Skip to content

Commit

Permalink
add: insert nullifier to db in proof-verification and return nullifie…
Browse files Browse the repository at this point in the history 
…r in light-mode (#16)

* add: insert nullifier to db in proof-verification and return nullifier in light-mode

* add uniqueness to light verification callback

* add uniqueness check by nullifier for query proof

* add nullifier check in light

* change logic for uniqueness check in light verification
  • Loading branch information
@chabanyknikita
chabanyknikita authored Oct 24, 2024
1 parent 98b7784 commit 0c99cd8
Show file tree
Hide file tree
Showing 7 changed files with 78 additions and 13 deletions.
5 changes: 5 additions & 0 deletions docs/spec/components/schemas/UserParams.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,15 @@ allOf:
properties:
attributes:
required:
- nullifier
- age_lower_bound
- nationality
- sex
properties:
nullifier:
type: string
example: "2fe34ac35a35d0672dd9759aaee5e052d978e41b062c9da33aea9914c3a386a3"
description: "User nullifier"
age_lower_bound:
type: integer
example: 18
Expand Down
5 changes: 5 additions & 0 deletions internal/data/pg/verify_users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,3 +153,8 @@ func (q *VerifyUsersQ) FilterByInternalAID(aid string) data.VerifyUsersQ {
q.sel = q.sel.Where(sq.Eq{"anonymous_id": aid})
return q
}

func (q *VerifyUsersQ) FilterByNullifier(nullifier string) data.VerifyUsersQ {
q.sel = q.sel.Where(sq.Eq{"nullifier": nullifier})
return q
}
1 change: 1 addition & 0 deletions internal/data/verify_users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,5 @@ type VerifyUsersQ interface {
WhereHashID(userId string) VerifyUsersQ
WhereCreatedAtLt(createdAt time.Time) VerifyUsersQ
FilterByInternalAID(aid string) VerifyUsersQ
FilterByNullifier(nullifier string) VerifyUsersQ
}
28 changes: 28 additions & 0 deletions internal/service/handlers/verification_callback.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package handlers

import (
"encoding/hex"
"encoding/json"
"errors"
"github.com/ethereum/go-ethereum/log"
Expand All @@ -11,6 +12,7 @@ import (
zk "github.com/rarimo/zkverifier-kit"
"gitlab.com/distributed_lab/ape"
"gitlab.com/distributed_lab/ape/problems"
"math/big"
"net/http"
"strconv"
)
Expand Down Expand Up @@ -63,6 +65,16 @@ func VerificationCallback(w http.ResponseWriter, r *http.Request) {
return
}

nullifier, ok := new(big.Int).SetString(getter.Get(zk.Nullifier), 10)
if !ok {
Log(r).Error("failed to parse nullifier")
ape.RenderErr(w, problems.BadRequest(err)...)
return
}
var nullifierBytes [32]byte
nullifier.FillBytes(nullifierBytes[:])
nullifierHex := hex.EncodeToString(nullifierBytes[:])

userIDHash, err := helpers.ExtractEventData(getter)
if err != nil {
Log(r).WithError(err).Errorf("failed to extract user hash from event data")
Expand All @@ -88,6 +100,22 @@ func VerificationCallback(w http.ResponseWriter, r *http.Request) {
eventID = verifiedUser.EventId
}

if verifiedUser.Uniqueness {
byNullifier, dbErr := VerifyUsersQ(r).FilterByNullifier(nullifierHex).Get()
if dbErr != nil {
Log(r).Error("Failed to get user by nullifier")
ape.RenderErr(w, problems.BadRequest(dbErr)...)
return
}

if byNullifier != nil && byNullifier.UserIDHash != verifiedUser.UserIDHash {
Log(r).WithError(err).Errorf("User with this nullifier [%s] but a different userIDHash already exists", nullifierHex)
verifiedUser.Status = "failed_verification"
} else {
verifiedUser.Nullifier = nullifierHex
}
}

var verifyOpts = []zk.VerifyOption{
zk.WithProofSelectorValue(getter.Get(zk.Selector)),
zk.WithAgeAbove(verifiedUser.AgeLowerBound), // if not required -1
Expand Down
49 changes: 36 additions & 13 deletions internal/service/handlers/verification_callback_light.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,13 +97,6 @@ func VerificationSignatureCallback(w http.ResponseWriter, r *http.Request) {
anonymousID.FillBytes(anonymousIDBytes[:])
anonymousIDHex := hex.EncodeToString(anonymousIDBytes[:])

byAnonymousID, err := VerifyUsersQ(r).FilterByInternalAID(anonymousIDHex).Get()
if err != nil {
Log(r).Error("Failed to get user by anonymous_id")
ape.RenderErr(w, problems.BadRequest(err)...)
return
}

verifiedUser, err := VerifyUsersQ(r).WhereHashID(userIDHash).Get()
if err != nil {
Log(r).WithError(err).Errorf("failed to get user with userHashID [%s]", userIDHash)
Expand All @@ -124,13 +117,43 @@ func VerificationSignatureCallback(w http.ResponseWriter, r *http.Request) {
}

verifiedUser.Status = "verified"
if byAnonymousID != nil && byAnonymousID.UserIDHash != verifiedUser.UserIDHash {
Log(r).WithError(err).Errorf("User with anonymous_id [%s] but a different userIDHash already exists", anonymousIDHex)
verifiedUser.Status = "failed_verification"
} else {
verifiedUser.Nullifier = nullifierHex
verifiedUser.AnonymousID = anonymousIDHex

if verifiedUser.Uniqueness {
byAnonymousID, dbErr := VerifyUsersQ(r).FilterByInternalAID(anonymousIDHex).Get()
if dbErr != nil {
Log(r).Error("Failed to get user by anonymous_id")
ape.RenderErr(w, problems.BadRequest(dbErr)...)
return
}

byNullifier, dbErr := VerifyUsersQ(r).FilterByNullifier(nullifierHex).Get()
if dbErr != nil {
Log(r).Error("Failed to get user by nullifier")
ape.RenderErr(w, problems.BadRequest(dbErr)...)
return
}

if byAnonymousID != nil {
if byAnonymousID.UserIDHash != verifiedUser.UserIDHash {
Log(r).WithError(err).Errorf("User with anonymous_id [%s] but a different userIDHash already exists", anonymousIDHex)
verifiedUser.Status = "failed_verification"
return
}
} else {
verifiedUser.AnonymousID = anonymousIDHex
}

if byNullifier != nil {
if byNullifier.UserIDHash != verifiedUser.UserIDHash {
Log(r).WithError(err).Errorf("User with nullifier [%s] but a different userIDHash already exists", nullifierHex)
verifiedUser.Status = "failed_verification"
return
}
} else {
verifiedUser.Nullifier = nullifierHex
}
}

if eventData != userIDHash {
Log(r).WithError(err).Errorf("failed to verify user: EventData from pub-signals [%s] != userIdHash from db [%s]", eventData, userIDHash)
verifiedUser.Status = "failed_verification"
Expand Down
1 change: 1 addition & 0 deletions internal/service/responses/get_user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ func NewGetUsersByIdResponse(user data.VerifyUsers) resources.UserParamsRequest
Type: resources.USER,
},
Attributes: resources.UserParamsAttributes{
Nullifier: user.Nullifier,
AgeLowerBound: int32(user.AgeLowerBound),
Nationality: user.Nationality,
Sex: user.Sex,
Expand Down
2 changes: 2 additions & 0 deletions resources/model_user_params_attributes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ type UserParamsAttributes struct {
AgeLowerBound int32 `json:"age_lower_bound"`
// User nationality
Nationality string `json:"nationality"`
// User nullifier
Nullifier string `json:"nullifier"`
// User sex
Sex string `json:"sex"`
}

0 comments on commit 0c99cd8

Please sign in to comment.