For the Connext integration we need to be able to get all appointments with a given public key. We should add GET/appointment/customer/{customer address} to the API and it should return a list of appointments.
For now let's just return appointments currently in the watcher database. Appointments there are keyed by ${this.customerChosenId}|${this.customerAddress}|${this.nonce}, we should reorder this to ${this.customerAddress}|${this.customerChosenId}|${this.nonce} then we can get all keys prefixed with the customer address using greater than/less than queries.
Endpoint security:
Option 1: No security, give all out to those that ask
Option 2: Require a sig from the priv key of the requested address on some message. This means that clients can only view appointments which contain an address to which they know the private key.
Option 3: The signed message should be a current block number, and we only accept it if the provided number is within 5 blocks of the current one. This stops requests from be replayed later if they are intercepted - although we should start using https soon as well.
bigspider
commented
5 years ago
For the Connext integration we need to be able to get all appointments with a given public key. We should add GET/appointment/customer/{customer address} to the API and it should return a list of appointments.
For now let's just return appointments currently in the watcher database. Appointments there are keyed by
${this.customerChosenId}|${this.customerAddress}|${this.nonce}, we should reorder this to${this.customerAddress}|${this.customerChosenId}|${this.nonce}then we can get all keys prefixed with the customer address using greater than/less than queries.Endpoint security: Option 1: No security, give all out to those that ask Option 2: Require a sig from the priv key of the requested address on some message. This means that clients can only view appointments which contain an address to which they know the private key. Option 3: The signed message should be a current block number, and we only accept it if the provided number is within 5 blocks of the current one. This stops requests from be replayed later if they are intercepted - although we should start using https soon as well.