search

aesirxio / web3-id-preregistration-backend

Backend for the pre-registration and share2earn of web3 id
GNU General Public License v3.0
0 stars 3 forks source link

Step 2.b: Validate and update Concordium account #5

Open jatitoam opened 1 year ago

jatitoam commented 1 year ago

Add a new endpoint /prerregistration/id/:id/account/:account/?signature=<signature> (PUT) similar to the demo, to validate if it's the actual owner of the account who signed the request (watch https://github.com/aesirxio/web3-id-preregistration-backend/issues/3) and to link it to a web3 id in the preregistration collection.

If any validation fails, it needs to send a 4xx http code with a json:

{
   "error": "<specific message>"
}

Possible validations:

Important: After signature verification (using concordium-sdk) the nonce needs to be cleared in the account document. This needs to happen regardless of validation pass or fail.

If all validations pass, then it needs to modify the preregistration document (finding by id) to add the a new field account which needs to be the one sent. It will return a json (with 201 http code)

{
   "result": "true"
}
CongThuong commented 1 year ago

Please how can I check "Id already linked to another account in the preregistration collection: 406" while in task:#2 we don't know and save account in its table? @jatitoam

jatitoam commented 1 year ago

the validation of the account is against the account collection as it was stored in #3

jatitoam commented 1 year ago

wait, two things:

404 if the account does not exist in the accounts collection 406 if the account is already linked to another pre registration document, because this 2.b action was already performed for the same account linking it to a different id, in other words: pre registration cannot repeat ids not accounts

CongThuong commented 1 year ago

How about the nonce needs to be cleared in the account document? So we define this field NOT required? right? @jatitoam

jatitoam commented 1 year ago

correct it has to be cleared for security purposes so it can only be used once (nonce)

jatitoam commented 1 year ago

also remember that in MongoDB there are no required fields in reality, it's just a convention

thaoredweb commented 1 year ago

@CongThuong please help me to get the signature e cc @jatitoam

thaoredweb commented 1 year ago

@jatitoam I skip this task at local. I can not get the signature at local that is a param in {{domain}}/preregistration/id/:id/account/:account/?signature={{signature}}