fix validation

rarimo · Sep 3, 2024 · fdf9bd4 · fdf9bd4
1 parent 3d27cc8
commit fdf9bd4
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 13 deletions.
diff --git a/internal/config/verifier.go b/internal/config/verifier.go
@@ -10,6 +10,7 @@ import (
 
 type Verifiers struct {
 	Passport *zk.Verifier
+	Age      int64
 }
 
 func (c *config) Verifiers() Verifiers {
@@ -31,14 +32,15 @@ func (c *config) Verifiers() Verifiers {
 			zk.WithProofType(zk.GlobalPassport),
 			zk.WithVerificationKeyFile(cfg.VerificationKeyPath),
 			zk.WithPassportRootVerifier(c.passport.ProvideVerifier()),
-			zk.WithIdentitiesCreationTimestampLimit(cfg.AllowedIdentityTimestamp),
+			//zk.WithIdentitiesCreationTimestampLimit(cfg.AllowedIdentityTimestamp),
 		)
 		if err != nil {
 			panic(fmt.Errorf("failed to initialize passport verifier: %w", err))
 		}
 
 		return Verifiers{
 			Passport: pass,
+			Age:      cfg.AllowedIdentityTimestamp,
 		}
 	}).(Verifiers)
 }
diff --git a/internal/service/handlers/verification-link.go b/internal/service/handlers/verification-link.go
@@ -26,11 +26,12 @@ func VerificationLink(w http.ResponseWriter, r *http.Request) {
 	}
 
 	user := &data.VerifyUsers{
-		UserID:     req.Data.ID,
-		UserIDHash: userIdHash,
-		CreatedAt:  time.Now().UTC(),
-		Status:     "not_verified",
-		Proof:      []byte{},
+		UserID:        req.Data.ID,
+		UserIDHash:    userIdHash,
+		CreatedAt:     time.Now().UTC(),
+		Status:        "not_verified",
+		Proof:         []byte{},
+		AgeLowerBound: -1,
 	}
 
 	if req.Data.Attributes.Nationality != nil && *req.Data.Attributes.Nationality != "" {

diff --git a/internal/service/handlers/verification_callback.go b/internal/service/handlers/verification_callback.go
@@ -77,6 +77,15 @@ func VerificationCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	var verifyOpts = []zk.VerifyOption{
+		zk.WithProofSelectorValue(getter.Get(zk.Selector)),
+		zk.WithAgeAbove(verifiedUser.AgeLowerBound), // if not required -1
+		zk.WithEventID(eventID),
+	}
+	if verifiedUser.Nationality != "" {
+		verifyOpts = append(verifyOpts, zk.WithCitizenships(verifiedUser.Nationality))
+	}
+
 	// uniqueness check
 	timestampUpperBoundMatches := getter.Get(zk.TimestampUpperBound) == ProofParameters(r).TimestampUpperBound
 	timestampUpperBoundCheckRequired := selectorInt&(1<<timestampUpperBoundBit) == 0
@@ -86,6 +95,7 @@ func VerificationCallback(w http.ResponseWriter, r *http.Request) {
 			ape.RenderErr(w, problems.InternalError())
 			return
 		}
+		verifyOpts = append(verifyOpts, zk.WithIdentitiesCreationTimestampLimit(Verifiers(r).Age))
 	}
 	identityCounterUpperBoundMatches := getter.Get(zk.IdentityCounterUpperBound) == "1"
 	identityCounterUpperBoundCheckRequired := selectorInt&(1<<identityCounterUpperBoundBit) == 0
@@ -95,15 +105,9 @@ func VerificationCallback(w http.ResponseWriter, r *http.Request) {
 			ape.RenderErr(w, problems.InternalError())
 			return
 		}
+		verifyOpts = append(verifyOpts, zk.WithIdentitiesCounter(identityCounterUpperBound))
 	}
 
-	var verifyOpts = []zk.VerifyOption{
-		zk.WithCitizenships(verifiedUser.Nationality),
-		zk.WithProofSelectorValue(getter.Get(zk.Selector)),
-		zk.WithIdentitiesCounter(identityCounterUpperBound),
-		zk.WithAgeAbove(verifiedUser.AgeLowerBound),
-		zk.WithEventID(eventID),
-	}
 	err = Verifiers(r).Passport.VerifyProof(proof, verifyOpts...)
 	if err != nil {
 		var vErr validation.Errors