feat(): validated oob invitation #287
Conversation
Christiantyemele
requested review from
IngridPuppet,
Hermann-Core,
ndefokou and
Blindspot22
and removed request for
Hermann-Core
| let plaintext = | ||
| to_string(oob_message).map_err(|e| format!("Serialization error: {}", e))?; | ||
| let encoded_jwm = Base64Url.encode(plaintext.as_bytes()); | ||
|
|
||
| Ok(format!("{}?_oob={}", url, encoded_jwm)) | ||
| let ooburl = format!("{}/_oob{}", url, encoded_jwm); |
There was a problem hiding this comment.
You changed the format of the oob_url. Is there any reason to that?
There was a problem hiding this comment.
yes i want to use the oob jwm as a routing path to the out band message and the previous format contains query parameters which will be misinterpreted if used as route path
There was a problem hiding this comment.
You don't have to do what you plan to do. Plus, note that the OOB URL format is normative. Check https://identity.foundation/didcomm-messaging/spec/#standard-message-encoding.
| Router::new() // | ||
| .route("/oob_url", get(handler_oob_inv)) | ||
| .route("/oob_qr", get(handler_oob_qr)) | ||
| .route("/", get(handler_landing_page_oob)) | ||
| // handle oob invitation to invitation message | ||
| .route(&invitation_path, get(decode_oob_inv)) |
There was a problem hiding this comment.
I dont understand what the new route is and why you added it
There was a problem hiding this comment.
The qr_code and and oob url have no handled route, what i mean is if you can the oob qr_code you get nothing even the oob_url takes you no where as the route has not been handled and as such you can have its content without decoding it, that's where this route comes in
There was a problem hiding this comment.
The oob_url should not necessarily take you to somewhere.
There was a problem hiding this comment.
Apart from the changes @Hermann-Core requested, I think this PR's good to go.
| let url = format!("{}", server_public_domain); | ||
| let encoded_oob = OobMessage::serialize_oob_message(&oobmessage, &url).unwrap(); | ||
| encoded_oob |
There was a problem hiding this comment.
Add an assert_eq! to validate what you expect as valid output.
| Router::new() // | ||
| .route("/oob_url", get(handler_oob_inv)) | ||
| .route("/oob_qr", get(handler_oob_qr)) | ||
| .route("/", get(handler_landing_page_oob)) | ||
| // handle oob invitation to invitation message | ||
| .route(&invitation_path, get(decode_oob_inv)) |
There was a problem hiding this comment.
The oob_url should not necessarily take you to somewhere.
| let plaintext = | ||
| to_string(oob_message).map_err(|e| format!("Serialization error: {}", e))?; | ||
| let encoded_jwm = Base64Url.encode(plaintext.as_bytes()); | ||
|
|
||
| Ok(format!("{}?_oob={}", url, encoded_jwm)) | ||
| let ooburl = format!("{}/_oob{}", url, encoded_jwm); |
There was a problem hiding this comment.
You don't have to do what you plan to do. Plus, note that the OOB URL format is normative. Check https://identity.foundation/didcomm-messaging/spec/#standard-message-encoding.
| let serialized_msg = test_serialize_oobmessage(); | ||
| let oobmessage: Vec<&str> = serialized_msg.split("/_oob").collect(); | ||
| let oobmessage = oobmessage.get(1).unwrap().to_string(); |
There was a problem hiding this comment.
Note that _oob must be a query parameter in a compliant OOB URL.
| let oobmessage: Vec<&str> = oob_inv.split("/_").collect(); | ||
| let oobmessage = oobmessage.get(1).unwrap_or(&"").to_string(); | ||
|
|
||
| self.state = Some(OOBMessagesState { | ||
| filesystem: Arc::new(Mutex::new(fs)), | ||
| oobmessage, | ||
| }); |
There was a problem hiding this comment.
- I don't see the point of extracting something like "oob=abcd...xyz", when you already have the full string...
- Did you run
cargo clippyon your changes? I feel like you can useunwrap_or_defaulthere.
| <body> | ||
| <a href={}>out of band invitation url</a> | ||
| </body> |
There was a problem hiding this comment.
Please leave the URL plainly visible. It is more practical that way. See https://mediator.rootsid.cloud.
| let html_content = | ||
| match retrieve_or_generate_oob_inv(&mut *fs, &server_public_domain, &storage_dirpath) { |
There was a problem hiding this comment.
Could you rename this variable? I don't think it contains anything HTML.
| pub(crate) async fn decode_oob_inv(State(state): State<Arc<OOBMessagesState>>) -> Response { | ||
| let encoded_inv = &state.oobmessage; | ||
| let encoded_inv: Vec<&str> = encoded_inv.split("oob").collect(); | ||
| let encoded_inv = encoded_inv.get(1).unwrap(); | ||
| let decoded_inv = Base64Url.decode(encoded_inv).unwrap_or_default(); |
There was a problem hiding this comment.
I am not seeing the purpose of this handler... Do you have any valid use case?
| let plaintext = | ||
| to_string(oob_message).map_err(|e| format!("Serialization error: {}", e))?; | ||
| let encoded_jwm = Base64Url.encode(plaintext.as_bytes()); | ||
|
|
||
| Ok(format!("{}?_oob={}", url, encoded_jwm)) | ||
| let ooburl = format!("{}/_oob{}", url, encoded_jwm); |
There was a problem hiding this comment.
| let ooburl = format!("{}/_oob{}", url, encoded_jwm); | |
| let oob_url = format!("{}/_oob{}", url, encoded_jwm); |
| let url: &String = &format!("{}", server_public_domain); | ||
| let oob_url = OobMessage::serialize_oob_message(&oob_message, url) |
There was a problem hiding this comment.
The conversion here is unnecessary.
| let url: &String = &format!("{}", server_public_domain); | |
| let oob_url = OobMessage::serialize_oob_message(&oob_message, url) | |
| let oob_url = OobMessage::serialize_oob_message(&oob_message, server_public_domain) |
| let oobmessage: Vec<&str> = serialized_msg.split("/_oob").collect(); | ||
| let oobmessage = oobmessage.get(1).unwrap().to_string(); |
There was a problem hiding this comment.
| let oobmessage: Vec<&str> = serialized_msg.split("/_oob").collect(); | |
| let oobmessage = oobmessage.get(1).unwrap().to_string(); | |
| let oob_message: Vec<&str> = serialized_msg.split("/_oob").collect(); | |
| let oob_message = oobmessage.get(1).unwrap().to_string(); |
| } | ||
|
|
||
| #[derive(Clone)] | ||
| pub(crate) struct OOBMessagesState { | ||
| pub(crate) filesystem: Arc<Mutex<dyn FileSystem>>, | ||
| pub(crate) oobmessage: String, |
There was a problem hiding this comment.
what is the purpose of the field you added here?
| let server_public_domain = std::env::var("SERVER_PUBLIC_DOMAIN").unwrap(); | ||
| let storage_dirpath = std::env::var("STORAGE_DIRPATH").unwrap(); | ||
| let mut fs = MockFileSystem; | ||
| let oobmessage = |
There was a problem hiding this comment.
| let oobmessage = | |
| let oob_message = |
There was a problem hiding this comment.
I have check all the comments and from our discussions it seems this PR actually solves no issue or brings and adjustments so, i guess it should be closed @Hermann-Core @IngridPuppet
There was a problem hiding this comment.
I would agree. Also check the comment I left on the issue before planning to close it as well.
No description provided.