Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: start #https://github.com/ubiquity-os/permit-generation/issues/71 #100

Closed

Conversation

kingsley-einstein
Copy link

Resolves #71

Copy link
Contributor

github-actions bot commented Nov 3, 2024

Unused files (4)

src/plugin.ts, src/worker.ts, src/helpers/signature.ts, src/types/webhook-payload.ts

Unused dependencies (1)

Filename dependencies
package.json typebox-validators

Unused devDependencies (2)

Filename devDependencies
package.json @types/blake2b
supabase

Copy link

@kingsley-einstein, this task has been idle for a while. Please provide an update.

@kingsley-einstein
Copy link
Author

@kingsley-einstein, this task has been idle for a while. Please provide an update.

On it

Copy link

@kingsley-einstein, this task has been idle for a while. Please provide an update.

@kingsley-einstein kingsley-einstein marked this pull request as ready for review November 10, 2024 11:27
@kingsley-einstein
Copy link
Author

It was difficult testing this with a Cloudflare worker, as wasm and asm failed to load, and the fallback was not used. I decided to use tweetnacl and tweetnacl-util for the decryption processes. The private key must be encrypted with a URL-safe base64 nonce with its padding pruned out. This nonce should be available in the environment as X25519_NONCE. I took a look at the implementation here https://github.com/ubq-testing/permit-generation/blob/feat/workerize/src/utils/keys.ts but I still wasn't able to derive the nonce from the keys.

Screenshot from 2024-11-10 12-00-38
Screenshot from 2024-11-10 12-00-29

As seen in the attached screenshots, the plugin has been successfully converted to a worker. The inputs are encrypted as a base64 string, and this string has to be signed using the kernel's private key, and included in the payload as well. The signature verification is done using the kernel's public key which is available in the environment as KERNEL_PUBLIC_KEY.

@kingsley-einstein
Copy link
Author

@Keyrxng
Copy link
Contributor

Keyrxng commented Nov 10, 2024

#71 (comment) - check this comment kingsley. This PR should be closed, sorry bud.

@kingsley-einstein
Copy link
Author

#71 (comment) - check this comment kingsley. This PR should be closed, sorry bud.

Ouch! That's okay

@rndquu rndquu closed this Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Permit Request Authentication
3 participants