Merge branch 'main' into fix/content-type

ForkbombEu · Oct 29, 2024 · be4e218 · be4e218
2 parents 64b09cd + 11038a3
commit be4e218
Show file tree

Hide file tree

Showing 4 changed files with 132 additions and 57 deletions.
diff --git a/Makefile b/Makefile
@@ -12,7 +12,7 @@ endif
 .DEFAULT_GOAL := up
 .PHONY: help
 TEST_DEPS := git jq npx
-DEPLOY_DEPS := wget jq awk
+DEPLOY_DEPS := wget jq awk wc
 
 hn=$(shell hostname)
 
@@ -28,74 +28,32 @@ ifneq ($(OS),Windows_NT)
 	endif
 endif
 
-all:
+deps:
 	$(foreach exec,$(DEPLOY_DEPS),$(if $(shell which $(exec)),,$(error "🥶 `$(exec)` not found in PATH please install it")))
 
 help: ## 🛟  Show this help message
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(firstword $(MAKEFILE_LIST)) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}'
 
-ncr: ## 📦 Install and setup the server
-	@wget -q --show-progress https://github.com/forkbombeu/ncr/releases/latest/download/ncr
-	@chmod +x ./ncr
+ncr: deps ## 📦 Install and setup the server
+	@if [ ! -f ./ncr ]; then \
+		wget -q --show-progress https://github.com/forkbombeu/ncr/releases/latest/download/ncr; \
+		chmod +x ./ncr; \
+	fi
 	@echo "📦 Setup is done!"
 
-authorize: tmp := $(shell mktemp)
-authorize: tmp_zen := $(shell mktemp)
-authorize: tmp_schema := $(shell mktemp)
-authorize: tmp_keys := $(shell mktemp)
-authorize: AUTHZ_FILE?=public/authz_server/authorize
-authorize: ## 📦 Setup the authorize page
-authorize:
-	@echo "{}" > ${tmp_schema}
-	@echo "{}" > ${tmp_zen}
-	@echo "{}" > ${tmp_keys}
-	@if [ -d authz_server/custom_code ] && [ -f ${AUTHZ_FILE} ]; then \
-		for f in authz_server/custom_code/*; do \
-			name=$$(echo $$f | rev | cut -d'/' -f1 | rev | cut -d'.' -f1); \
-			ext=$$(echo $$f | cut -d'.' -f2-); \
-			if [ -f $$f ] && [ "$$ext" = "schema.json" ]; then \
-			jq --arg name $$name '.[$$name] = input ' ${tmp_schema} $$f > ${tmp} && mv ${tmp} ${tmp_schema}; \
-			elif [ -f $$f ] && [ "$$ext" = "zen" ]; then \
-			jq --arg name $$name --arg contract "$$(sed -z 's/\n/\\n/g' $$f)" '.[$$name] = $$contract ' ${tmp_zen} > ${tmp} && mv ${tmp} ${tmp_zen}; \
-			elif [ -f $$f ] && [ "$$ext" = "keys.json" ]; then \
-			jq --arg name $$name '.[$$name] = input ' ${tmp_keys} $$f > ${tmp} && mv ${tmp} ${tmp_keys}; \
-			fi; \
-		done; \
-		awk -v c="$$(jq -r tostring ${tmp_zen})" '{gsub ("const contracts = .*", "const contracts = " c); print}' ${AUTHZ_FILE} > ${tmp} && mv ${tmp} ${AUTHZ_FILE}; \
-		awk -v s="$$(jq -r tostring ${tmp_schema})"  '{gsub ("const schemas = .*", "const schemas = " s); print}' ${AUTHZ_FILE} > ${tmp} && mv ${tmp} ${AUTHZ_FILE}; \
-		awk -v k="$$(jq -r tostring ${tmp_keys})"          '{gsub ("const keys = .*", "const keys = " k); print}' ${AUTHZ_FILE} > ${tmp} && mv ${tmp} ${AUTHZ_FILE}; \
-	fi;
-	@rm ${tmp_schema} ${tmp_zen} ${tmp_keys}
+authorize: deps ## 📦 Setup the authorize page
+	@chmod +x scripts/authorize.sh
+	@./scripts/authorize.sh
 
 up: UP_PORT?=3000
 up: ncr authorize ## 🚀 Up & run the project
 	$(if ${MS_URL},,$(error "Set MS_URL in .env with the url of the service"),)
-	@chmod +x scripts/autorun_search.sh
-	@chmod +x scripts/autorun_store.sh
-	@service=$$(ls | grep "authz_server\$$\|credential_issuer\$$\|relying_party\$$" --color=never | awk '{printf "%s ", $$1}'); \
-	if [ -z "$${service}" ]; then \
-		echo "😢 No service found"; \
-		exit 1; \
-	fi; \
-	port=${UP_PORT}; \
-	if [ "$$(echo -n \"$${service}\" | grep -o '\s' | wc -l)" = "1" ]; then \
-		echo "🐣 Starting service: $${service}"; \
-		name=${MS_NAME}; \
-		if [ -z "$${name}" ]; then name=$$service; fi; \
-		MS_NAME=$$name ./ncr -p $$port -z $$service --public-directory public/$$service --basepath '/'$$service; \
-	else \
-		for s in $${service}; do \
-			echo "🐣 Starting service: $${s}"; \
-			name=${MS_NAME}; \
-			if [ -z "$${name}" ]; then name=$$s; fi; \
-			MS_NAME=$$name ./ncr -p $$port -z $$s --public-directory public/$$s --basepath '/'$$s & echo $$! > .$$s.pid; \
-			port=$$((port+1)); \
-		done \
-	fi
+	@chmod +x scripts/up.sh
+	@./scripts/up.sh ${UP_PORT} ${MS_NAME}
 
 # -- tests --
 
-tests-deps: ## 🧪 Check test dependencies
+tests-deps: # 🧪 Check test dependencies
 	$(foreach exec,$(TEST_DEPS),$(if $(shell which $(exec)),,$(error "🥶 `$(exec)` not found in PATH please install it")))
 
 tests/mobile_zencode:
@@ -113,7 +71,7 @@ test_custom_code:
 	@cp tests/custom_code/as/* authz_server/custom_code/
 	@cp tests/custom_code/ci/* credential_issuer/custom_code/
 
-test: tests-deps test_custom_code up mobile_zencode_up push_server_up ## 🧪 Run e2e tests on the APIs
+test: tests-deps test_custom_code up mobile_zencode_up push_server_up # 🧪 Run e2e tests on the APIs
 	@./scripts/wk.sh setup
 # modify wallet contract to not use capacitor
 	@cat tests/mobile_zencode/wallet/ver_qr_to_info.zen | sed "s/.*Given I connect to 'pb_url' and start capacitor pb client.*/Given I connect to 'pb_url' and start pb client\nGiven I send my_credentials 'my_credentials' and login/" > tests/mobile_zencode/wallet/temp_ver_qr_to_info.zen
@@ -156,7 +114,7 @@ clean: ## 🧹 Clean
 	rm -f .test.*.pid
 	rm -f .*.pid
 
-deepclean: clean ## 🧹 Deep clean (stops all ncr, remove keys and restore well-knowns)
+deepclean: clean # 🧹 Deep clean (stops all ncr, remove keys and restore well-knowns)
 	git restore */.autorun/identity.metadata.json public/*/.well-known
 	rm -f */secrets.keys
 	pkill ncr || true
diff --git a/public/authz_server/.well-known/oauth-authorization-server b/public/authz_server/.well-known/oauth-authorization-server
@@ -4,6 +4,7 @@
 	"token_endpoint": "{{ as_url }}/token",
 	"introspection_endpoint": "{{ as_url }}/introspection",
 	"issuer": "{{ as_url }}",
+	"require_pushed_authorization_requests": true,
 	"jwks": {
 		"keys": [
 			{

diff --git a/scripts/authorize.sh b/scripts/authorize.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+AUTHZ_FILE=public/authz_server/authorize
+CUSTOM_CODE=authz_server/custom_code
+
+if [ ! -d ${CUSTOM_CODE} ] || [ ! -f ${AUTHZ_FILE} ]; then
+    exit 0
+fi
+
+tmp_schema=$(mktemp)
+tmp_zen=$(mktemp)
+tmp_keys=$(mktemp)
+tmp=$(mktemp)
+
+echo "{}" > ${tmp_schema}
+echo "{}" > ${tmp_zen}
+echo "{}" > ${tmp_keys}
+
+for f in ${CUSTOM_CODE}/*; do
+    name=$(echo $f | rev | cut -d'/' -f1 | rev | cut -d'.' -f1)
+    ext=$(echo $f | cut -d'.' -f2-)
+    if [ -f $f ] && [ "$ext" = "schema.json" ]; then
+        jq --arg name ${name} '.[$name] = input ' ${tmp_schema} $f > ${tmp} && mv ${tmp} ${tmp_schema}
+    elif [ -f $f ] && [ "$ext" = "zen" ]; then
+        echo "🎮 Loaded ${name} custom code"
+        jq --arg name ${name} --arg contract "$(sed -z 's/\n/\\n/g' $f)" '.[$name] = $contract ' ${tmp_zen} > ${tmp} && mv ${tmp} ${tmp_zen}
+    elif [ -f $f ] && [ "$ext" = "keys.json" ]; then
+        jq --arg name ${name} '.[$name] = input ' ${tmp_keys} $f > ${tmp} && mv ${tmp} ${tmp_keys}
+    fi
+done
+
+awk -v c="$(jq -r tostring ${tmp_zen})" '{gsub ("const contracts = .*", "const contracts = " c); print}' ${AUTHZ_FILE} > ${tmp} && mv ${tmp} ${AUTHZ_FILE}
+awk -v s="$(jq -r tostring ${tmp_schema})"  '{gsub ("const schemas = .*", "const schemas = " s); print}' ${AUTHZ_FILE} > ${tmp} && mv ${tmp} ${AUTHZ_FILE}
+awk -v k="$(jq -r tostring ${tmp_keys})"          '{gsub ("const keys = .*", "const keys = " k); print}' ${AUTHZ_FILE} > ${tmp} && mv ${tmp} ${AUTHZ_FILE}
+
+rm ${tmp_schema} ${tmp_zen} ${tmp_keys}
diff --git a/scripts/up.sh b/scripts/up.sh
@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+
+UP_PORT=${1}
+MS_NAME=${2}
+
+if [ ! -x scripts/autorun_search.sh ]; then
+    chmod +x scripts/autorun_search.sh
+fi
+
+if [ ! -x scripts/autorun_store.sh ]; then
+    chmod +x scripts/autorun_store.sh
+fi
+
+function start_service() {
+    service=$1
+    echo "🐣 Starting service: ${service}"
+    wk_name=""
+    case ${service} in
+        "authz_server")
+            wk_name="oauth-authorization-server"
+            ;;
+        "credential_issuer")
+            wk_name="openid-credential-issuer"
+            ;;
+        "relying_party")
+            wk_name="openid-relying-party"
+            ;;
+        *)
+            echo "Unknown value for ${service}. Nothing to do." >&2
+            exit 1
+            ;;
+    esac
+    name=${MS_NAME}
+    if [ -z "${name}" ]; then name=$service; fi
+    (
+        MS_NAME=$name ./ncr -p $port -z $service --public-directory public/$service --basepath '/'$service &
+        APP_PID=$!
+        echo $APP_PID > .${service}.pid
+        (
+            sleep 5
+            if [ ! -f $service/secrets.keys ]; then
+                echo "📢 Announce phase failed"
+                echo "🗝️  Secret keys not created in file: ${s}/secrets.keys"
+                echo "⛔ Stopping the service"
+                kill $APP_PID
+                exit 1
+            fi
+            kid=$(jq -r '.jwks.keys[0].kid' public/$service/.well-known/$wk_name)
+            if [ "${kid:0:1}" = "{" ]; then
+                echo "📢 Announce phase failed"
+                echo "🪪 Kid not created in file: public/$service/.well-known/$wk_name"
+                echo "⛔ Stopping the service"
+                kill $APP_PID
+                exit 1
+            fi
+        )
+        wait $APP_PID
+    )
+}
+
+service=""
+for s in authz_server credential_issuer relying_party; do
+    if [[ -d "$s" ]]; then
+        service="$service $s"
+    fi
+done
+if [ -z "${service}" ]; then
+    echo "😢 No service found"
+    exit 1
+fi
+
+port=${UP_PORT}
+if [ "$(echo ${service} | wc -w)" = "1" ]; then
+    start_service ${service} ${port}
+else
+    for s in ${service}; do
+        start_service ${s} ${port} &
+        port=$((port+1))
+    done
+fi