search

starlinglab / integrity-v2

Monorepo for the next iteration of Starling Lab's integrity pipeline.
MIT License
1 stars 3 forks source link

Webhook private attributes #28

Closed makew0rld closed 5 months ago

makew0rld commented 5 months ago

@williamchong

The webhook should be able to receive some metadata like this:

{
    "description": "Blah blah",
    "caption": "Photo of foo",
    "private": {
        "address": "123 Example St",
        "secret_author": {"name": "John Smith", "email": "john@example.com"}
    }
}

And then turn it into this for AuthAttr API (cbor-encoded):

[
  {key: "description", value: "Blah blah"},
  {key: "caption", value: "Photo of foo"},
  {key: "address", value: "123 Example St", encKey: "<32 byte key>"},
  {key: "secret_author", value: {"name": "John Smith", "email": "john@example.com"}, encKey: "<32 byte key>"}
]

Note how all the fields under private were turned into normal attributes, just with an encryption key. This is my understanding of how the API should look like. This way anyone can easily send data to the webhook and have it encrypted or not.

The webhook should ideally throw an error if the same attribute is present both inside private and outside it.

makew0rld commented 5 months ago

Also note this means there should never a be a field/attribute actually named private that ends up in AA.

makew0rld commented 5 months ago

@williamchong if you can confirm the code works like this everywhere I will close this issue.