ./infrastructure/local/docker-compose.yml up -d initializer
 # sleep 5
-#  $(eval DID = $(shell docker logs -f --tail 1 issuer-initializer-1 | grep "did"))
-#  @echo $(DID)
-#  sed '/ISSUER_API_UI_ISSUER_DID/d' .env-api > .env-api.tmp
-#  @echo ISSUER_API_UI_ISSUER_DID=$(DID) >> .env-api.tmp
-#  mv .env-api.tmp .env-api
-#  docker rm issuer-initializer-1
+# docker logs issuer-initializer-1
+# docker stop issuer-initializer-1
+# docker rm issuer-initializer-1
+# make print-did
+
+# Expected Output:
+# ...
+# === Data ===
+# Key    Value
+# ---    -----
+# did    did:polygonid:polygon:mumbai:2qLr2BymdszjFRKpJM9NPXu3HMpSSwf4nh3ZsADtPv   <-- This is the DID of the issuer that was generated
+
 ```
 
 **For _Apple-M1/M2/Arm_:**
@@ -224,24 +249,18 @@ make generate-issuer-did-arm;
 # (Equivalent)
 #   COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_FILE="Dockerfile-arm" docker compose -p issuer -f /Users/username/path/to/sh-id-platform/infrastructure/local/docker-compose.yml up -d initializer;
 # sleep 5;
-#   DID=$(docker logs -f --tail 1 issuer-initializer-1 | grep "did");
-#   echo $DID;
-#   sed '/ISSUER_API_UI_ISSUER_DID/d' .env-api > .env-api.tmp;
-#   echo ISSUER_API_UI_ISSUER_DID=$DID >> .env-api.tmp;
-#   mv .env-api.tmp .env-api;
-#   docker rm issuer-initializer-1;
+# docker logs issuer-initializer-1
+# docker stop issuer-initializer-1
+# docker rm issuer-initializer-1
+# make print-did
 
 # Expected Output:
-#   COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_FILE="Dockerfile-arm" docker compose -p issuer -f /Users/username/path/to/sh-id-platform/infrastructure/local/docker-compose.yml up -d initializer
-#   WARN[0000] Found orphan containers ([issuer-vault-1 issuer-postgres-1 issuer-redis-1]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. 
-#   [+] Running 1/1
-#   ⠿ Container issuer-initializer-1  Started                                                                                0.2s
-#   sleep 5
-#   did:polygonid:polygon:mumbai:uniqueAlphanumericKeyGenerated
-#   sed '/ISSUER_API_UI_ISSUER_DID/d' .env-api > .env-api.tmp
-#   mv .env-api.tmp .env-api
-#   docker rm issuer-initializer-1
-#   issuer-initializer-1
+# ...
+# === Data ===
+# Key    Value
+# ---    -----
+# did    did:polygonid:polygon:mumbai:2qLr2BymdszjFRKpJM9NPXu3HMpSSwf4nh3ZsADtPv  <-- This is the DID of the issuer that was generated
+
 ```
 
 #### Start Issuer API