浏览代码

Merge pull request #106 from Relayz-io/silvestr/bump-up-dependencies-version

Bump up outdated dependencies
develop
Predko Silvestr 2 年前
父节点
当前提交
fb40b81ce8
没有帐户链接到提交者的电子邮件

+ 5
- 2
.github/workflows/ci.yml 查看文件

9
     branches:
9
     branches:
10
       - develop
10
       - develop
11
   pull_request:
11
   pull_request:
12
-    types: [opened, reopened, edited, synchronize]
12
+    types: [opened, reopened, synchronize]
13
     branches:
13
     branches:
14
       - develop
14
       - develop
15
 
15
 
56
     needs: [clippy, fmt]
56
     needs: [clippy, fmt]
57
     runs-on: ubuntu-latest
57
     runs-on: ubuntu-latest
58
     permissions:
58
     permissions:
59
+      contents: read
59
       packages: read
60
       packages: read
60
     steps:
61
     steps:
61
       - name: Log in to the Container registry
62
       - name: Log in to the Container registry
62
-        uses: docker/login-action@v2.0.0
63
+        uses: docker/login-action@v2
63
         with:
64
         with:
64
           registry: ${{ env.REGISTRY }}
65
           registry: ${{ env.REGISTRY }}
65
           username: ${{ github.actor }}
66
           username: ${{ github.actor }}
75
         run: |
76
         run: |
76
           docker pull ${{ env.REGISTRY }}/relayz-io/key-exchange:latest
77
           docker pull ${{ env.REGISTRY }}/relayz-io/key-exchange:latest
77
           docker tag ${{ env.REGISTRY }}/relayz-io/key-exchange:latest key-exchange:latest
78
           docker tag ${{ env.REGISTRY }}/relayz-io/key-exchange:latest key-exchange:latest
79
+          docker pull ${{ env.REGISTRY }}/relayz-io/cache:latest
80
+          docker tag ${{ env.REGISTRY }}/relayz-io/cache:latest cache:latest
78
           git clone git@github.com:Relayz-io/key-exchange-server.git
81
           git clone git@github.com:Relayz-io/key-exchange-server.git
79
           (cd key-exchange-server && docker compose up -d --no-build)
82
           (cd key-exchange-server && docker compose up -d --no-build)
80
       - name: Clone near-smartcontracts and deploy
83
       - name: Clone near-smartcontracts and deploy

+ 8
- 1
README.md 查看文件

8
 
8
 
9
 ## Web-Client 🦘
9
 ## Web-Client 🦘
10
 
10
 
11
-Client library for communication from browser and *Near blockchain*. It's a high-level **API**. User doesn't need to understand how blockchain works.
11
+It's a client that exchange keys between meeting moderator and participants.
12
+To achieve solid security used blockchain as a trust point for establishing secure channels between ```moderator``` and ```participant```. Each user in a blockchain has an ```ED25519``` PublicKey. For creating a secure channel **Diffie–Hellman** algorithm is used, provided by [Dalek cryptography](https://github.com/dalek-cryptography). Unfortunately, it's not possible to exchange keys with ```ED25519``` keys, because it is using a ```Edwards``` point, and for algorithm needs a ```Montgomery``` point. For this purpose, conversion happened [here](https://github.com/Relayz-io/near-client/blob/376708def420a158b3ca4e5af2aff2e380fd58af/src/crypto/dhx.rs#L168).
13
+
14
+> NOTE! Used the maximum key length for each algorithm
15
+
16
+Then we have proper keys for the **Diffie–Hellman** exchange. Let's create out secret with [dhx](https://github.com/Relayz-io/key-exchange-client/blob/develop/web-client/src/crypto.rs#LL8C5-L8C5). After we need to provide a uniformly distributed secret key. For this purpose used a ***_KDF_*** algorithm [```blake3```](https://github.com/BLAKE3-team/BLAKE3). [Here](https://github.com/Relayz-io/key-exchange-client/blob/86450c015c2370742c765d94629ae97837224eee/web-client/src/crypto.rs#L18) is an implementation.
17
+
18
+The next stage is to pass a randomly generated key in a secure way for each participant. To do this let's encrypt _generated key_ with a just generated after ***_KDF_*** secure key, that is unique for each ```participant = moderator``` pair. Encrypt randomly generated key by [ChaCha20](https://rust-random.github.io/rand/rand_chacha/struct.ChaCha20Rng.html) with a [AES-GCM](https://github.com/Relayz-io/key-exchange-client/blob/86450c015c2370742c765d94629ae97837224eee/web-client/src/crypto.rs#L30). That's all.
12
 
19
 
13
 ### Usage of web-client library:
20
 ### Usage of web-client library:
14
 
21
 

+ 1
- 2
common-api/Cargo.toml 查看文件

11
 
11
 
12
 [dependencies]
12
 [dependencies]
13
 borsh = "0.9"
13
 borsh = "0.9"
14
-near-account-id = { version = "0.15" }
15
-near-client = "0.1"
14
+near-client = { git = "https://github.com/Relayz-io/near-client.git" }
16
 serde = { version = "1", default-features = false, features = ["derive"] }
15
 serde = { version = "1", default-features = false, features = ["derive"] }
17
 
16
 
18
 [dev-dependencies]
17
 [dev-dependencies]

+ 1
- 2
common-api/src/api.rs 查看文件

1
 use borsh::{BorshDeserialize, BorshSerialize};
1
 use borsh::{BorshDeserialize, BorshSerialize};
2
-use near_account_id::AccountId;
3
-use near_client::crypto::prelude::*;
2
+use near_client::prelude::*;
4
 use serde::{Deserialize, Serialize};
3
 use serde::{Deserialize, Serialize};
5
 use std::{collections::HashSet, time::Duration};
4
 use std::{collections::HashSet, time::Duration};
6
 
5
 

+ 1
- 2
common-api/src/headers.rs 查看文件

1
-use near_account_id::AccountId;
2
-use near_client::crypto::prelude::*;
1
+use near_client::prelude::*;
3
 use serde::{Deserialize, Serialize};
2
 use serde::{Deserialize, Serialize};
4
 
3
 
5
 pub const SIGNATURE_HEADER_NAME: &str = "signature";
4
 pub const SIGNATURE_HEADER_NAME: &str = "signature";

+ 4
- 6
web-client/Cargo.toml 查看文件

1
 [package]
1
 [package]
2
 name = "web-client"
2
 name = "web-client"
3
-version = "0.1.0"
3
+version = "0.1.1"
4
 edition = "2021"
4
 edition = "2021"
5
 authors = ["silvestr@relayz.io"]
5
 authors = ["silvestr@relayz.io"]
6
 description = """
6
 description = """
12
 [dependencies]
12
 [dependencies]
13
 aes-gcm = "0.10"
13
 aes-gcm = "0.10"
14
 blake3 = "1.3"
14
 blake3 = "1.3"
15
-base64 = "0.20"
15
+base64 = "0.21"
16
 console_error_panic_hook = "0.1"
16
 console_error_panic_hook = "0.1"
17
 common-api = { path = "../common-api" }
17
 common-api = { path = "../common-api" }
18
 console_log = { version = "0.2", features = ["color"] }
18
 console_log = { version = "0.2", features = ["color"] }
21
 itertools = "0.10"
21
 itertools = "0.10"
22
 js-sys = "0.3"
22
 js-sys = "0.3"
23
 log = "0.4"
23
 log = "0.4"
24
-near-client = "0.1"
25
-near-primitives-core = "0.15"
26
-near-units = "0.2"
24
+near-client = { git = "https://github.com/Relayz-io/near-client.git" }
27
 rand = { version = "0.8" }
25
 rand = { version = "0.8" }
28
 rand_chacha = "0.3"
26
 rand_chacha = "0.3"
29
 reqwest = { version = "0.11", features = ["json"] }
27
 reqwest = { version = "0.11", features = ["json"] }
30
-serde-wasm-bindgen = "0.4"
28
+serde-wasm-bindgen = "0.5"
31
 serde = { version = "1", default-features = false, features = ["derive"] }
29
 serde = { version = "1", default-features = false, features = ["derive"] }
32
 serde_json = { version = "1", default-features = false }
30
 serde_json = { version = "1", default-features = false }
33
 uuid = { version = "1.1.2", features = ["v4", "serde", "js"] }
31
 uuid = { version = "1.1.2", features = ["v4", "serde", "js"] }

+ 1
- 3
web-client/src/contract.rs 查看文件

1
 use crate::{error::ApiError, Handler};
1
 use crate::{error::ApiError, Handler};
2
-use near_client::{crypto::prelude::*, prelude::*, Finality};
3
-use near_primitives_core::{hash::CryptoHash, types::AccountId};
4
-use near_units::parse_gas;
2
+use near_client::{core::hash::CryptoHash, near_units::parse_gas, prelude::*};
5
 use std::collections::HashSet;
3
 use std::collections::HashSet;
6
 use uuid::Uuid;
4
 use uuid::Uuid;
7
 use wasm_bindgen::prelude::*;
5
 use wasm_bindgen::prelude::*;

+ 1
- 2
web-client/src/error.rs 查看文件

1
-use near_client::{crypto::Error as CryptoErr, Error};
2
-use near_primitives_core::account::id::ParseAccountError;
1
+use near_client::{core::account::id::ParseAccountError, crypto::Error as CryptoErr, Error};
3
 use reqwest::Error as ExchangeError;
2
 use reqwest::Error as ExchangeError;
4
 use serde::{Deserialize, Serialize};
3
 use serde::{Deserialize, Serialize};
5
 use serde_json::Error as SerializationError;
4
 use serde_json::Error as SerializationError;

+ 5
- 3
web-client/src/exchange_client.rs 查看文件

9
 };
9
 };
10
 
10
 
11
 use crate::{contract::view_server_key, error::ApiError, Handler};
11
 use crate::{contract::view_server_key, error::ApiError, Handler};
12
+use base64::prelude::*;
12
 use near_client::prelude::*;
13
 use near_client::prelude::*;
13
-use near_primitives_core::types::AccountId;
14
 use std::{collections::HashSet, time::Duration};
14
 use std::{collections::HashSet, time::Duration};
15
 use uuid::Uuid;
15
 use uuid::Uuid;
16
 use wasm_bindgen::JsValue;
16
 use wasm_bindgen::JsValue;
138
 
138
 
139
             serde_json::to_vec(&header).map_err(|_| ApiError::CreateSignatureHeader.into())
139
             serde_json::to_vec(&header).map_err(|_| ApiError::CreateSignatureHeader.into())
140
         })
140
         })
141
-        .map(base64::encode)
141
+        .map(|it| BASE64_STANDARD_NO_PAD.encode(it))
142
 }
142
 }
143
 
143
 
144
 async fn verify_response(handler: &Handler, response: Response) -> Result<Vec<u8>> {
144
 async fn verify_response(handler: &Handler, response: Response) -> Result<Vec<u8>> {
150
         .to_str()
150
         .to_str()
151
         .map_err(|_| ApiError::VerifySignatureHeader)
151
         .map_err(|_| ApiError::VerifySignatureHeader)
152
         .and_then(|header_str| {
152
         .and_then(|header_str| {
153
-            base64::decode(header_str).map_err(|_| ApiError::VerifySignatureHeader)
153
+            BASE64_STANDARD_NO_PAD
154
+                .decode(header_str)
155
+                .map_err(|_| ApiError::VerifySignatureHeader)
154
         })
156
         })
155
         .and_then(|bytes| {
157
         .and_then(|bytes| {
156
             serde_json::from_slice::<SignatureHeader>(&bytes)
158
             serde_json::from_slice::<SignatureHeader>(&bytes)

+ 38
- 4
web-client/src/lib.rs 查看文件

8
     view_moderator_account,
8
     view_moderator_account,
9
 };
9
 };
10
 
10
 
11
+use near_client::{
12
+    core::{hash::CryptoHash, types::Nonce},
13
+    prelude::*,
14
+};
15
+
16
+use base64::prelude::*;
11
 use common_api::api::{ApiResponse, Data, ExchangeMessage};
17
 use common_api::api::{ApiResponse, Data, ExchangeMessage};
12
 use crypto::{decrypt, encrypt, secret};
18
 use crypto::{decrypt, encrypt, secret};
13
 use error::ApiError;
19
 use error::ApiError;
17
 use itertools::Itertools;
23
 use itertools::Itertools;
18
 use js_sys::Promise;
24
 use js_sys::Promise;
19
 use log::{info, warn};
25
 use log::{info, warn};
20
-use near_client::prelude::*;
21
-use near_primitives_core::{account::id::AccountId, hash::CryptoHash, types::Nonce};
22
 use serde::{Deserialize, Serialize};
26
 use serde::{Deserialize, Serialize};
23
 use std::{collections::HashSet, str::FromStr, sync::Arc};
27
 use std::{collections::HashSet, str::FromStr, sync::Arc};
24
 use url::Url;
28
 use url::Url;
142
     ///
146
     ///
143
     /// - participants_set - The [`js_sys::Set`] represents hash set of participants' keys
147
     /// - participants_set - The [`js_sys::Set`] represents hash set of participants' keys
144
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
148
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
149
+    #[wasm_bindgen(js_name = initMeeting)]
145
     pub fn init_meeting(&self, participants_set: js_sys::Set, timeout_ms: u32) -> Promise {
150
     pub fn init_meeting(&self, participants_set: js_sys::Set, timeout_ms: u32) -> Promise {
146
         let handler = self.handler();
151
         let handler = self.handler();
147
         let signer = self.signer();
152
         let signer = self.signer();
178
         })
183
         })
179
     }
184
     }
180
 
185
 
186
+    /// Add a participant to the current session
187
+    ///
188
+    /// Arguments
189
+    ///
190
+    /// - meeting_id - The [`String`] that indicates ID of the meeting room
191
+    /// - participant - [`AccountId`] of a desired participant
192
+    ///
193
+    /// Returns
194
+    ///
195
+    /// Transaction ID
196
+    #[wasm_bindgen(js_name = addParticipant)]
197
+    pub fn add_participant(&self, meeting_id: String, participant: String) -> Promise {
198
+        let handler = self.handler();
199
+        let signer = self.signer();
200
+        wasm_bindgen_futures::future_to_promise(async move {
201
+            let account_id = AccountId::from_str(&participant)
202
+                .map_err(|err| ApiError::InvalidAccountId(err.to_string()))?;
203
+            let meeting_id = uuid::Uuid::from_str(&meeting_id)
204
+                .map_err(|err| ApiError::InvalidSessionUuid(err.to_string()))?;
205
+            let transaction_id = add_participant(&handler, &signer, meeting_id, account_id).await?;
206
+
207
+            Ok(to_value(&transaction_id.to_string()))
208
+        })
209
+    }
210
+
181
     /// Sends participants' keys to the keys exchange server
211
     /// Sends participants' keys to the keys exchange server
182
     ///
212
     ///
183
     /// Arguments
213
     /// Arguments
184
     ///
214
     ///
185
     /// - meeting_id - The [`String`] that indicates ID of the meeting room
215
     /// - meeting_id - The [`String`] that indicates ID of the meeting room
186
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
216
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
217
+    #[wasm_bindgen(js_name = sendKeys)]
187
     pub fn send_keys(&self, meeting_id: String, timeout_ms: u32) -> Promise {
218
     pub fn send_keys(&self, meeting_id: String, timeout_ms: u32) -> Promise {
188
         let handler = self.handler();
219
         let handler = self.handler();
189
         let signer = self.signer();
220
         let signer = self.signer();
239
                 exchange(&handler, &signer, meet_id, messages).await?;
270
                 exchange(&handler, &signer, meet_id, messages).await?;
240
             }
271
             }
241
 
272
 
242
-            Ok(JsValue::from_str(&base64::encode(handler.secret)))
273
+            Ok(JsValue::from_str(
274
+                &BASE64_STANDARD_NO_PAD.encode(handler.secret),
275
+            ))
243
         };
276
         };
244
 
277
 
245
         wasm_bindgen_futures::future_to_promise(async move {
278
         wasm_bindgen_futures::future_to_promise(async move {
258
     ///
291
     ///
259
     /// - meeting_id - The [`String`] that indicates ID of the meeting room
292
     /// - meeting_id - The [`String`] that indicates ID of the meeting room
260
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
293
     /// - timeout_ms - The [`u32`] that represents milliseconds that were given not to be exceeded
294
+    #[wasm_bindgen(js_name = getKey)]
261
     pub fn get_key(&self, meeting_id: String, timeout_ms: u32) -> Promise {
295
     pub fn get_key(&self, meeting_id: String, timeout_ms: u32) -> Promise {
262
         let handler = self.handler();
296
         let handler = self.handler();
263
         let signer = self.signer();
297
         let signer = self.signer();
269
                 if let ApiResponse::Success(data) = receive(&handler, &signer, meet_id).await? {
303
                 if let ApiResponse::Success(data) = receive(&handler, &signer, meet_id).await? {
270
                     let secret =
304
                     let secret =
271
                         decrypt(signer.secret_key(), data.moderator_pk, meet_id, data.data)?;
305
                         decrypt(signer.secret_key(), data.moderator_pk, meet_id, data.data)?;
272
-                    return Ok(JsValue::from_str(&base64::encode(secret)));
306
+                    return Ok(JsValue::from_str(&BASE64_STANDARD_NO_PAD.encode(secret)));
273
                 }
307
                 }
274
             }
308
             }
275
         };
309
         };

+ 1
- 2
web-client/tests/integration.rs 查看文件

1
-use near_client::{crypto::prelude::*, prelude::*, Finality};
2
-use near_primitives_core::account::id::AccountId;
1
+use near_client::{near_units, prelude::*};
3
 use serde::{Deserialize, Serialize};
2
 use serde::{Deserialize, Serialize};
4
 use std::str::FromStr;
3
 use std::str::FromStr;
5
 use url::Url;
4
 use url::Url;

正在加载...
取消
保存