Merge pull request #106 from Relayz-io/silvestr/bump-up-dependencies-version

Bump up outdated dependencies

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ on:
     branches:
       - develop
   pull_request:
-    types: [opened, reopened, edited, synchronize]
+    types: [opened, reopened, synchronize]
     branches:
       - develop
 
@@ -56,10 +56,11 @@ jobs:
     needs: [clippy, fmt]
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       packages: read
     steps:
       - name: Log in to the Container registry
-        uses: docker/login-action@v2.0.0
+        uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -75,6 +76,8 @@ jobs:
         run: |
           docker pull ${{ env.REGISTRY }}/relayz-io/key-exchange:latest
           docker tag ${{ env.REGISTRY }}/relayz-io/key-exchange:latest key-exchange:latest
+          docker pull ${{ env.REGISTRY }}/relayz-io/cache:latest
+          docker tag ${{ env.REGISTRY }}/relayz-io/cache:latest cache:latest
           git clone git@github.com:Relayz-io/key-exchange-server.git
           (cd key-exchange-server && docker compose up -d --no-build)
       - name: Clone near-smartcontracts and deploy

README.md

@@ -8,7 +8,14 @@ Commonly used **API** among different dependencies. For example **key-exchange-s
 
 ## Web-Client 🦘
 
-Client library for communication from browser and *Near blockchain*. It's a high-level **API**. User doesn't need to understand how blockchain works.
+It's a client that exchange keys between meeting moderator and participants.
+To achieve solid security used blockchain as a trust point for establishing secure channels between ```moderator``` and ```participant```. Each user in a blockchain has an ```ED25519``` PublicKey. For creating a secure channel **Diffie–Hellman** algorithm is used, provided by [Dalek cryptography](https://github.com/dalek-cryptography). Unfortunately, it's not possible to exchange keys with ```ED25519``` keys, because it is using a ```Edwards``` point, and for algorithm needs a ```Montgomery``` point. For this purpose, conversion happened [here](https://github.com/Relayz-io/near-client/blob/376708def420a158b3ca4e5af2aff2e380fd58af/src/crypto/dhx.rs#L168).
+
+> NOTE! Used the maximum key length for each algorithm
+
+Then we have proper keys for the **Diffie–Hellman** exchange. Let's create out secret with [dhx](https://github.com/Relayz-io/key-exchange-client/blob/develop/web-client/src/crypto.rs#LL8C5-L8C5). After we need to provide a uniformly distributed secret key. For this purpose used a ***_KDF_*** algorithm [```blake3```](https://github.com/BLAKE3-team/BLAKE3). [Here](https://github.com/Relayz-io/key-exchange-client/blob/86450c015c2370742c765d94629ae97837224eee/web-client/src/crypto.rs#L18) is an implementation.
+
+The next stage is to pass a randomly generated key in a secure way for each participant. To do this let's encrypt _generated key_ with a just generated after ***_KDF_*** secure key, that is unique for each ```participant = moderator``` pair. Encrypt randomly generated key by [ChaCha20](https://rust-random.github.io/rand/rand_chacha/struct.ChaCha20Rng.html) with a [AES-GCM](https://github.com/Relayz-io/key-exchange-client/blob/86450c015c2370742c765d94629ae97837224eee/web-client/src/crypto.rs#L30). That's all.
 
 ### Usage of web-client library:
 

common-api/Cargo.toml

@@ -11,8 +11,7 @@ structures should be serializable with "serde" and "borsh"
 
 [dependencies]
 borsh = "0.9"
-near-account-id = { version = "0.15" }
-near-client = "0.1"
+near-client = { git = "https://github.com/Relayz-io/near-client.git" }
 serde = { version = "1", default-features = false, features = ["derive"] }
 
 [dev-dependencies]

common-api/src/api.rs

@@ -1,6 +1,5 @@
 use borsh::{BorshDeserialize, BorshSerialize};
-use near_account_id::AccountId;
-use near_client::crypto::prelude::*;
+use near_client::prelude::*;
 use serde::{Deserialize, Serialize};
 use std::{collections::HashSet, time::Duration};
 

common-api/src/headers.rs

@@ -1,5 +1,4 @@
-use near_account_id::AccountId;
-use near_client::crypto::prelude::*;
+use near_client::prelude::*;
 use serde::{Deserialize, Serialize};
 
 pub const SIGNATURE_HEADER_NAME: &str = "signature";

web-client/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "web-client"
-version = "0.1.0"
+version = "0.1.1"
 edition = "2021"
 authors = ["silvestr@relayz.io"]
 description = """
@@ -12,7 +12,7 @@ crate-type = ["cdylib", "rlib"]
 [dependencies]
 aes-gcm = "0.10"
 blake3 = "1.3"
-base64 = "0.20"
+base64 = "0.21"
 console_error_panic_hook = "0.1"
 common-api = { path = "../common-api" }
 console_log = { version = "0.2", features = ["color"] }
@@ -21,13 +21,11 @@ gloo-timers = { version = "0.2", features = ["futures-core", "futures"] }
 itertools = "0.10"
 js-sys = "0.3"
 log = "0.4"
-near-client = "0.1"
-near-primitives-core = "0.15"
-near-units = "0.2"
+near-client = { git = "https://github.com/Relayz-io/near-client.git" }
 rand = { version = "0.8" }
 rand_chacha = "0.3"
 reqwest = { version = "0.11", features = ["json"] }
-serde-wasm-bindgen = "0.4"
+serde-wasm-bindgen = "0.5"
 serde = { version = "1", default-features = false, features = ["derive"] }
 serde_json = { version = "1", default-features = false }
 uuid = { version = "1.1.2", features = ["v4", "serde", "js"] }

web-client/src/contract.rs

@@ -1,7 +1,5 @@
 use crate::{error::ApiError, Handler};
-use near_client::{crypto::prelude::*, prelude::*, Finality};
-use near_primitives_core::{hash::CryptoHash, types::AccountId};
-use near_units::parse_gas;
+use near_client::{core::hash::CryptoHash, near_units::parse_gas, prelude::*};
 use std::collections::HashSet;
 use uuid::Uuid;
 use wasm_bindgen::prelude::*;

web-client/src/error.rs

@@ -1,5 +1,4 @@
-use near_client::{crypto::Error as CryptoErr, Error};
-use near_primitives_core::account::id::ParseAccountError;
+use near_client::{core::account::id::ParseAccountError, crypto::Error as CryptoErr, Error};
 use reqwest::Error as ExchangeError;
 use serde::{Deserialize, Serialize};
 use serde_json::Error as SerializationError;

web-client/src/exchange_client.rs

@@ -9,8 +9,8 @@ use reqwest::{
 };
 
 use crate::{contract::view_server_key, error::ApiError, Handler};
+use base64::prelude::*;
 use near_client::prelude::*;
-use near_primitives_core::types::AccountId;
 use std::{collections::HashSet, time::Duration};
 use uuid::Uuid;
 use wasm_bindgen::JsValue;
@@ -138,7 +138,7 @@ fn signature_header<T: serde::Serialize>(value: &T, signer: &Signer) -> Result<S
 
             serde_json::to_vec(&header).map_err(|_| ApiError::CreateSignatureHeader.into())
         })
-        .map(base64::encode)
+        .map(|it| BASE64_STANDARD_NO_PAD.encode(it))
 }
 
 async fn verify_response(handler: &Handler, response: Response) -> Result<Vec<u8>> {
@@ -150,7 +150,9 @@ async fn verify_response(handler: &Handler, response: Response) -> Result<Vec<u8
         .to_str()
         .map_err(|_| ApiError::VerifySignatureHeader)
         .and_then(|header_str| {
-            base64::decode(header_str).map_err(|_| ApiError::VerifySignatureHeader)
+            BASE64_STANDARD_NO_PAD
+                .decode(header_str)
+                .map_err(|_| ApiError::VerifySignatureHeader)
         })
         .and_then(|bytes| {
             serde_json::from_slice::<SignatureHeader>(&bytes)

web-client/src/lib.rs

@@ -8,6 +8,12 @@ pub use contract::{
     view_moderator_account,
 };
 
+use near_client::{
+    core::{hash::CryptoHash, types::Nonce},
+    prelude::*,
+};
+
+use base64::prelude::*;
 use common_api::api::{ApiResponse, Data, ExchangeMessage};
 use crypto::{decrypt, encrypt, secret};
 use error::ApiError;
@@ -17,8 +23,6 @@ use gloo_timers::future::TimeoutFuture;
 use itertools::Itertools;
 use js_sys::Promise;
 use log::{info, warn};
-use near_client::prelude::*;
-use near_primitives_core::{account::id::AccountId, hash::CryptoHash, types::Nonce};
 use serde::{Deserialize, Serialize};
 use std::{collections::HashSet, str::FromStr, sync::Arc};
 use url::Url;
@@ -142,6 +146,7 @@ impl KeyProvisioner {
     ///
     /// - participants_set - The [`js_sys::Set`] represents hash set of participants' keys
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
+    #[wasm_bindgen(js_name = initMeeting)]
     pub fn init_meeting(&self, participants_set: js_sys::Set, timeout_ms: u32) -> Promise {
         let handler = self.handler();
         let signer = self.signer();
@@ -178,12 +183,38 @@ impl KeyProvisioner {
         })
     }
 
+    /// Add a participant to the current session
+    ///
+    /// Arguments
+    ///
+    /// - meeting_id - The [`String`] that indicates ID of the meeting room
+    /// - participant - [`AccountId`] of a desired participant
+    ///
+    /// Returns
+    ///
+    /// Transaction ID
+    #[wasm_bindgen(js_name = addParticipant)]
+    pub fn add_participant(&self, meeting_id: String, participant: String) -> Promise {
+        let handler = self.handler();
+        let signer = self.signer();
+        wasm_bindgen_futures::future_to_promise(async move {
+            let account_id = AccountId::from_str(&participant)
+                .map_err(|err| ApiError::InvalidAccountId(err.to_string()))?;
+            let meeting_id = uuid::Uuid::from_str(&meeting_id)
+                .map_err(|err| ApiError::InvalidSessionUuid(err.to_string()))?;
+            let transaction_id = add_participant(&handler, &signer, meeting_id, account_id).await?;
+
+            Ok(to_value(&transaction_id.to_string()))
+        })
+    }
+
     /// Sends participants' keys to the keys exchange server
     ///
     /// Arguments
     ///
     /// - meeting_id - The [`String`] that indicates ID of the meeting room
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
+    #[wasm_bindgen(js_name = sendKeys)]
     pub fn send_keys(&self, meeting_id: String, timeout_ms: u32) -> Promise {
         let handler = self.handler();
         let signer = self.signer();
@@ -239,7 +270,9 @@ impl KeyProvisioner {
                 exchange(&handler, &signer, meet_id, messages).await?;
             }
 
-            Ok(JsValue::from_str(&base64::encode(handler.secret)))
+            Ok(JsValue::from_str(
+                &BASE64_STANDARD_NO_PAD.encode(handler.secret),
+            ))
         };
 
         wasm_bindgen_futures::future_to_promise(async move {
@@ -258,6 +291,7 @@ impl KeyProvisioner {
     ///
     /// - meeting_id - The [`String`] that indicates ID of the meeting room
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
+    #[wasm_bindgen(js_name = getKey)]
     pub fn get_key(&self, meeting_id: String, timeout_ms: u32) -> Promise {
         let handler = self.handler();
         let signer = self.signer();
@@ -269,7 +303,7 @@ impl KeyProvisioner {
                 if let ApiResponse::Success(data) = receive(&handler, &signer, meet_id).await? {
                     let secret =
                         decrypt(signer.secret_key(), data.moderator_pk, meet_id, data.data)?;
-                    return Ok(JsValue::from_str(&base64::encode(secret)));
+                    return Ok(JsValue::from_str(&BASE64_STANDARD_NO_PAD.encode(secret)));
                 }
             }
         };

web-client/tests/integration.rs

@@ -1,5 +1,4 @@
-use near_client::{crypto::prelude::*, prelude::*, Finality};
-use near_primitives_core::account::id::AccountId;
+use near_client::{near_units, prelude::*};
 use serde::{Deserialize, Serialize};
 use std::str::FromStr;
 use url::Url;