Implement passport verification

config.yaml

@@ -2,6 +2,9 @@ log:
   level: debug
   disable_sentry: true
 
+db:
+  url: postgres://auth:auth@localhost:5432/auth?sslmode=disable
+
 listener:
   addr: :8000
 
@@ -15,6 +18,22 @@ cookies:
   secure: true
   same_site: 4
 
-verifier:
-  schema: 12345
-  enabled: false
+auth_verifier:
+  verification_key_path: "./auth_verification_key.json"
+  disabled: true
+
+passport_verifier:
+  verification_key_path: "./passport_verification_key.json"
+  allowed_age: 18
+  allowed_identity_timestamp: 1715698750
+
+root_verifier:
+  rpc: evm_rpc_url
+  contract: registration_contract_address
+  request_timeout: 10s
+
+sig_verifier:
+  verification_key: hex_key_without_0x
+
+points:
+  url: http://127.0.0.1:8000/

docs/spec/components/schemas/Claim.yaml

@@ -2,9 +2,15 @@ description: 'Authorized user personal data'
 type: object
 required:
   - nullifier
+  - is_verified
 properties:
   nullifier:
     type: string
     example: "0x123...abc"
     pattern: '^0x[0-9a-fA-F]{64}$'
-    description: Nullifier authorized with
+    description: Nullifier authorized with
+  is_verified:
+    type: bool
+    example: true
+    description: Whether the user has a scanned passport
+

docs/spec/components/schemas/JoinProgram.yaml

@@ -0,0 +1,16 @@
+allOf:
+  - $ref: '#/components/schemas/JoinProgramKey'
+  - type: object
+    x-go-is-request: true
+    required:
+      - attributes
+    properties:
+      attributes:
+        required:
+          - anonymous_id
+        type: object
+        properties:
+          anonymous_id:
+            type: string
+            description: Unique identifier of the passport.
+            example: "2bd3a2532096fee10a45a40e444a11b4d00a707f3459376087747de05996fbf5"

docs/spec/components/schemas/JoinProgramKey.yaml

@@ -0,0 +1,13 @@
+type: object
+required:
+  - id
+  - type
+properties:
+  id:
+    type: string
+    description: Nullifier of the points owner
+    example: "0x123...abc"
+    pattern: '^0x[0-9a-fA-F]{64}$'
+  type:
+    type: string
+    enum: [ join_program ]

docs/spec/components/schemas/VerifyPassport.yaml

@@ -0,0 +1,22 @@
+allOf:
+  - $ref: '#/components/schemas/VerifyPassportKey'
+  - type: object
+    x-go-is-request: true
+    required:
+      - attributes
+    properties:
+      attributes:
+        required:
+          - anonymous_id
+          - proof
+        type: object
+        properties:
+          anonymous_id:
+            type: string
+            description: Unique identifier of the passport.
+            example: "2bd3a2532096fee10a45a40e444a11b4d00a707f3459376087747de05996fbf5"
+          proof:
+            type: object
+            format: types.ZKProof
+            description: |
+              Query ZK passport verification proof.

docs/spec/components/schemas/VerifyPassportKey.yaml

@@ -0,0 +1,13 @@
+type: object
+required:
+  - id
+  - type
+properties:
+  id:
+    type: string
+    description: Nullifier of the points owner
+    example: "0x123...abc"
+    pattern: '^0x[0-9a-fA-F]{64}$'
+  type:
+    type: string
+    enum: [ verify_passport ]

docs/spec/paths/integrations@geo-auth-svc@v2@authorize.yaml

@@ -0,0 +1,34 @@
+post:
+  tags:
+    - Authorize
+  summary: Authorize user V2
+  description: |
+    Authorize user by ZKP and receive JWT.
+  operationId: authorizeV2
+  requestBody:
+    required: true
+    content:
+      application/vnd.api+json:
+        schema:
+          type: object
+          required:
+            - data
+          properties:
+            data:
+              $ref: '#/components/schemas/Authorize'
+  responses:
+    200:
+      description: OK
+      content:
+        application/vnd.api+json:
+          schema:
+            type: object
+            required:
+              - data
+            properties:
+              data:
+                $ref: '#/components/schemas/Token'
+    400:
+      $ref: '#/components/responses/invalidParameter'
+    500:
+      $ref: '#/components/responses/internalError'

docs/spec/paths/integrations@geo-auth-svc@v2@joinprogram.yaml

@@ -0,0 +1,55 @@
+post:
+  tags:
+    - Passport verification
+  summary: Join program
+  description: Join rewards program
+  operationId: joinProgram
+  parameters:
+    - in: header
+      name: Signature
+      description: Signature of the request
+      required: true
+      schema:
+        type: string
+        pattern: '^[a-f0-9]{64}$'
+  requestBody:
+    required: true
+    content:
+      application/vnd.api+json:
+        schema:
+          type: object
+          required:
+            - data
+          properties:
+            data:
+              $ref: '#/components/schemas/JoinProgram'
+  responses:
+    200:
+      description: Success
+      content:
+        application/vnd.api+json:
+          schema:
+            type: object
+            required:
+              - data
+            properties:
+              data:
+                $ref: '#/components/schemas/Token'
+    400:
+      $ref: '#/components/responses/invalidParameter'
+    401:
+      $ref: '#/components/responses/invalidAuth'
+    404:
+      description: Balance not exists.
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    429:
+      description: Passport already verified or event absent for user.
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    500:
+      $ref: '#/components/responses/internalError'

docs/spec/paths/integrations@geo-auth-svc@v2@verifypassport.yaml

@@ -0,0 +1,57 @@
+post:
+  tags:
+    - Passport verification
+  summary: Verify passport
+  description: |
+    Verify passport with ZKP.
+    One passport can't be verified twice.
+  operationId: verifyPassport
+  parameters:
+    - in: header
+      name: Signature
+      description: Signature of the request
+      required: true
+      schema:
+        type: string
+        pattern: '^[a-f0-9]{64}$'
+  requestBody:
+    required: true
+    content:
+      application/vnd.api+json:
+        schema:
+          type: object
+          required:
+            - data
+          properties:
+            data:
+              $ref: '#/components/schemas/VerifyPassport'
+  responses:
+    200:
+      description: Success
+      content:
+        application/vnd.api+json:
+          schema:
+            type: object
+            required:
+              - data
+            properties:
+              data:
+                $ref: '#/components/schemas/Token'
+    400:
+      $ref: '#/components/responses/invalidParameter'
+    401:
+      $ref: '#/components/responses/invalidAuth'
+    404:
+      description: Balance not exists.
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    429:
+      description: Passport already verified or event absent for user.
+      content:
+        application/vnd.api+json:
+          schema:
+            $ref: '#/components/schemas/Errors'
+    500:
+      $ref: '#/components/responses/internalError'

go.mod

@@ -1,52 +1,89 @@
 module github.com/rarimo/geo-auth-svc
 
-go 1.21.0
+go 1.22
+
+toolchain go1.22.2
 
 require (
+	github.com/Masterminds/squirrel v1.5.4
 	github.com/alecthomas/kingpin v2.2.6+incompatible
 	github.com/ethereum/go-ethereum v1.13.8
 	github.com/go-chi/chi v4.1.2+incompatible
-	github.com/go-ozzo/ozzo-validation/v4 v4.2.1
+	github.com/go-ozzo/ozzo-validation/v4 v4.3.0
 	github.com/golang-jwt/jwt/v5 v5.2.0
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.6.0
 	github.com/iden3/go-rapidsnark/types v0.0.3
 	github.com/iden3/go-rapidsnark/verifier v0.0.5
 	github.com/pkg/errors v0.9.1
+	github.com/rarimo/zkverifier-kit v1.0.0
+	github.com/rubenv/sql-migrate v1.6.1
 	gitlab.com/distributed_lab/ape v1.7.1
-	gitlab.com/distributed_lab/figure v2.1.0+incompatible
-	gitlab.com/distributed_lab/kit v1.11.2
+	gitlab.com/distributed_lab/figure v2.1.2+incompatible
+	gitlab.com/distributed_lab/figure/v3 v3.1.4
+	gitlab.com/distributed_lab/kit v1.11.3
 	gitlab.com/distributed_lab/logan v3.8.1+incompatible
 	gotest.tools v2.2.0+incompatible
 )
 
 require (
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/StackExchange/wmi v1.2.1 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 // indirect
-	github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 // indirect
+	github.com/bits-and-blooms/bitset v1.10.0 // indirect
+	github.com/btcsuite/btcd/btcec/v2 v2.3.2 // indirect
 	github.com/certifi/gocertifi v0.0.0-20200211180108-c7c1fbc02894 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/consensys/bavard v0.1.13 // indirect
+	github.com/consensys/gnark-crypto v0.12.1 // indirect
+	github.com/crate-crypto/go-kzg-4844 v0.7.0 // indirect
+	github.com/deckarep/golang-set/v2 v2.1.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/ethereum/c-kzg-4844 v0.4.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/getsentry/raven-go v0.2.0 // indirect
-	github.com/getsentry/sentry-go v0.7.0 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/getsentry/sentry-go v0.27.0 // indirect
+	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/jsonapi v0.0.0-20200226002910-c8283f632fb7 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/holiman/uint256 v1.2.4 // indirect
 	github.com/iden3/go-iden3-crypto v0.0.15 // indirect
-	github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
-	github.com/magiconair/properties v1.8.0 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/jmoiron/sqlx v1.3.5 // indirect
+	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
+	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+	github.com/lib/pq v1.10.9 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mmcloughlin/addchain v0.4.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/pelletier/go-toml v1.2.0 // indirect
-	github.com/sirupsen/logrus v1.6.0 // indirect
-	github.com/spf13/afero v1.1.2 // indirect
-	github.com/spf13/cast v1.3.0 // indirect
-	github.com/spf13/jwalterweatherman v1.0.0 // indirect
-	github.com/spf13/pflag v1.0.3 // indirect
-	github.com/spf13/viper v1.3.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/viper v1.18.2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/supranational/blst v0.3.11 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
 	gitlab.com/distributed_lab/lorem v0.2.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	gitlab.com/distributed_lab/running v1.6.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	golang.org/x/tools v0.20.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	rsc.io/tmplfunc v0.0.3 // indirect
 )