Merge pull request #2 from rarimo/feat/pass-sync-v2

Feat/pass sync v2

.gitignore

@@ -3,4 +3,5 @@
 /docs/node_modules/
 /docs/web_deploy/
 
-config.*.yaml
+config.*.yaml
+*.*.yaml

config.yaml

@@ -2,6 +2,9 @@ log:
   level: debug
   disable_sentry: true
 
+db:
+  url: postgres://auth:auth@localhost:5432/auth?sslmode=disable
+
 listener:
   addr: :8000
 
@@ -15,6 +18,22 @@ cookies:
   secure: true
   same_site: 4
 
-verifier:
-  schema: 12345
-  enabled: false
+auth_verifier:
+  verification_key_path: "./auth_verification_key.json"
+  disabled: true
+
+passport_verifier:
+  verification_key_path: "./passport_verification_key.json"
+  allowed_age: 18
+  allowed_identity_timestamp: 1715698750
+
+root_verifier:
+  rpc: evm_rpc_url
+  contract: registration_contract_address
+  request_timeout: 10s
+
+sig_verifier:
+  verification_key: hex_key_without_0x
+
+points:
+  url: http://127.0.0.1:8000/

docs/spec/components/schemas/Authorize.yaml

@@ -12,5 +12,5 @@ allOf:
         properties:
           proof:
             type: object
-            format: json.RawMessage
-            description: JSON-encoded Query ZK-proof.
+            format: types.ZKProof
+            description: Query ZK passport verification proof.

docs/spec/components/schemas/Claim.yaml

@@ -2,9 +2,15 @@ description: 'Authorized user personal data'
 type: object
 required:
   - nullifier
+  - is_verified
 properties:
   nullifier:
     type: string
     example: "0x123...abc"
     pattern: '^0x[0-9a-fA-F]{64}$'
-    description: Nullifier authorized with
+    description: Nullifier authorized with
+  is_verified:
+    type: bool
+    example: true
+    description: Whether the user has a scanned passport
+

docs/spec/components/schemas/JoinProgram.yaml

@@ -0,0 +1,16 @@
+allOf:
+  - $ref: '#/components/schemas/JoinProgramKey'
+  - type: object
+    x-go-is-request: true
+    required:
+      - attributes
+    properties:
+      attributes:
+        required:
+          - anonymous_id
+        type: object
+        properties:
+          anonymous_id:
+            type: string
+            description: Unique identifier of the passport.
+            example: "2bd3a2532096fee10a45a40e444a11b4d00a707f3459376087747de05996fbf5"

docs/spec/components/schemas/JoinProgramKey.yaml

@@ -0,0 +1,13 @@
+type: object
+required:
+  - id
+  - type
+properties:
+  id:
+    type: string
+    description: Nullifier of the points owner
+    example: "0x123...abc"
+    pattern: '^0x[0-9a-fA-F]{64}$'
+  type:
+    type: string
+    enum: [ join_program ]

docs/spec/components/schemas/VerifyPassport.yaml

@@ -0,0 +1,22 @@
+allOf:
+  - $ref: '#/components/schemas/VerifyPassportKey'
+  - type: object
+    x-go-is-request: true
+    required:
+      - attributes
+    properties:
+      attributes:
+        required:
+          - anonymous_id
+          - proof
+        type: object
+        properties:
+          anonymous_id:
+            type: string
+            description: Unique identifier of the passport.
+            example: "2bd3a2532096fee10a45a40e444a11b4d00a707f3459376087747de05996fbf5"
+          proof:
+            type: object
+            format: types.ZKProof
+            description: |
+              Query ZK passport verification proof.

docs/spec/components/schemas/VerifyPassportKey.yaml

@@ -0,0 +1,13 @@
+type: object
+required:
+  - id
+  - type
+properties:
+  id:
+    type: string
+    description: Nullifier of the points owner
+    example: "0x123...abc"
+    pattern: '^0x[0-9a-fA-F]{64}$'
+  type:
+    type: string
+    enum: [ verify_passport ]

docs/spec/paths/v1@authorize.yaml → docs/spec/paths/integrations@geo-auth-svc@v1@authorize.yaml

@@ -30,5 +30,11 @@ post:
                 $ref: '#/components/schemas/Token'
     400:
       $ref: '#/components/responses/invalidParameter'
+    401:
+      description: Invalid proof
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
     500:
       $ref: '#/components/responses/internalError'

docs/spec/paths/v1@authorize@{nullifier}@challenge.yaml → docs/spec/paths/integrations@geo-auth-svc@v1@authorize@{nullifier}@challenge.yaml

@@ -21,7 +21,5 @@ get:
                 $ref: '#/components/schemas/Challenge'
     400:
       $ref: '#/components/responses/invalidParameter'
-    401:
-      $ref: '#/components/responses/invalidAuth'
     500:
       $ref: '#/components/responses/internalError'

docs/spec/paths/v1@refresh.yaml → docs/spec/paths/integrations@geo-auth-svc@v1@refresh.yaml

@@ -19,8 +19,6 @@ get:
             properties:
               data:
                 $ref: '#/components/schemas/Token'
-    400:
-      $ref: '#/components/responses/invalidParameter'
     401:
       $ref: '#/components/responses/invalidAuth'
     500:

docs/spec/paths/v1@validate.yaml → docs/spec/paths/integrations@geo-auth-svc@v1@validate.yaml

@@ -21,9 +21,5 @@ get:
                 type: array
                 items:
                   $ref: '#/components/schemas/ValidationResult'
-    400:
-      $ref: '#/components/responses/invalidParameter'
     401:
       $ref: '#/components/responses/invalidAuth'
-    500:
-      $ref: '#/components/responses/internalError'

docs/spec/paths/integrations@geo-auth-svc@v2@authorize.yaml

@@ -0,0 +1,40 @@
+post:
+  tags:
+    - Authorize
+  summary: Authorize user V2
+  description: |
+    Authorize user by ZKP and receive JWT.
+  operationId: authorizeV2
+  requestBody:
+    required: true
+    content:
+      application/vnd.api+json:
+        schema:
+          type: object
+          required:
+            - data
+          properties:
+            data:
+              $ref: '#/components/schemas/Authorize'
+  responses:
+    200:
+      description: OK
+      content:
+        application/vnd.api+json:
+          schema:
+            type: object
+            required:
+              - data
+            properties:
+              data:
+                $ref: '#/components/schemas/Token'
+    400:
+      $ref: '#/components/responses/invalidParameter'
+    401:
+      description: Invalid proof
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    500:
+      $ref: '#/components/responses/internalError'

docs/spec/paths/integrations@geo-auth-svc@v2@joinprogram.yaml

@@ -0,0 +1,63 @@
+post:
+  tags:
+    - Passport verification
+  summary: Join program
+  security:
+    - JWTAuth: [ ]
+  description: Join rewards program
+  operationId: joinProgram
+  parameters:
+    - in: header
+      name: Signature
+      description: Signature of the request
+      required: true
+      schema:
+        type: string
+        pattern: '^[a-f0-9]{64}$'
+  requestBody:
+    required: true
+    content:
+      application/vnd.api+json:
+        schema:
+          type: object
+          required:
+            - data
+          properties:
+            data:
+              $ref: '#/components/schemas/JoinProgram'
+  responses:
+    200:
+      description: Success
+      content:
+        application/vnd.api+json:
+          schema:
+            type: object
+            required:
+              - data
+            properties:
+              data:
+                $ref: '#/components/schemas/Token'
+    400:
+      $ref: '#/components/responses/invalidParameter'
+    401:
+      $ref: '#/components/responses/invalidAuth'
+    403:
+      description: Incorrect signature
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    409:
+      description: AnonymousID/Nullifier already used by another Nullifier/AnonymousID
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    429:
+      description: Passport already verified.
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    500:
+      $ref: '#/components/responses/internalError'

docs/spec/paths/integrations@geo-auth-svc@v2@verifypassport.yaml

@@ -0,0 +1,65 @@
+post:
+  tags:
+    - Passport verification
+  summary: Verify passport
+  security:
+    - JWTAuth: [ ]
+  description: |
+    Verify passport with ZKP.
+    One passport can't be verified twice.
+  operationId: verifyPassport
+  parameters:
+    - in: header
+      name: Signature
+      description: Signature of the request
+      required: true
+      schema:
+        type: string
+        pattern: '^[a-f0-9]{64}$'
+  requestBody:
+    required: true
+    content:
+      application/vnd.api+json:
+        schema:
+          type: object
+          required:
+            - data
+          properties:
+            data:
+              $ref: '#/components/schemas/VerifyPassport'
+  responses:
+    200:
+      description: Success
+      content:
+        application/vnd.api+json:
+          schema:
+            type: object
+            required:
+              - data
+            properties:
+              data:
+                $ref: '#/components/schemas/Token'
+    400:
+      $ref: '#/components/responses/invalidParameter'
+    401:
+      $ref: '#/components/responses/invalidAuth'
+    403:
+      description: Incorrect signature
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    409:
+      description: AnonymousID/Nullifier already used by another Nullifier/AnonymousID
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    429:
+      description: Passport already proven.
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    500:
+      $ref: '#/components/responses/internalError'