Page MenuHomePhabricator

[lib] Introduce `identityKeysBlobValidator` and use in `login`/`register`/`siwe_auth` responders
ClosedPublic

Authored by atul on Mar 3 2023, 10:38 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 26, 9:10 AM
Unknown Object (File)
Mon, Oct 21, 12:38 PM
Unknown Object (File)
Fri, Oct 18, 5:45 PM
Unknown Object (File)
Fri, Oct 18, 5:45 PM
Unknown Object (File)
Fri, Oct 18, 5:45 PM
Unknown Object (File)
Fri, Oct 18, 5:45 PM
Unknown Object (File)
Fri, Oct 18, 9:56 AM
Unknown Object (File)
Fri, Oct 18, 9:00 AM
Subscribers
None

Details

Summary

identityKeysBlobValidator ensures that the structure of the JSON.parse()d signedIdentityKeysBlob.payload is correct and throws a ServerError if it isn't.

Test Plan

Made sure login/register/siwe_auth works on native. Made sure login/siwe_auth works on web.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

atul published this revision for review.Mar 3 2023, 10:40 AM
ashoat added inline comments.
lib/utils/crypto-utils.js
3 ↗(On Diff #23409)

Any reason this is in lib instead of keyserver? I don't think it will be included in JS bundles, so no serious concern... but I can't imagine this function being called outside of keyserver (let me know if I'm missing something)

This revision is now accepted and ready to land.Mar 3 2023, 12:07 PM
lib/utils/crypto-utils.js
3 ↗(On Diff #23409)

That's fair, we do only use these validators on the keyserver. I guess my reasoning was

A. We already have a crypto-utils.js in lib so one less crypto-utils.js file.
B. The corresponding flow types live in lib/types/crypto-types.js so the lib/utils/crypto-utils.js symmetry was nice

but neither reason is great. I'll create a separate crypto-utils in keyserver.

(Also considered putting these in validation-utils, but I thought it'd be better to keep that "general purpose" with general utilities like tRegex and tNumEnum instead of cluttering it up with like "business logic specific" validators.)

rebase after addressing merge conflict

This revision was landed with ongoing or failed builds.Mar 3 2023, 2:51 PM
This revision was automatically updated to reflect the committed changes.