feat: vcwallet command controller - expire token option

- Part of hyperledger-archives#2433

Signed-off-by: sudesh.shetty <sudesh.shetty@securekey.com>

pkg/controller/command/vcwallet/command.go

@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"time"
 
 	"github.com/piprate/json-gold/ld"
 
@@ -109,6 +110,8 @@ const (
 	logUserIDKey = "userID"
 
 	emptyRawLength = 4
+
+	defaultTokenExpiry = 5 * time.Minute
 )
 
 // AuthCapabilityProvider is for providing Authorization Capabilities (ZCAP-LD) feature for
@@ -138,6 +141,9 @@ type Config struct {
 	EDVBatchEndpointExtensionEnabled bool
 	// Aries Web KMS cache size configuration.
 	WebKMSCacheSize int
+	// Default token expiry for all wallet profiles created.
+	// Will be used only if wallet unlock request doesn't supply default timeout value.
+	DefaultTokenExpiry time.Duration
 }
 
 // provider contains dependencies for the verifiable credential wallet command controller
@@ -163,6 +169,10 @@ func New(p provider, config *Config) *Command {
 		cmd.config = config
 	}
 
+	if cmd.config.DefaultTokenExpiry == 0 {
+		cmd.config.DefaultTokenExpiry = defaultTokenExpiry
+	}
+
 	return cmd
 }
 
@@ -772,7 +782,13 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl
 		edvOpts = append(edvOpts, edv.WithFullDocumentsReturnedFromQueries())
 	}
 
-	options = append(options, wallet.WithUnlockWebKMSOptions(webkmsOpts...), wallet.WithUnlockEDVOptions(edvOpts...))
+	tokenExpiry := conf.DefaultTokenExpiry
+	if rqst.Expiry > 0 {
+		tokenExpiry = rqst.Expiry
+	}
+
+	options = append(options, wallet.WithUnlockWebKMSOptions(webkmsOpts...), wallet.WithUnlockEDVOptions(edvOpts...),
+		wallet.WithUnlockExpiry(tokenExpiry))
 
 	return options, nil
 }

pkg/controller/command/vcwallet/command_test.go

@@ -15,6 +15,7 @@ import (
 	"net/http"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/require"
@@ -655,6 +656,7 @@ func TestCommand_OpenAndClose(t *testing.T) {
 		request := &UnlockWalletRequest{
 			UserID:     sampleUser2,
 			WebKMSAuth: &UnlockAuth{Capability: sampleFakeCapability},
+			Expiry:     10 * time.Second,
 		}
 
 		// unlock wallet

pkg/controller/command/vcwallet/models.go

@@ -8,6 +8,7 @@ package vcwallet
 
 import (
 	"encoding/json"
+	"time"
 
 	"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
 	"github.com/hyperledger/aries-framework-go/pkg/kms"
@@ -66,6 +67,9 @@ type UnlockWalletRequest struct {
 	// Options for authorizing access to wallet's EDV content store.
 	// Optional, to be used only if profile for this wallet user is setup to use EDV as content store.
 	EDVUnlock *UnlockAuth `json:"edvUnlocks"`
+
+	// Time duration in milliseconds after which wallet will expire its unlock status.
+	Expiry time.Duration `json:"expiry,omitempty"`
 }
 
 // UnlockAuth contains different options for authorizing access to wallet's EDV content store & webkms.