From 8f42988896a210393a0c5070f6c8b47113c1837f Mon Sep 17 00:00:00 2001 From: "sudesh.shetty" Date: Thu, 24 Jun 2021 16:49:54 -0400 Subject: [PATCH] feat: vcwallet command controller - expire token option - Part of #2433 Signed-off-by: sudesh.shetty --- pkg/controller/command/vcwallet/command.go | 18 +++++++++++++++++- .../command/vcwallet/command_test.go | 2 ++ pkg/controller/command/vcwallet/models.go | 4 ++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/pkg/controller/command/vcwallet/command.go b/pkg/controller/command/vcwallet/command.go index 1a0eeb5124..8782a95979 100644 --- a/pkg/controller/command/vcwallet/command.go +++ b/pkg/controller/command/vcwallet/command.go @@ -12,6 +12,7 @@ import ( "fmt" "io" "net/http" + "time" "github.com/piprate/json-gold/ld" @@ -109,6 +110,8 @@ const ( logUserIDKey = "userID" emptyRawLength = 4 + + defaultTokenExpiry = 5 * time.Minute ) // AuthCapabilityProvider is for providing Authorization Capabilities (ZCAP-LD) feature for @@ -138,6 +141,9 @@ type Config struct { EDVBatchEndpointExtensionEnabled bool // Aries Web KMS cache size configuration. WebKMSCacheSize int + // Default token expiry for all wallet profiles created. + // Will be used only if wallet unlock request doesn't supply default timeout value. + DefaultTokenExpiry time.Duration } // provider contains dependencies for the verifiable credential wallet command controller @@ -163,6 +169,10 @@ func New(p provider, config *Config) *Command { cmd.config = config } + if cmd.config.DefaultTokenExpiry == 0 { + cmd.config.DefaultTokenExpiry = defaultTokenExpiry + } + return cmd } @@ -772,7 +782,13 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl edvOpts = append(edvOpts, edv.WithFullDocumentsReturnedFromQueries()) } - options = append(options, wallet.WithUnlockWebKMSOptions(webkmsOpts...), wallet.WithUnlockEDVOptions(edvOpts...)) + tokenExpiry := conf.DefaultTokenExpiry + if rqst.Expiry > 0 { + tokenExpiry = rqst.Expiry + } + + options = append(options, wallet.WithUnlockWebKMSOptions(webkmsOpts...), wallet.WithUnlockEDVOptions(edvOpts...), + wallet.WithUnlockExpiry(tokenExpiry)) return options, nil } diff --git a/pkg/controller/command/vcwallet/command_test.go b/pkg/controller/command/vcwallet/command_test.go index 5d9d1117dd..9edc4f764d 100644 --- a/pkg/controller/command/vcwallet/command_test.go +++ b/pkg/controller/command/vcwallet/command_test.go @@ -15,6 +15,7 @@ import ( "net/http" "strings" "testing" + "time" "github.com/google/uuid" "github.com/stretchr/testify/require" @@ -655,6 +656,7 @@ func TestCommand_OpenAndClose(t *testing.T) { request := &UnlockWalletRequest{ UserID: sampleUser2, WebKMSAuth: &UnlockAuth{Capability: sampleFakeCapability}, + Expiry: 10 * time.Second, } // unlock wallet diff --git a/pkg/controller/command/vcwallet/models.go b/pkg/controller/command/vcwallet/models.go index 7706ecb331..ea68cb049c 100644 --- a/pkg/controller/command/vcwallet/models.go +++ b/pkg/controller/command/vcwallet/models.go @@ -8,6 +8,7 @@ package vcwallet import ( "encoding/json" + "time" "github.com/hyperledger/aries-framework-go/pkg/doc/verifiable" "github.com/hyperledger/aries-framework-go/pkg/kms" @@ -66,6 +67,9 @@ type UnlockWalletRequest struct { // Options for authorizing access to wallet's EDV content store. // Optional, to be used only if profile for this wallet user is setup to use EDV as content store. EDVUnlock *UnlockAuth `json:"edvUnlocks"` + + // Time duration in milliseconds after which wallet will expire its unlock status. + Expiry time.Duration `json:"expiry,omitempty"` } // UnlockAuth contains different options for authorizing access to wallet's EDV content store & webkms.