diff --git a/src/handlers/notify.rs b/src/handlers/notify.rs index 52a1df84..f79c6876 100644 --- a/src/handlers/notify.rs +++ b/src/handlers/notify.rs @@ -101,18 +101,9 @@ pub async fn handler( .await? .ok_or(error::Error::NoProjectDataForTopic(project_id.clone()))?; - let decoded_client_id = DecodedClientId(*state.keypair.public_key().as_bytes()); - let notify_pubkey = ClientId::from(decoded_client_id).to_string(); // Generate publish jobs - this will also remove accounts from not_found // Prepares the encrypted message and gets the topic for each account - let jobs = generate_publish_jobs( - notification, - cursor, - &mut response, - &project_data, - ¬ify_pubkey, - ) - .await?; + let jobs = generate_publish_jobs(notification, cursor, &mut response, &project_data).await?; // Attempts to send to all found accounts, waiting for relay ack for // NOTIFY_TIMEOUT seconds @@ -236,7 +227,6 @@ async fn generate_publish_jobs( mut cursor: mongodb::Cursor, response: &mut Response, project_data: &ProjectData, - notify_pubkey: &str, ) -> Result> { let mut jobs = vec![]; @@ -256,12 +246,7 @@ async fn generate_publish_jobs( let message = JsonRpcPayload { id, jsonrpc: "2.0".to_string(), - params: JsonRpcParams::Push(sign_message( - ¬ification, - project_data, - notify_pubkey, - &client_data, - )?), + params: JsonRpcParams::Push(sign_message(¬ification, project_data, &client_data)?), }; let envelope = Envelope::::new(&client_data.sym_key, &message)?; @@ -318,15 +303,19 @@ fn send_metrics( fn sign_message( msg: &Notification, project_data: &ProjectData, - notify_pubkey: &str, client_data: &ClientData, ) -> Result { + let decoded_client_id = DecodedClientId( + hex::decode(project_data.identity_keypair.public_key.clone())?[0..32].try_into()?, + ); + let identity = ClientId::from(decoded_client_id).to_string(); + let msg = { let msg = JwtMessage { iat: chrono::Utc::now().timestamp(), exp: (chrono::Utc::now() + chrono::Duration::seconds(NOTIFY_MSG_TTL as i64)) .timestamp(), - iss: format!("did:key:{notify_pubkey}"), + iss: format!("did:key:{identity}"), ksu: client_data.ksu.to_string(), aud: format!("did:pkh:{}", client_data.id), act: "notify_message".to_string(), @@ -369,9 +358,10 @@ fn sign_message( #[derive(Serialize, Deserialize, Debug)] pub struct JwtMessage { - pub iat: i64, // issued at - pub exp: i64, // expiry - pub iss: String, // public key of cast server (did:key) + pub iat: i64, // issued at + pub exp: i64, // expiry + // TODO: This was changed from notify pubkey, should be confirmed if we want to keep this + pub iss: String, // dapps identity key pub ksu: String, // key server url pub aud: String, // blockchain account (did:pkh) pub act: String, // action intent (must be "notify_message") diff --git a/tests/integration.rs b/tests/integration.rs index 7495a55b..017ab947 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -254,6 +254,7 @@ PROJECT_ID to be set", // let received_notification = decrypted_notification.params; let claims = verify_jwt(&decrypted_notification.params, dapp_identity_pubkey).unwrap(); + // TODO: verify issuer assert_eq!(claims.msg, notification); assert_eq!(claims.sub, sub_auth_hash); assert!(claims.iat < chrono::Utc::now().timestamp() + JWT_LEEWAY);