Closed pavelbrm closed 1 month ago
[puLL-Merge] - brave-intl/challenge-bypass-server@711
This PR introduces a number of changes related to token issuance and redemption with V3 issuers. The main changes include:
VerifyTokenRedemption
function in btd/issuer.go
to iterate through signing keys and properly handle metrics. kafka/signed_token_redeem_handler.go
to check if an issuer has expired using a new HasExpired
method.Issuer
and IssuerKeys
types in model/issuer.go
and model/issuer_keys.go
to support finding active signing keys for a V3 issuer at a given time.blindedTokenRedeemHandlerV3
method in server/tokens.go
to use the new Issuer
methods to validate the issuer and find the appropriate signing keys.Issuer
and IssuerKeys
methods.The motivation seems to be to improve the token issuance and redemption flow for V3 issuers, by making the code clearer and adding more robust validation around issuer expiration and signing key selection.
This PR adds a 1 hour leeway to the check for issuer v3 signing key, as occasionally clients might fail if requests come through around the time of key rotation.
It also fixes a bug in the v3 redemption handler where issuer expiry check would never work – it mistakenly required the expiry time be both zero and after now at the same time, which was clearly a mistake (as anywhere else that check requires the time to not be zero).
Additionally, the PR offers small refactors to improve readability and maintainability, as well as some test coverage.
For more details, please see the linked issue.