decentproof-backend

module

v0.0.0-...-57a80da Latest Latest Go to latest Published: Mar 21, 2024 License: AGPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/flajt/decentproof-backend

Links

Open Source Insights

README ¶

decentproof-backend

Backend for decentproof-app

For information, or raising issues, please checkout the decentproof-app repository.

Project Structure

Functions
- get_new_key => responsible for getting a new api key
- has_new_key => responsible for checking if there is a new api key
- sign => signs and submitts your data to originstamp
- verify_hash => verifies your hash
- webhook => used for originstamp webhooks
- cronjob => refreshes api key
Api Wrappers
- originstamp => Originstamp.com api
- scw_secret_wrapper => wraps scaleways secret manager
Util
- helper => has helper functions for authentication & key generation
- util => currently only contains a script to generate public and private key pairs
Other
- encryption_service => For en- & decryption of data with AES encryption

How to get started

What do I need

A PC, with ideally a Linux based OS or MacOS
An .env file
A scaleway account
An originstamp account
A firebase account
A running instance of mCaptcha if you want to verify w. the website

.env file

Your .env file needs to contain the following data:

SCW_ACCESS_KEY=<my-access-key-here> # can be empty in local mode
SCW_SECRET_KEY=<my-secret-key-here> # can be empty in local mode
SCW_DEFAULT_ORGANIZATION_ID=<my-org-id-here> # can be empty in local mode
SCW_DEFAULT_PROJECT_ID=<my-project-id-here> # can be empty in local mode
SCW_DEFAULT_REGION=<my-scaleway-defualt-region-here> # can be empty in local mode
GOOGLE_ADMIN_SDK_CREDS=<my-firebase-admin-sdk-key-here> # can be empty in local mode
ORIGINSTAMP_API_KEY=<my-api-key-here> # can be empty in local mode
SECRET_KEY=<your-secret-key-for signatures> # use uti/generate_keys.go to generate it
EMAIL_SECRET=<your-secret-key-with-email-permissions> # can be empty in local mode
WEBHOOK_URL=<the-url-for-the-webhook-callback> # if you don't set a domain you will need to deploy it first to get it.
PRIVATE_KEY=<the-private-key-for-signatures> # this one needs to be in the scaleway secret manager, or local mode!
ENCRYPTION_KEY=<encryption-key-32bytes-for-mail> # only in secret manager, or local mode!
DEBUG=<TRUE-or-anything-else> # if set to TRUE you can run the functions in local mode, which should improve testing capabilities and local development
API_KEY=<base64-encoded-32byte-long-key> # required only on local mode, please hardcode it in the app as well! (Debugging only)
MCAPTCHA_SECRET=<your-mcaptcha-secret> # needs to be set if you want to verify with the website, in PROD it's an encrypted secret
MCAPTCHA_SITEKEY=<your-mcaptcha-site-key> # needs to be set if you want to verify with the website, in PROD it's an encrypted secret
MCAPTCHA_INSTANCE_URL=<your-mcpatcha-instance-url> # needs to be set if you want to verify w. website

So please load it into your terminal enviroment. You can use my script in utils for that: util/load_env.go. This should load all env vars into your terminal (tested in VSCode), use the --path flag to pass the .env file path.

NOTE: Currently the Github Secret for Originstamp Api and E-Mail Secret are the same for DEV as for PROD. The latter should be changed at some point in time.

"Local Mode"

What I've mentioned as local mode is just running the functitions locally from the cmd folder as explained below in testing (this can also be used for local development). If you set DEBUG=TRUE a local implementation of the scw_secret_wrapper is used which loads the three most important api keys into memory.

It will also disable app check for the time beeing, so you don't need to create a firebase account either.

If you think it makes sense to sperate firebase app check "dis- & enablement" into a sperate var please open a discussion.

This doesn't work for cronjobs and webhooks will only work partially as it depends on both an originstamp account as well as a working SMTP service to send E-Mails which in turn uses the SCW_DEFAULT_PROJECT_ID & EMAIL_SECRET as credentials

SMTP

If you know an easy way to mock / setup a local SMTP service, feel free to open an issue / discussion. In the meantime if you want to deploy a SMTP service to test things locally, you need to replace the smtpServer variable in webhook.go

How to Test

Test function implementation

1. Go into every folder and download the deps with: `go get .` or use `go get -d ./...`
2. Navigate to the `/cmd` folder of each function, there you can run: `go run main.go` this will deploy the function on a given port, be aware you need to load the env vars beforehand

Automated Tests

Currently the following packages offer tests:

cronjob (currently not applicable)
scw_secret_wrapper
helper
webhook
encryption_service
sign

More support for functions should be added in the future.

Note: It's not planned to add testing for originstamp related features due to the monthly limit of 5 free documents and to not clutter the blockchain.

Why so many packages?

Yeah... about this:
Scaleway requires every function to be it's own module, and since some scripts are used by multiple modules, I've moved these into their own modules, leading to even more modules. moduleception .In the future, if this project userbase should increase from the .5 it currently has, I convert it from functions into a single api server. But that's in the far future.

Directories ¶

Path	Synopsis
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL