From b3bb9b036658d5d0053c4a353c55a5a19fb75c8e Mon Sep 17 00:00:00 2001
From: Martin Stefcek <35243812+Cifko@users.noreply.github.com>
Date: Thu, 20 Jul 2023 13:33:23 +0200
Subject: [PATCH] fix: getting/revoking tokens (#621)

Description
---
Added more information exported by the `get_all_jwt` function. Fix the
revoke function (takes id, instead of the token).

How Has This Been Tested?
---
Manually.

What process can a PR reviewer use to test or verify this change?
---
The UI changes are in separate PR by @NovaT82 .


Breaking Changes
---

- [x] None
- [ ] Requires data directory to be deleted
- [ ] Other - Please specify
---
 .../tari_dan_wallet_cli/src/command/auth.rs   |  8 +++---
 .../src/handlers/rpc.rs                       |  2 +-
 clients/wallet_daemon_client/src/types.rs     |  6 ++--
 dan_layer/wallet/sdk/src/apis/jwt.rs          | 28 ++++++++-----------
 dan_layer/wallet/sdk/src/storage.rs           |  2 +-
 dan_layer/wallet/storage_sqlite/src/reader.rs |  1 +
 dan_layer/wallet/storage_sqlite/src/writer.rs |  6 ++--
 7 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/applications/tari_dan_wallet_cli/src/command/auth.rs b/applications/tari_dan_wallet_cli/src/command/auth.rs
index 92fb32614..3082af07c 100644
--- a/applications/tari_dan_wallet_cli/src/command/auth.rs
+++ b/applications/tari_dan_wallet_cli/src/command/auth.rs
@@ -67,7 +67,7 @@ pub struct DenyArgs {
 
 #[derive(Debug, Args, Clone)]
 pub struct RevokeArgs {
-    permission_token: String,
+    permission_token_id: i32,
 }
 
 impl AuthSubcommand {
@@ -108,15 +108,15 @@ impl AuthSubcommand {
             Revoke(args) => {
                 client
                     .auth_revoke(AuthRevokeTokenRequest {
-                        permission_token: args.permission_token,
+                        permission_token_id: args.permission_token_id,
                     })
                     .await?;
                 println!("Token revoked!");
             },
             List => {
                 let tokens = client.auth_get_all_jwt(AuthGetAllJwtRequest {}).await?;
-                for (id, name) in &tokens.jwt {
-                    println!("Id {id} name {name}");
+                for claims in &tokens.jwt {
+                    println!("Id {} name {}", claims.id, claims.name);
                 }
             },
         }
diff --git a/applications/tari_dan_wallet_daemon/src/handlers/rpc.rs b/applications/tari_dan_wallet_daemon/src/handlers/rpc.rs
index aecdbe50a..9d9e3817c 100644
--- a/applications/tari_dan_wallet_daemon/src/handlers/rpc.rs
+++ b/applications/tari_dan_wallet_daemon/src/handlers/rpc.rs
@@ -67,7 +67,7 @@ pub async fn handle_revoke(
 ) -> Result<AuthRevokeTokenResponse, anyhow::Error> {
     let jwt = context.wallet_sdk().jwt_api();
     jwt.check_auth(token, &[JrpcPermission::Admin])?;
-    jwt.revoke(revoke_request.permission_token.as_str())?;
+    jwt.revoke(revoke_request.permission_token_id)?;
     Ok(AuthRevokeTokenResponse {})
 }
 
diff --git a/clients/wallet_daemon_client/src/types.rs b/clients/wallet_daemon_client/src/types.rs
index 9a9fe1e25..faaeb0b34 100644
--- a/clients/wallet_daemon_client/src/types.rs
+++ b/clients/wallet_daemon_client/src/types.rs
@@ -26,7 +26,7 @@ use serde::{Deserialize, Serialize};
 use tari_common_types::types::PublicKey;
 use tari_dan_common_types::ShardId;
 use tari_dan_wallet_sdk::{
-    apis::jwt::JrpcPermissions,
+    apis::jwt::{Claims, JrpcPermissions},
     models::{Account, ConfidentialProofId, TransactionStatus},
 };
 use tari_engine_types::{
@@ -491,7 +491,7 @@ pub struct AuthLoginDenyResponse {}
 
 #[derive(Debug, Clone, Deserialize, Serialize)]
 pub struct AuthRevokeTokenRequest {
-    pub permission_token: String,
+    pub permission_token_id: i32,
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize)]
@@ -544,5 +544,5 @@ pub struct AuthGetAllJwtRequest {}
 
 #[derive(Debug, Clone, Deserialize, Serialize)]
 pub struct AuthGetAllJwtResponse {
-    pub jwt: Vec<(i32, String)>,
+    pub jwt: Vec<Claims>,
 }
diff --git a/dan_layer/wallet/sdk/src/apis/jwt.rs b/dan_layer/wallet/sdk/src/apis/jwt.rs
index 3e66c1784..10eacc10f 100644
--- a/dan_layer/wallet/sdk/src/apis/jwt.rs
+++ b/dan_layer/wallet/sdk/src/apis/jwt.rs
@@ -102,12 +102,12 @@ impl JrpcPermissions {
     }
 }
 
-#[derive(Debug, Serialize, Deserialize)]
-struct Claims {
-    id: u64,
-    name: String,
-    permissions: JrpcPermissions,
-    exp: usize,
+#[derive(Debug, Serialize, Deserialize, Clone)]
+pub struct Claims {
+    pub id: u64,
+    pub name: String,
+    pub permissions: JrpcPermissions,
+    pub exp: usize,
 }
 
 // This is used when you request permission.
@@ -179,10 +179,6 @@ impl<'a, TStore: WalletStore> JwtApi<'a, TStore> {
         self.get_token_claims(token).map(|claims| claims.permissions)
     }
 
-    fn get_name(&self, token: &str) -> Result<String, JwtApiError> {
-        self.get_token_claims(token).map(|claims| claims.name)
-    }
-
     pub fn grant(&self, name: String, auth_token: String) -> Result<String, JwtApiError> {
         let auth_claims = self.check_auth_token(auth_token.as_ref())?;
         let my_claims = Claims {
@@ -230,20 +226,20 @@ impl<'a, TStore: WalletStore> JwtApi<'a, TStore> {
         Ok(())
     }
 
-    pub fn revoke(&self, token: &str) -> Result<(), JwtApiError> {
+    pub fn revoke(&self, token_id: i32) -> Result<(), JwtApiError> {
         let mut tx = self.store.create_write_tx()?;
-        tx.jwt_revoke(token)?;
+        tx.jwt_revoke(token_id)?;
         tx.commit()?;
         Ok(())
     }
 
-    pub fn get_tokens(&self) -> Result<Vec<(i32, String)>, JwtApiError> {
+    pub fn get_tokens(&self) -> Result<Vec<Claims>, JwtApiError> {
         let mut tx = self.store.create_read_tx()?;
         let tokens = tx.jwt_get_all()?;
         let mut res = Vec::new();
-        for (id, token) in tokens.iter().filter(|(_, token)| token.is_some()) {
-            if let Ok(name) = self.get_name(token.as_ref().unwrap().as_str()) {
-                res.push((*id, name));
+        for (_, token) in tokens.iter().filter(|(_, token)| token.is_some()) {
+            if let Ok(claims) = self.get_token_claims(token.as_ref().unwrap().as_str()) {
+                res.push(claims);
             }
         }
         Ok(res)
diff --git a/dan_layer/wallet/sdk/src/storage.rs b/dan_layer/wallet/sdk/src/storage.rs
index 2e2c86212..b85bd50dd 100644
--- a/dan_layer/wallet/sdk/src/storage.rs
+++ b/dan_layer/wallet/sdk/src/storage.rs
@@ -194,7 +194,7 @@ pub trait WalletStoreWriter {
     fn jwt_add_empty_token(&mut self) -> Result<u64, WalletStorageError>;
     fn jwt_store_decision(&mut self, id: u64, permissions_token: Option<String>) -> Result<(), WalletStorageError>;
     fn jwt_is_revoked(&mut self, token: &str) -> Result<bool, WalletStorageError>;
-    fn jwt_revoke(&mut self, token: &str) -> Result<(), WalletStorageError>;
+    fn jwt_revoke(&mut self, token_id: i32) -> Result<(), WalletStorageError>;
 
     // Key manager
     fn key_manager_insert(&mut self, branch: &str, index: u64) -> Result<(), WalletStorageError>;
diff --git a/dan_layer/wallet/storage_sqlite/src/reader.rs b/dan_layer/wallet/storage_sqlite/src/reader.rs
index 6f7f4196f..515befeac 100644
--- a/dan_layer/wallet/storage_sqlite/src/reader.rs
+++ b/dan_layer/wallet/storage_sqlite/src/reader.rs
@@ -161,6 +161,7 @@ impl WalletStoreReader for ReadTransaction<'_> {
         let res = auth_status::table
             .select((auth_status::id, auth_status::token))
             .filter(auth_status::granted.eq(true))
+            .filter(auth_status::revoked.eq(false))
             .get_results::<(i32, Option<String>)>(self.connection())
             .map_err(|e| WalletStorageError::general("jwt_get_all", e))?;
         Ok(res)
diff --git a/dan_layer/wallet/storage_sqlite/src/writer.rs b/dan_layer/wallet/storage_sqlite/src/writer.rs
index 5024154be..29ea5fcbd 100644
--- a/dan_layer/wallet/storage_sqlite/src/writer.rs
+++ b/dan_layer/wallet/storage_sqlite/src/writer.rs
@@ -130,16 +130,16 @@ impl WalletStoreWriter for WriteTransaction<'_> {
         }
     }
 
-    fn jwt_revoke(&mut self, token: &str) -> Result<(), WalletStorageError> {
+    fn jwt_revoke(&mut self, token_id: i32) -> Result<(), WalletStorageError> {
         if diesel::update(auth_status::table)
             .set(auth_status::revoked.eq(true))
-            .filter(auth_status::token.eq(token))
+            .filter(auth_status::id.eq(token_id))
             .execute(self.connection())
             .map_err(|e| WalletStorageError::general("jwt_revoke", e))? ==
             0
         {
             diesel::insert_into(auth_status::table)
-                .values((auth_status::revoked.eq(true), auth_status::token.eq(token)))
+                .values((auth_status::revoked.eq(true), auth_status::id.eq(token_id)))
                 .execute(self.connection())
                 .map_err(|e| WalletStorageError::general("jwt_revoke", e))?;
         }